mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

check 'update-policy 6to4-self' over IPv4

Browse Source
This commit is contained in:
Mark Andrews 2024-06-05 15:22:17 +10:00
parent bca63437a1
commit b28e5ff721
5 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/nsupdate/clean.sh
View File

@ -54,6 +54,7 @@ rm -f ns3/many.test.bk
rm -f ns3/nsec3param.test.db rm -f ns3/nsec3param.test.db
rm -f ns3/too-big.test.db rm -f ns3/too-big.test.db
rm -f ns5/local.db rm -f ns5/local.db
rm -f ns6/2.0.0.2.ip6.addr.db
rm -f ns6/in-addr.db rm -f ns6/in-addr.db
rm -f ns7/_default.tsigkeys rm -f ns7/_default.tsigkeys
rm -f ns7/example.com.db rm -f ns7/example.com.db

21
bin/tests/system/nsupdate/ns6/2.0.0.2.ip6.addr.db.in Normal file
View File

@ -0,0 +1,21 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA ns5.local.nil. hostmaster.local.nil. (
1 ; serial
2000 ; refresh (2000 seconds)
2000 ; retry (2000 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns6
ns6 A 10.53.0.6

6
bin/tests/system/nsupdate/ns6/named.conf.in
View File

@ -39,3 +39,9 @@ zone "in-addr.arpa" {
file "in-addr.db"; file "in-addr.db";
update-policy { grant * tcp-self . PTR(1) ANY(2) A; }; update-policy { grant * tcp-self . PTR(1) ANY(2) A; };
}; };
zone "2.0.0.2.ip6.arpa" {
type primary;
file "2.0.0.2.ip6.addr.db";
update-policy { grant * 6to4-self . NS(10) DS(4); };
};

1
bin/tests/system/nsupdate/setup.sh
View File

@ -115,6 +115,7 @@ cp ns2/sample.db.in ns2/sample.db
cp -f ns1/maxjournal.db.in ns1/maxjournal.db cp -f ns1/maxjournal.db.in ns1/maxjournal.db
cp -f ns5/local.db.in ns5/local.db cp -f ns5/local.db.in ns5/local.db
cp -f ns6/2.0.0.2.ip6.addr.db.in ns6/2.0.0.2.ip6.addr.db
cp -f ns6/in-addr.db.in ns6/in-addr.db cp -f ns6/in-addr.db.in ns6/in-addr.db
cp -f ns7/in-addr.db.in ns7/in-addr.db cp -f ns7/in-addr.db.in ns7/in-addr.db
cp -f ns7/example.com.db.in ns7/example.com.db cp -f ns7/example.com.db.in ns7/example.com.db

42
bin/tests/system/nsupdate/tests.sh
View File

@ -759,6 +759,48 @@ if test $ret -ne 0; then
status=1 status=1
fi fi
n=$((n + 1))
ret=0
echo_i "check that 'update-policy 6to4-self' refuses update of records via UDP over IPv4 ($n)"
REVERSE_NAME=6.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
$NSUPDATE >nsupdate.out.$n 2>&1 <<END && ret=1
server 10.53.0.6 ${PORT}
local 10.53.0.6
zone 2.0.0.2.ip6.arpa
update add ${REVERSE_NAME} 600 NS localhost.
send
END
grep REFUSED nsupdate.out.$n >/dev/null 2>&1 || ret=1
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
$REVERSE_NAME NS >dig.out.ns6.$n
grep localhost. dig.out.ns6.$n >/dev/null 2>&1 && ret=1
if test $ret -ne 0; then
echo_i "failed"
status=1
fi
n=$((n + 1))
echo_i "check that 'update-policy 6to4-self' permits update of records for the client's own address via TCP over IPv4 ($n)"
ret=0
REVERSE_NAME=6.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
$NSUPDATE -v >nsupdate.out.$n 2>&1 <<END || ret=1
server 10.53.0.6 ${PORT}
local 10.53.0.6
zone 2.0.0.2.ip6.arpa
update add ${REVERSE_NAME} 600 NS localhost.
send
END
grep REFUSED nsupdate.out.$n >/dev/null 2>&1 && ret=1
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
$REVERSE_NAME NS >dig.out.ns6.$n || ret=1
grep localhost. dig.out.ns6.$n >/dev/null 2>&1 || ret=1
if test $ret -ne 0; then
echo_i "failed"
status=1
fi
n=$((n + 1)) n=$((n + 1))
ret=0 ret=0
echo_i "check that 'update-policy subdomain' is properly enforced ($n)" echo_i "check that 'update-policy subdomain' is properly enforced ($n)"