Check that minimal NSEC records are not cached
construct a test zone which contains a minimal NSEC record, emit priming queries for this record, and then check that a respose that would be synthesised from it isn't.
This commit is contained in:
Mark Andrews
committed by
Petr Špaček
Petr Špaček
parent
6fae151c9d
commit
0d75ec9ee3
28
bin/tests/system/synthfromdnssec/ns1/minimal.db.in
Normal file
28
bin/tests/system/synthfromdnssec/ns1/minimal.db.in
Normal file
@@ -0,0 +1,28 @@
|
||||
$TTL 3600
|
||||
minimal. 3600 SOA ns1.minimal. hostmaster.minimal. (
|
||||
1 ; serial
|
||||
3600 ; refresh (1 hour)
|
||||
1200 ; retry (20 minutes)
|
||||
604800 ; expire (1 week)
|
||||
3600 ; minimum (1 hour)
|
||||
)
|
||||
3600 NS ns1.minimal.
|
||||
3600 NSEC dnamed.minimal. NS SOA RRSIG NSEC DNSKEY
|
||||
dnamed.minimal. 3600 DNAME dnamed.
|
||||
3600 NSEC insecure.minimal. DNAME RRSIG NSEC
|
||||
insecure.minimal. 3600 NS ns1.insecure.minimal.
|
||||
3600 NSEC nodata.minimal. NS RRSIG NSEC
|
||||
nodata.minimal. 3600 TXT "nodata"
|
||||
3600 NSEC ns1.minimal. TXT RRSIG NSEC
|
||||
; incomplete chain pointing at non-existent ns2.minimal
|
||||
ns1.minimal. 3600 A 10.53.0.1
|
||||
3600 NSEC ns2.minimal. A RRSIG NSEC
|
||||
; minimal response for nxdomain.minimal.
|
||||
nxdomaia.minimal. 3600 NSEC nxdomaiz.minimal. RRSIG NSEC
|
||||
;
|
||||
*.wild-a.minimal. 3600 A 1.2.3.4
|
||||
3600 NSEC *.wild-cname.minimal. A RRSIG NSEC
|
||||
*.wild-cname.minimal. 3600 CNAME ns1.minimal.
|
||||
3600 NSEC minimal. CNAME RRSIG NSEC
|
||||
; glue
|
||||
ns1.insecure.minimal. 3600 A 10.53.0.1
|
||||
@@ -44,4 +44,9 @@ zone "dnamed" {
|
||||
file "dnamed.db.signed";
|
||||
};
|
||||
|
||||
zone "minimal" {
|
||||
type primary;
|
||||
file "minimal.db.signed";
|
||||
};
|
||||
|
||||
include "trusted.conf";
|
||||
|
||||
@@ -15,3 +15,5 @@ example NS ns1.example
|
||||
ns1.example A 10.53.0.1
|
||||
dnamed NS ns1.dnamed
|
||||
ns1.dnamed A 10.53.0.1
|
||||
minimal NS ns1.minimal
|
||||
ns1.minimal A 10.53.0.1
|
||||
|
||||
@@ -41,6 +41,16 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=minimal
|
||||
infile=minimal.db.in
|
||||
zonefile=minimal.db
|
||||
|
||||
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
# do not regenerate NSEC chain as there in a minimal NSEC record present
|
||||
$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
Reference in New Issue
Block a user