From a99adb9efa16f4e03a35dee724ae5128dfa2a218 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 18 Oct 2023 18:13:52 +1100 Subject: [PATCH] Test NOTIMP being returned to an IXFR request in xfrin The server is expected to retry the transfer using SOA and if the returned serial is greater than the current serial AXFR. Check the log that IXFR is request. --- .reuse/dep5 | 1 + bin/tests/system/ans.pl | 15 ++++++++++++++- bin/tests/system/xfer/ans5/ixfrnotimp | 11 +++++++++++ bin/tests/system/xfer/tests.sh | 19 +++++++++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 bin/tests/system/xfer/ans5/ixfrnotimp diff --git a/.reuse/dep5 b/.reuse/dep5 index 38b1937635..4cf9906f81 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -82,6 +82,7 @@ Files: **/*.after* bin/tests/system/xfer/ans5/badkeydata bin/tests/system/xfer/ans5/badmessageid bin/tests/system/xfer/ans5/goodaxfr + bin/tests/system/xfer/ans5/ixfrnotimp bin/tests/system/xfer/ans5/partial bin/tests/system/xfer/ans5/soamismatch bin/tests/system/xfer/ans5/unknownkey diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index bbae89ef57..946d2ae01f 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -65,6 +65,11 @@ # pattern, only this data will be signed. Currently, this is only # done for TCP. # +# /pattern NOTIMP / +# /pattern NOTIMP/ +# +# Return a NOTIMP response +# # /pattern bad-id / # /pattern bad-id/ # @@ -376,13 +381,20 @@ sub handleTCP { if ("$qname $qtype" =~ /$dbtype/) { $count_these++; my $a; + my $done = 0; foreach $a (@{$r->{answer}}) { $packet->push("answer", $a); } + if (defined($key_name) && $key_name eq "NOTIMP") { + $packet->header->rcode('NOTIMP'); + $key_name = $key_data; + ($key_data, $tname) = split(/ /,$tname); + $done = 1; + } if (defined($key_name) && $key_name eq "bad-id") { $packet->header->id(($id+50)%0xffff); $key_name = $key_data; - ($key_data, $tname) = split(/ /,$tname) + ($key_data, $tname) = split(/ /,$tname); } if (defined($key_name) && defined($key_data)) { my $tsig; @@ -453,6 +465,7 @@ sub handleTCP { } #$packet->print; push(@results,$packet->data); + last if ($done); if ($tname eq "") { $tname = $qname; } diff --git a/bin/tests/system/xfer/ans5/ixfrnotimp b/bin/tests/system/xfer/ans5/ixfrnotimp new file mode 100644 index 0000000000..a947a6346f --- /dev/null +++ b/bin/tests/system/xfer/ans5/ixfrnotimp @@ -0,0 +1,11 @@ +/SOA tsig_key LSAnCU+Z/ +nil. 300 SOA ns.nil. root.nil. 2 300 300 604800 300 +/IXFR NOTIMP tsig_key LSAnCU+Z/ +/AXFR tsig_key LSAnCU+Z/ +nil. 300 SOA ns.nil. root.nil. 2 300 300 604800 300 +/AXFR tsig_key LSAnCU+Z/ +nil. 300 NS ns.nil. +nil. 300 TXT "IXFR NOTIMP" +a.nil. 60 A 10.0.0.61 +/AXFR tsig_key LSAnCU+Z/ +nil. 300 SOA ns.nil. root.nil. 2 300 300 604800 300 diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index 5acc1c5d23..f6984fd423 100755 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -307,6 +307,25 @@ $DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { status=$((status+1)) } +n=$((n+1)) +echo_i "handle IXFR NOTIMP ($n)" + +sendcmd < ans5/ixfrnotimp + +$RNDCCMD 10.53.0.4 refresh nil | sed 's/^/ns4 /' | cat_i + +sleep 2 + +nextpart ns4/named.run | grep "zone nil/IN: requesting IXFR from 10.53.0.5" > /dev/null || { + echo_i "failed: expected status was not logged" + status=$((status+1)) +} + +$DIGCMD nil. TXT | grep 'IXFR NOTIMP' >/dev/null || { + echo_i "failed" + status=$((status+1)) +} + n=$((n+1)) echo_i "unsigned transfer ($n)"