Check static-stub synthesised NS is not returned

2024-02-29 17:14:43 +11:00
parent 40816e4e35
commit 229bf863e2
5 changed files with 58 additions and 0 deletions
--- a/bin/tests/system/staticstub/ns1/root.db
+++ b/bin/tests/system/staticstub/ns1/root.db
@@ -17,3 +17,6 @@ a.root-servers.nil.	A	10.53.0.1
 example.com.		NS	example.

 ns.example.net.		A	10.53.0.3
+
+unsigned.              NS      ns.unsigned.
+ns.unsigned.           A       10.53.0.3
--- a/bin/tests/system/staticstub/ns2/named.conf.in
+++ b/bin/tests/system/staticstub/ns2/named.conf.in
@@ -33,6 +33,7 @@ options {
 	recursion yes;
 	dnssec-validation yes;
 	notify no;
+	minimal-responses no;
 };

 zone "." {
@@ -60,3 +61,8 @@ zone "undelegated" {
 	type static-stub;
 	server-addresses { 10.53.0.3; };
 };
+
+zone "unsigned" {
+	type static-stub;
+	server-addresses { 10.53.0.3; };
+};
--- a/bin/tests/system/staticstub/ns3/named.conf.in
+++ b/bin/tests/system/staticstub/ns3/named.conf.in
@@ -44,3 +44,8 @@ zone "undelegated" {
 	type primary;
 	file "undelegated.db.signed";
 };
+
+zone "unsigned" {
+	type primary;
+	file "unsigned.db";
+};
--- a/bin/tests/system/staticstub/ns3/unsigned.db
+++ b/bin/tests/system/staticstub/ns3/unsigned.db
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$ORIGIN .
+$TTL 300	; 5 minutes
+unsigned		IN SOA	ns.unsigned. hostmaster.unsigned. (
+				2010080906 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+unsigned.	5	NS	ns.unsigned.
+ns.unsigned.		A	10.53.0.3
+
+data.unsigned. 20	TXT	"example org data"
--- a/bin/tests/system/staticstub/tests.sh
+++ b/bin/tests/system/staticstub/tests.sh
@@ -211,5 +211,25 @@ grep "status: NOERROR" dig.out.ns2.soa.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

+n=$((n + 1))
+echo_i "checking static-stub synthesised NS is not returned ($n)"
+ret=0
+$DIG $DIGOPTS unsigned. @10.53.0.2 ns >dig.out.ns2.ns.test$n || ret=1
+sleep 2
+$DIG $DIGOPTS data.unsigned @10.53.0.2 txt >dig.out.ns2.txt1.test$n || ret=1
+sleep 4
+$DIG $DIGOPTS data.unsigned @10.53.0.2 txt >dig.out.ns2.txt2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.ns.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.ns2.txt1.test$n >/dev/null || ret=1
+# NS RRset from zone is returned
+grep '^unsigned\..*NS.ns\.unsigned\.$' dig.out.ns2.txt1.test$n >/dev/null || ret=1
+grep '^unsigned\..*NS.unsigned\.$' dig.out.ns2.txt1.test$n >/dev/null && ret=1
+# NS expired and synthesised response is not returned
+grep "status: NOERROR" dig.out.ns2.txt2.test$n >/dev/null || ret=1
+grep '^unsigned\..*NS.ns\.unsigned\.$' dig.out.ns2.txt2.test$n >/dev/null && ret=1
+grep '^unsigned\..*NS.unsigned\.$' dig.out.ns2.txt2.test$n >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1