check 'update-policy 6to4-self' over IPv6

(cherry picked from commit 3b0de4773bb0d485fbc079152e08a261718005d6)

diff --git a/bin/tests/system/ifconfig.sh.in b/bin/tests/system/ifconfig.sh.in
index 9b9acd5faaa13768c9a569a62bd9709692e78e1b..60dbf8b9e6c99ced4bacdf4c69604fabfe2718ea 100755 (executable)
--- a/bin/tests/system/ifconfig.sh.in
+++ b/bin/tests/system/ifconfig.sh.in
@@ -20,6 +20,8 @@
 # IPv6: fd92:7065:b8e:ffff::{1..11}            ULA
 #       fd92:7065:b8e:99ff::{1..2}
 #       fd92:7065:b8e:ff::{1..2}
+#       fd92:7065:b8e:fffe::10.53.0.4
+#       2002:0a35:0007::1                       6to4 for 10.53.0.7
 #
 # We also set the MTU on the 1500 bytes to match the default MTU on physical
 # interfaces, so we can properly test the cases with packets bigger than
@@ -240,7 +242,7 @@ sequence() (
 max=11
 case $1 in
   start | up | stop | down)
-    for i in $(sequence 0 2); do
+    for i in $(sequence 0 4); do
       case $i in
         0) ipv6="ff" ;;
         1) ipv6="99" ;;
@@ -250,8 +252,23 @@ case $1 in
       for ns in $(sequence 1 $max); do
         [ $i -gt 0 -a $ns -gt 2 ] && break
         int=$((i * max + ns))
-        a=10.53.$i.$ns
-        aaaa=fd92:7065:b8e:${ipv6}ff::$ns
+        case $i in
+          0 | 1 | 2)
+            [ $i -gt 0 -a $ns -gt 3 ] && break
+            a=10.53.$i.$ns
+            aaaa=fd92:7065:b8e:${ipv6}ff::$ns
+            ;;
+          3)
+            [ $ns -ne 4 ] && continue
+            a=
+            aaaa=fd92:7065:b8e:fffe::10.53.0.$ns
+            ;;
+          4)
+            [ $ns -ne 1 ] && continue
+            a=
+            aaaa=2002:0a35:0007::$ns
+            ;;
+        esac
         case "$1" in
           start | up) up ;;
           stop | down) down ;;

diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in
index 6053924ef87240661e5bc3bd88687f510de1bd40..25ba1410f42313df3e7389dd2dd463c2ed0c4021 100644 (file)
--- a/bin/tests/system/nsupdate/ns10/named.conf.in
+++ b/bin/tests/system/nsupdate/ns10/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.10; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns5/named.conf.in b/bin/tests/system/nsupdate/ns5/named.conf.in
index e3c4d1b33d03b1cb3247d3f86d32f532ccce7a8a..223abd925e7fd7bb18755833d6effc40b3fc5d16 100644 (file)
--- a/bin/tests/system/nsupdate/ns5/named.conf.in
+++ b/bin/tests/system/nsupdate/ns5/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.5; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in
index 5ed16235462a19cd18a344a88c933d2a8cc45c00..e2950aa3b7ecc192911b37414303324196897b06 100644 (file)
--- a/bin/tests/system/nsupdate/ns6/named.conf.in
+++ b/bin/tests/system/nsupdate/ns6/named.conf.in
@@ -15,10 +15,14 @@ options {
        query-source address 10.53.0.6;
        notify-source 10.53.0.6;
        transfer-source 10.53.0.6;
+       query-source-v6 address fd92:7065:b8e:ffff::6;
+       notify-source-v6 fd92:7065:b8e:ffff::6;
+       transfer-source-v6 fd92:7065:b8e:ffff::6;
        port @PORT@;
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.6; };
+       listen-on-v6 { fd92:7065:b8e:ffff::6; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns7/named1.conf.in b/bin/tests/system/nsupdate/ns7/named1.conf.in
index 28d2aeafd5aece50d5c8fac755f2835b6238b131..0fcdcab7b2e39242d1a8b8aec6e159e31047e6ab 100644 (file)
--- a/bin/tests/system/nsupdate/ns7/named1.conf.in
+++ b/bin/tests/system/nsupdate/ns7/named1.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.7; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns7/named2.conf.in b/bin/tests/system/nsupdate/ns7/named2.conf.in
index e5886e9acdd22ceb57f91541b4e8095446ce9a78..8ef779b81c0d1760681cf92cbf4fa1efcd8e006e 100644 (file)
--- a/bin/tests/system/nsupdate/ns7/named2.conf.in
+++ b/bin/tests/system/nsupdate/ns7/named2.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.7; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns8/named.conf.in b/bin/tests/system/nsupdate/ns8/named.conf.in
index f69d3adacad9363c28d168749c88a67fc6dca574..3d9913fc1f7e9dd09ee4b655e3e95e0f3e2c8add 100644 (file)
--- a/bin/tests/system/nsupdate/ns8/named.conf.in
+++ b/bin/tests/system/nsupdate/ns8/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.8; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in
index 79a1cb96295837c363a642300b288a4268975163..a3d990cd2bb143077dced5ad532ccbd79b01f61f 100644 (file)
--- a/bin/tests/system/nsupdate/ns9/named.conf.in
+++ b/bin/tests/system/nsupdate/ns9/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.9; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 6ed09f6a79c43cc438c6c9d8cbff8a6cd7254604..916f45bc18f8a365dcdcdceec58d0dec914c1c9f 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -864,6 +864,48 @@ if test $ret -ne 0; then
   status=1
 fi
 
+n=$((n + 1))
+ret=0
+echo_i "check that 'update-policy 6to4-self' refuses update of records via UDP over IPv6 ($n)"
+REVERSE_NAME=7.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
+$NSUPDATE >nsupdate.out.$n 2>&1 <<END && ret=1
+server fd92:7065:b8e:ffff::6 ${PORT}
+local 2002:a35:7::1
+zone 2.0.0.2.ip6.arpa
+update add ${REVERSE_NAME} 600 NS localhost.
+send
+END
+grep REFUSED nsupdate.out.$n >/dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @fd92:7065:b8e:ffff::6 \
+  +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+  $REVERSE_NAME NS >dig.out.ns6.$n
+grep localhost. dig.out.ns6.$n >/dev/null 2>&1 && ret=1
+if test $ret -ne 0; then
+  echo_i "failed"
+  status=1
+fi
+
+n=$((n + 1))
+echo_i "check that 'update-policy 6to4-self' permits update of records for the client's own address via TCP over IPv6 ($n)"
+ret=0
+REVERSE_NAME=7.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
+$NSUPDATE -v >nsupdate.out.$n 2>&1 <<END || ret=1
+server fd92:7065:b8e:ffff::6 ${PORT}
+local 2002:a35:7::1
+zone 2.0.0.2.ip6.arpa
+update add ${REVERSE_NAME} 600 NS localhost.
+send
+END
+grep REFUSED nsupdate.out.$n >/dev/null 2>&1 && ret=1
+$DIG $DIGOPTS @fd92:7065:b8e:ffff::6 \
+  +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+  $REVERSE_NAME NS >dig.out.ns6.$n || ret=1
+grep localhost. dig.out.ns6.$n >/dev/null 2>&1 || ret=1
+if test $ret -ne 0; then
+  echo_i "failed"
+  status=1
+fi
+
 n=$((n + 1))
 ret=0
 echo_i "check that 'update-policy subdomain' is properly enforced ($n)"

diff --git a/bin/tests/system/org.isc.bind.system b/bin/tests/system/org.isc.bind.system
index 6c5a8cd4fe02078bcdad73f76f62e7ea2b21336f..48a5756eaabf9b675c0bd3db6bd605534de9bd79 100644 (file)
--- a/bin/tests/system/org.isc.bind.system
+++ b/bin/tests/system/org.isc.bind.system
@@ -27,3 +27,5 @@ do
        ifup 1 99 $ns
        ifup 2 00 $ns
 done
+/sbin/ifconfig lo0 inet6 fd92:7065:b8e:fffe::10.53.0.4 alias
+/sbin/ifconfig lo0 inet6 2002:a35:7::1 alias