diff --git a/bin/tests/system/mirror/ns1/named.conf.in b/bin/tests/system/mirror/ns1/named.conf.in index b967b9e6d7..3f12a2f4f0 100644 --- a/bin/tests/system/mirror/ns1/named.conf.in +++ b/bin/tests/system/mirror/ns1/named.conf.in @@ -19,3 +19,8 @@ options { listen-on-v6 { none; }; recursion no; }; + +zone "." { + type master; + file "root.db.signed"; +}; diff --git a/bin/tests/system/mirror/ns1/root.db.in b/bin/tests/system/mirror/ns1/root.db.in index 3c5e60fd98..d5728f419b 100644 --- a/bin/tests/system/mirror/ns1/root.db.in +++ b/bin/tests/system/mirror/ns1/root.db.in @@ -11,3 +11,5 @@ $TTL 3600 @ SOA a.root-servers.nil. hostmaster 2000010100 3600 1200 604800 3600 @ NS a.root-servers.nil. a.root-servers.nil. A 10.53.0.1 +example NS ns2.example. +ns2.example. A 10.53.0.2 diff --git a/bin/tests/system/mirror/ns1/sign.sh b/bin/tests/system/mirror/ns1/sign.sh new file mode 100644 index 0000000000..4a09a8619b --- /dev/null +++ b/bin/tests/system/mirror/ns1/sign.sh @@ -0,0 +1,30 @@ +#!/bin/sh -e +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +( cd ../ns2 && $SHELL -e sign.sh ) + +cp ../ns2/dsset-* . + +zone=. +infile=root.db.in +zonefile=root.db + +keyname1=`$KEYGEN -a RSASHA256 -f KSK $zone 2> /dev/null` +keyname2=`$KEYGEN -a RSASHA256 $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -P -g -o $zone $zonefile > /dev/null + +keyfile_to_trusted_keys $keyname1 > trusted.conf diff --git a/bin/tests/system/mirror/ns2/example.db.in b/bin/tests/system/mirror/ns2/example.db.in new file mode 100644 index 0000000000..b68f9e81e2 --- /dev/null +++ b/bin/tests/system/mirror/ns2/example.db.in @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +@ SOA ns2 hostmaster 1 3600 1200 604800 3600 +@ NS ns2 +ns2 A 10.53.0.2 +foo A 127.0.0.1 diff --git a/bin/tests/system/mirror/ns2/named.conf.in b/bin/tests/system/mirror/ns2/named.conf.in index 01257e0853..a27aa6080e 100644 --- a/bin/tests/system/mirror/ns2/named.conf.in +++ b/bin/tests/system/mirror/ns2/named.conf.in @@ -29,6 +29,11 @@ options { recursion no; }; +zone "example" { + type master; + file "example.db.signed"; +}; + zone "verify-axfr" { type master; file "verify-axfr.db.signed"; diff --git a/bin/tests/system/mirror/ns2/sign.sh b/bin/tests/system/mirror/ns2/sign.sh index 77fbb3a894..0cc8980794 100644 --- a/bin/tests/system/mirror/ns2/sign.sh +++ b/bin/tests/system/mirror/ns2/sign.sh @@ -14,6 +14,19 @@ SYSTEMTESTTOP=../.. keys_to_trust="" +for zonename in example; do + zone=$zonename + infile=$zonename.db.in + zonefile=$zonename.db + + keyname1=`$KEYGEN -a RSASHA256 -f KSK $zone 2> /dev/null` + keyname2=`$KEYGEN -a RSASHA256 $zone 2> /dev/null` + + cat $infile $keyname1.key $keyname2.key > $zonefile + + $SIGNER -P -o $zone $zonefile > /dev/null +done + ORIGINAL_SERIAL=`awk '$2 == "SOA" {print $5}' verify.db.in` UPDATED_SERIAL_BAD=`expr ${ORIGINAL_SERIAL} + 1` UPDATED_SERIAL_GOOD=`expr ${ORIGINAL_SERIAL} + 2` diff --git a/bin/tests/system/mirror/ns3/named.conf.in b/bin/tests/system/mirror/ns3/named.conf.in index b4508eacfe..1873f88e17 100644 --- a/bin/tests/system/mirror/ns3/named.conf.in +++ b/bin/tests/system/mirror/ns3/named.conf.in @@ -34,6 +34,13 @@ zone "." { file "../../common/root.hint"; }; +zone "." { + type slave; + masters { 10.53.0.1; }; + mirror yes; + file "root.db.mirror"; +}; + zone "verify-axfr" { type slave; masters { 10.53.0.2; }; @@ -71,4 +78,5 @@ zone "verify-untrusted" { file "verify-untrusted.db.mirror"; }; +include "../ns1/trusted.conf"; include "../ns2/trusted-mirror.conf"; diff --git a/bin/tests/system/mirror/setup.sh b/bin/tests/system/mirror/setup.sh index 9fb8063d44..4a1413dfa1 100644 --- a/bin/tests/system/mirror/setup.sh +++ b/bin/tests/system/mirror/setup.sh @@ -18,7 +18,7 @@ copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns3/named.conf.in ns3/named.conf -( cd ns2 && $SHELL -e sign.sh ) +( cd ns1 && $SHELL -e sign.sh ) cat ns2/verify-axfr.db.bad.signed > ns2/verify-axfr.db.signed cat ns2/verify-ixfr.db.original.signed > ns2/verify-ixfr.db.signed diff --git a/bin/tests/system/mirror/tests.sh b/bin/tests/system/mirror/tests.sh index 20016a4b7e..3393def758 100644 --- a/bin/tests/system/mirror/tests.sh +++ b/bin/tests/system/mirror/tests.sh @@ -204,5 +204,17 @@ grep "${UPDATED_SERIAL_GOOD}.*; serial" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "checking that resolution involving a mirror zone works as expected ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.3 foo.example A > dig.out.ns3.test$n 2>&1 || ret=1 +# Check response code and flags in the answer. +grep "NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +grep "flags:.* ad" dig.out.ns3.test$n > /dev/null || ret=1 +# Ensure ns1 was not queried. +grep "query 'foo.example/A/IN'" ns1/named.run > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/util/copyrights b/util/copyrights index ef2bbb0a3d..1c25a24662 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1598,6 +1598,8 @@ ./bin/tests/system/mirror/clean.sh SH 2018 ./bin/tests/system/mirror/ns1/named.conf.in CONF-C 2018 ./bin/tests/system/mirror/ns1/root.db.in ZONE 2018 +./bin/tests/system/mirror/ns1/sign.sh SH 2018 +./bin/tests/system/mirror/ns2/example.db.in ZONE 2018 ./bin/tests/system/mirror/ns2/named.conf.in CONF-C 2018 ./bin/tests/system/mirror/ns2/sign.sh SH 2018 ./bin/tests/system/mirror/ns2/verify.db.in ZONE 2018