Test named's check-svcb behaviour with UPDATE
Checks that malformed _dns SVCB records are rejected unless check-svcb is set to no, in which case they are accepted. Both missing ALPN and missing DOHPATH are checked for.
This commit is contained in:
Mark Andrews
@@ -1556,6 +1556,66 @@ grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1
|
||||
grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that named rejects '_dns' SVCB with missing ALPN ($n)"
|
||||
nextpart ns3/named.run > /dev/null
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone example
|
||||
check-svcb no
|
||||
update add _dns.ns.example 0 in SVCB 1 ns.example dohpath=/{?dns}
|
||||
send
|
||||
END
|
||||
grep 'status: REFUSED' nsupdate.out.test$n > /dev/null || ret=1
|
||||
msg="update failed: _dns.ns.example/SVCB: no ALPN (REFUSED)"
|
||||
nextpart ns3/named.run | grep "$msg" ns3/named.run > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that named accepts '_dns' SVCB with missing ALPN (check-svcb no) ($n)"
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone relaxed
|
||||
check-svcb no
|
||||
update add _dns.ns.relaxed 0 in SVCB 1 ns.relaxed dohpath=/{?dns}
|
||||
send
|
||||
END
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 _dns.ns.relaxed SVCB > dig.out.ns3.test$n
|
||||
grep '1 ns.relaxed. key7="/{?dns}"' dig.out.ns3.test$n || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that named rejects '_dns' SVCB with missing DOHPATH ($n)"
|
||||
nextpart ns3/named.run > /dev/null
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone example
|
||||
check-svcb no
|
||||
update add _dns.ns.example 0 in SVCB 1 ns.example alpn=h2
|
||||
send
|
||||
END
|
||||
grep 'status: REFUSED' nsupdate.out.test$n > /dev/null || ret=1
|
||||
msg="update failed: _dns.ns.example/SVCB: no DOHPATH (REFUSED)"
|
||||
nextpart ns3/named.run | grep "$msg" ns3/named.run > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that named accepts '_dns' SVCB with missing DOHPATH (check-svcb no) ($n)"
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone relaxed
|
||||
check-svcb no
|
||||
update add _dns.ns.relaxed 0 in SVCB 1 ns.relaxed alpn=h2
|
||||
send
|
||||
END
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 _dns.ns.relaxed SVCB > dig.out.ns3.test$n
|
||||
grep '1 ns.relaxed. alpn="h2"' dig.out.ns3.test$n || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
if ! $FEATURETEST --gssapi ; then
|
||||
echo_i "SKIPPED: GSSAPI tests"
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user