Add test for RPZ wildcard passthru ignored fix

bin/tests/system/rpzrecurse/ns1/example.com.db

@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+@ IN SOA ns.example.com. root.example.com. 1 3600 3600 3600 3600
+@    NS	 ns.example.com.
+
+ns.example.com.     A   10.53.0.1
+@                   A   1.2.3.4
+www                 A   1.2.3.5

bin/tests/system/rpzrecurse/ns1/named.conf.in

@@ -58,11 +58,16 @@ zone "l2.l1.l0" {
 };
 
 zone "test1.example.net" {
-     type master;
+	type master;
-     file "test1.example.net.db";
+	file "test1.example.net.db";
 };
 
 zone "test2.example.net" {
-     type master;
+	type master;
-     file "test2.example.net.db";
+	file "test2.example.net.db";
+};
+
+zone "example.com" {
+	type master;
+	file "example.com.db";
 };

bin/tests/system/rpzrecurse/ns2/db.given

@@ -0,0 +1,10 @@
+$ORIGIN given.zone.
+$TTL 3600
+@               IN SOA ns.given.zone.  hostmaster.given.zone. 1 600 300 604800 3600
+                IN NS  ns.given.zone.
+
+ns.given.zone. IN A 127.0.0.1
+; this should be ignored as it matches an earlier passthru entry.
+example.com CNAME .
+; this should be ignored as it matches an earlier wildcard passthru entry.
+www.example.com CNAME .

bin/tests/system/rpzrecurse/ns2/db.passthru

@@ -0,0 +1,9 @@
+$ORIGIN passthru.zone.
+$TTL 3600
+@               IN SOA ns.passthru.zone.  hostmaster.passthru.zone. 1 600 300 604800 3600
+                IN NS  ns.passthru.zone.
+
+ns.passthru.zone. IN A 127.0.0.1
+
+example.com         CNAME rpz-passthru.
+*.example.com       CNAME rpz-passthru.

bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf

@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+	# policy configuration to be tested
+	response-policy {
+		zone "passthru.zone" policy passthru;
+		zone "given.zone" policy given;
+	} qname-wait-recurse yes
+	nsdname-enable yes
+	nsip-enable yes;
+
+	# policy zones to be tested
+	zone "passthru.zone" { type master; file "db.passthru"; };
+	zone "given.zone" { type master; file "db.given"; };
+
+	zone "." {
+		type hint;
+		file "root.hint";
+	};
+
+	recursion yes;
+	dnssec-validation yes;
+};

bin/tests/system/rpzrecurse/tests.sh

@@ -473,6 +473,21 @@ for mode in native dnsrps; do
     status=1
   }
 
+  t=`expr $t + 1`
+  echo_i "testing wildcard passthru before explicit drop (${t})"
+  add_test_marker 10.53.0.2
+  run_server wildcard4
+  $DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.1
+  grep "status: NOERROR" dig.out.${t}.1 > /dev/null || {
+    echo_i "test ${t} failed"
+    status=1
+  }
+  $DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.2
+  grep "status: NOERROR" dig.out.${t}.2 > /dev/null || {
+    echo_i "test ${t} failed"
+    status=1
+  }
+
   if [ "$mode" = "native" ]; then
     # Check for invalid prefix length error
     t=`expr $t + 1`