diff --git a/bin/tests/system/rpzrecurse/ns1/example.com.db b/bin/tests/system/rpzrecurse/ns1/example.com.db new file mode 100644 index 0000000000..5bbe973e37 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns1/example.com.db @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +@ IN SOA ns.example.com. root.example.com. 1 3600 3600 3600 3600 +@ NS ns.example.com. + +ns.example.com. A 10.53.0.1 +@ A 1.2.3.4 +www A 1.2.3.5 diff --git a/bin/tests/system/rpzrecurse/ns1/named.conf.in b/bin/tests/system/rpzrecurse/ns1/named.conf.in index e5c87052d5..65406a12ae 100644 --- a/bin/tests/system/rpzrecurse/ns1/named.conf.in +++ b/bin/tests/system/rpzrecurse/ns1/named.conf.in @@ -58,11 +58,16 @@ zone "l2.l1.l0" { }; zone "test1.example.net" { - type master; - file "test1.example.net.db"; + type master; + file "test1.example.net.db"; }; zone "test2.example.net" { - type master; - file "test2.example.net.db"; + type master; + file "test2.example.net.db"; +}; + +zone "example.com" { + type master; + file "example.com.db"; }; diff --git a/bin/tests/system/rpzrecurse/ns2/db.given b/bin/tests/system/rpzrecurse/ns2/db.given new file mode 100644 index 0000000000..d9f3a739df --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.given @@ -0,0 +1,10 @@ +$ORIGIN given.zone. +$TTL 3600 +@ IN SOA ns.given.zone. hostmaster.given.zone. 1 600 300 604800 3600 + IN NS ns.given.zone. + +ns.given.zone. IN A 127.0.0.1 +; this should be ignored as it matches an earlier passthru entry. +example.com CNAME . +; this should be ignored as it matches an earlier wildcard passthru entry. +www.example.com CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.passthru b/bin/tests/system/rpzrecurse/ns2/db.passthru new file mode 100644 index 0000000000..0456ef955d --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.passthru @@ -0,0 +1,9 @@ +$ORIGIN passthru.zone. +$TTL 3600 +@ IN SOA ns.passthru.zone. hostmaster.passthru.zone. 1 600 300 604800 3600 + IN NS ns.passthru.zone. + +ns.passthru.zone. IN A 127.0.0.1 + +example.com CNAME rpz-passthru. +*.example.com CNAME rpz-passthru. diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf new file mode 100644 index 0000000000..266d074d70 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf @@ -0,0 +1,35 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + # policy configuration to be tested + response-policy { + zone "passthru.zone" policy passthru; + zone "given.zone" policy given; + } qname-wait-recurse yes + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "passthru.zone" { type master; file "db.passthru"; }; + zone "given.zone" { type master; file "db.given"; }; + + zone "." { + type hint; + file "root.hint"; + }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/tests.sh b/bin/tests/system/rpzrecurse/tests.sh index 45e0c675fb..43b2b4a50a 100644 --- a/bin/tests/system/rpzrecurse/tests.sh +++ b/bin/tests/system/rpzrecurse/tests.sh @@ -473,6 +473,21 @@ for mode in native dnsrps; do status=1 } + t=`expr $t + 1` + echo_i "testing wildcard passthru before explicit drop (${t})" + add_test_marker 10.53.0.2 + run_server wildcard4 + $DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.1 + grep "status: NOERROR" dig.out.${t}.1 > /dev/null || { + echo_i "test ${t} failed" + status=1 + } + $DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.2 + grep "status: NOERROR" dig.out.${t}.2 > /dev/null || { + echo_i "test ${t} failed" + status=1 + } + if [ "$mode" = "native" ]; then # Check for invalid prefix length error t=`expr $t + 1`