]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b621f1d)
Test that a long CNAME chain causes SERVFAIL
authorAram Sargsyan <aram@isc.org>
Thu, 6 Jun 2024 12:10:19 +0000 (12:10 +0000)
committerAram Sargsyan <aram@isc.org>
Wed, 31 Jul 2024 10:54:10 +0000 (10:54 +0000)
Also check that the expected partial answer in returned too.

bin/tests/system/resolver/ans3/ans.pl patch | blob | blame | history
bin/tests/system/resolver/tests.sh patch | blob | blame | history

diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl
index 98f4ec04b5fc57c4c1ae8c70f4f7498120c4403e..85d46cd4eb21e9ce3a5ee6e249c1daefe61970fb 100644 (file)
--- a/bin/tests/system/resolver/ans3/ans.pl
+++ b/bin/tests/system/resolver/ans3/ans.pl
@@ -102,6 +102,9 @@ sub handleQuery {
                $packet->push("answer",
                              new Net::DNS::RR($qname .
                                       " 300 CNAME goodcname.example.org"));
+       } elsif ($qname =~ /^longcname/) {
+               $cname = $qname =~ s/longcname/longcnamex/r;
+               $packet->push("answer", new Net::DNS::RR($qname . " 300 CNAME " . $cname));
        } elsif ($qname =~ /^nodata\.example\.net$/i) {
                $packet->header->aa(1);
        } elsif ($qname =~ /^nxdomain\.example\.net$/i) {
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 69a0850e8ddb02a3762730870bb87581e47a9821..fff57498c7b51b62328b7ab9f13257d5b42fa0a0 100755 (executable)
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -120,6 +120,17 @@ grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "checking long CNAME chain target filtering (deny) ($n)"
+ret=0
+dig_with_opts +tcp longcname1.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep -F "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
+grep -F "max. restarts reached" dig.out.ns1.test${n} >/dev/null || ret=1
+lines=$(grep -F "CNAME" dig.out.ns1.test${n} | wc -l)
+test ${lines:-1} -eq 17 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking DNAME target filtering (deny) ($n)"
 ret=0
Mirror of https://gitlab.isc.org/isc-projects/bind9.git