From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 17 Nov 2023 15:00:23 +0000 (+0100)
Subject: Add a DNSSEC policy test case for a special zone
X-Git-Tag: v9.19.19~26^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6a4f3ec242be67124bdc81785c8c78bf79c5066d;p=thirdparty%2Fbind9.git

Add a DNSSEC policy test case for a special zone

Try to create a key for a zone, and then sign it, that has some special
characters in the name.
---

diff --git a/bin/tests/system/kasp/ns3/named-fips.conf.in b/bin/tests/system/kasp/ns3/named-fips.conf.in
index cef81f94d5a..d67aa5f38a5 100644
--- a/bin/tests/system/kasp/ns3/named-fips.conf.in
+++ b/bin/tests/system/kasp/ns3/named-fips.conf.in
@@ -48,6 +48,14 @@ zone "default.kasp" {
 	dnssec-policy "default";
 };
 
+/* A zone with special characters. */
+zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." {
+        type primary;
+        file "i-am.special.kasp.db";
+        check-names ignore;
+        dnssec-policy "default";
+};
+
 /* checkds: Zone with one KSK. */
 zone "checkds-ksk.kasp" {
 	type primary;
diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh
index 63aeb36fa58..55fcd1b5e10 100644
--- a/bin/tests/system/kasp/ns3/setup.sh
+++ b/bin/tests/system/kasp/ns3/setup.sh
@@ -51,6 +51,13 @@ for zn in default dnssec-keygen some-keys legacy-keys pregenerated \
   cp template.db.in "$zonefile"
 done
 
+#
+# Setup special zone
+#
+zone="i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+echo_i "setting up zone: $zone"
+cp template.db.in "i-am.special.kasp.db"
+
 #
 # Set up RSASHA1 based zones
 #
diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index 6ac891c0d22..645d77b8dd9 100644
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -393,6 +393,16 @@ check_apex
 check_subdomain
 dnssec_verify
 
+#
+# A zone with special characters.
+#
+set_zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
+set_policy "default" "1" "3600"
+set_server "ns3" "10.53.0.3"
+# It is non-trivial to adapt the tests to deal with all possible different
+# escaping characters, so we will just try to verify the zone.
+dnssec_verify
+
 #
 # Zone: dynamic.kasp
 #