my $TARGET = "target.example 9 IN A $localaddr";
my $SHORTCNAME = "shortttl.cname.example 1 IN CNAME longttl.target.example";
my $LONGTARGET = "longttl.target.example 600 IN A $localaddr";
+my $OUTCNAME = "out-cname.example 600 IN CNAME serve.stale";
sub reply_handler {
my ($qname, $qclass, $qtype) = @_;
}
$rcode = "NOERROR";
return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
+ } elsif ($qname eq "normal" ) {
+ if ($qtype eq "TXT") {
+ $send_response = 1;
+ $slow_response = 0;
+ my $rr = new Net::DNS::RR("$qname 0 $qclass TXT \"$send_response\"");
+ push @ans, $rr;
+ }
+ $rcode = "NOERROR";
+ return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
}
# If we are not responding to queries we are done.
push @auth, $rr;
}
$rcode = "NOERROR";
+ } elsif ($qname eq "out-cname.example") {
+ if ($qtype eq "A") {
+ my $rr = new Net::DNS::RR($OUTCNAME);
+ push @ans, $rr;
+ } else {
+ my $rr = new Net::DNS::RR($negSOA);
+ push @auth, $rr;
+ }
+ $rcode = "NOERROR";
} elsif ($qname eq "nxdomain.example") {
my $rr = new Net::DNS::RR($negSOA);
push @auth, $rr;
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ dnssec-validation no;
+ stale-answer-enable yes;
+ stale-cache-enable yes;
+ stale-answer-ttl 3;
+ stale-answer-client-timeout 0;
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "serve.stale" IN {
+ type primary;
+ notify no;
+ file "serve.stale.db";
+};
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
+# disable delaying auth answering
+n=$((n + 1))
+echo_i "disable delaying responses from authoritative server ($n)"
+ret=0
+$DIG -p ${PORT} @10.53.0.2 txt normal >dig.out.test$n || ret=1
+grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
+grep "TXT.\"1\"" dig.out.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+# configure ns3 with stale-answer-client-timeout 0 and a auth zone
+copy_setports ns3/named10.conf.in ns3/named.conf
+rndc_reload ns3 10.53.0.3
+
+# GL#5383
+n=$((n + 1))
+echo_i "check serve-stale (stale-answer-client-timeout 0) with a CNAME targeting a cached auth zone ($n)"
+ret=0
+# flush cache, make sure serve-stale is on
+$RNDCCMD 10.53.0.3 flush >rndc.out.test$n.1 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 serve-stale on >rndc.out.test$n.2 2>&1 || ret=1
+# prime the cache with the A response
+$DIG -p ${PORT} @10.53.0.3 out-cname.example >dig.out.1.test$n || ret=1
+grep -F "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
+grep -F "QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1" dig.out.1.test$n >/dev/null || ret=1
+# resend the query; we should immediately get a cached answer
+$DIG -p ${PORT} @10.53.0.3 out-cname.example >dig.out.2.test$n || ret=1
+grep -F "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1
+grep -F "QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1" dig.out.2.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
projects / thirdparty / bind9.git / commitdiff
