4437. [func] Minimal-responses now has two additional modes

no-auth and no-auth-recursive which suppress
                        adding the NS records to the authority section
                        as well as the associated address records for the
                        nameservers. [RT #42005]

(cherry picked from commit 78e31dd187)

bin/tests/system/additional/ns1/named3.conf

@@ -18,6 +18,7 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-any yes;
+	minimal-responses no-auth;
 };
 
 include "../../common/rndc.key";
@@ -30,3 +31,23 @@ zone "rt.example" {
 	type master;
 	file "rt.db";
 };
+
+zone "naptr.example" {
+	type master;
+	file "naptr.db";
+};
+
+zone "rt2.example" {
+	type master;
+	file "rt2.db";
+};
+
+zone "naptr2.example" {
+	type master;
+	file "naptr2.db";
+};
+
+zone "nid.example" {
+	type master;
+	file "nid.db";
+};

bin/tests/system/additional/ns1/named4.conf

@@ -11,11 +11,13 @@ options {
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
 	recursion no;
+	additional-from-auth no;
 	port 5300;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
 	notify no;
+	minimal-responses no-auth-recursive;
 };
 
 include "../../common/rndc.key";
@@ -33,3 +35,28 @@ zone "srv.example" {
 	type master;
 	file "srv.db";
 };
+
+zone "rt.example" {
+	type master;
+	file "rt.db";
+};
+
+zone "naptr.example" {
+	type master;
+	file "naptr.db";
+};
+
+zone "rt2.example" {
+	type master;
+	file "rt2.db";
+};
+
+zone "naptr2.example" {
+	type master;
+	file "naptr2.db";
+};
+
+zone "nid.example" {
+	type master;
+	file "nid.db";
+};

bin/tests/system/additional/tests.sh

@@ -16,81 +16,192 @@ n=0
 
 dotests() {
     n=`expr $n + 1`
-    echo "I:test with RT, single zone ($n)"
+    echo "I:test with RT, single zone (+rec) ($n)"
     ret=0
-    $DIG -t RT rt.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t RT rt.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with RT, two zones ($n)"
+    echo "I:test with RT, two zones (+rec) ($n)"
     ret=0
-    $DIG -t RT rt.rt2.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t RT rt.rt2.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with NAPTR, single zone ($n)"
+    echo "I:test with NAPTR, single zone (+rec) ($n)"
     ret=0
-    $DIG -t NAPTR nap.naptr.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t NAPTR nap.naptr.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with NAPTR, two zones ($n)"
+    echo "I:test with NAPTR, two zones (+rec) ($n)"
     ret=0
-    $DIG -t NAPTR nap.hang3b.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t NAPTR nap.hang3b.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with LP ($n)"
+    echo "I:test with LP (+rec) ($n)"
     ret=0
-    $DIG -t LP nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
-    if [ $minimal = no ] ; then
-      grep "L64" dig.out.$n > /dev/null || ret=1
-      grep "L32" dig.out.$n > /dev/null || ret=1
-    else
-      grep "L64" dig.out.$n > /dev/null && ret=1
-      grep "L32" dig.out.$n > /dev/null && ret=1
-    fi
+    $DIG +rec -t LP nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    case $minimal in
+    no)
+      grep -w "NS" dig.out.$n > /dev/null || ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    yes)
+      grep -w "NS" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+      ;;
+    no-auth)
+      grep -w "NS" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    no-auth-recursive)
+      grep -w "NS" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    esac
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with NID ($n)"
+    echo "I:test with NID (+rec) ($n)"
     ret=0
-    $DIG -t NID ns1.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t NID ns1.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $minimal = no ] ; then
       # change && to || when we support NID additional processing
-      grep "L64" dig.out.$n > /dev/null && ret=1
-      grep "L32" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
     else
-      grep "L64" dig.out.$n > /dev/null && ret=1
-      grep "L32" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
     fi
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
     fi
 
     n=`expr $n + 1`
-    echo "I:test with NID + LP ($n)"
+    echo "I:test with NID + LP (+rec) ($n)"
     ret=0
-    $DIG -t NID nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    $DIG +rec -t NID nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
     if [ $minimal = no ] ; then
       # change && to || when we support NID additional processing
-      grep "LP" dig.out.$n > /dev/null && ret=1
-      grep "L64" dig.out.$n > /dev/null && ret=1
-      grep "L32" dig.out.$n > /dev/null && ret=1
+      grep -w "LP" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
     else
-      grep "LP" dig.out.$n > /dev/null && ret=1
-      grep "L64" dig.out.$n > /dev/null && ret=1
-      grep "L32" dig.out.$n > /dev/null && ret=1
+      grep -w "LP" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+    fi
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with RT, single zone (+norec) ($n)"
+    ret=0
+    $DIG +norec -t RT rt.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with RT, two zones (+norec) ($n)"
+    ret=0
+    $DIG +norec -t RT rt.rt2.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with NAPTR, single zone (+norec) ($n)"
+    ret=0
+    $DIG +norec -t NAPTR nap.naptr.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with NAPTR, two zones (+norec) ($n)"
+    ret=0
+    $DIG +norec -t NAPTR nap.hang3b.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with LP (+norec) ($n)"
+    ret=0
+    $DIG +norec -t LP nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    case $minimal in
+    no)
+      grep -w "NS" dig.out.$n > /dev/null || ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    yes)
+      grep -w "NS" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+      ;;
+    no-auth)
+      grep -w "NS" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    no-auth-recursive)
+      grep -w "NS" dig.out.$n > /dev/null || ret=1
+      grep -w "L64" dig.out.$n > /dev/null || ret=1
+      grep -w "L32" dig.out.$n > /dev/null || ret=1
+      ;;
+    esac
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with NID (+norec) ($n)"
+    ret=0
+    $DIG +norec -t NID ns1.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $minimal = no ] ; then
+      # change && to || when we support NID additional processing
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+    else
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+    fi
+    if [ $ret -eq 1 ] ; then
+            echo "I: failed"; status=1
+    fi
+
+    n=`expr $n + 1`
+    echo "I:test with NID + LP (+norec) ($n)"
+    ret=0
+    $DIG +norec -t NID nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+    if [ $minimal = no ] ; then
+      # change && to || when we support NID additional processing
+      grep -w "LP" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
+    else
+      grep -w "LP" dig.out.$n > /dev/null && ret=1
+      grep -w "L64" dig.out.$n > /dev/null && ret=1
+      grep -w "L32" dig.out.$n > /dev/null && ret=1
     fi
     if [ $ret -eq 1 ] ; then
             echo "I: failed"; status=1
@@ -133,11 +244,19 @@ if [ $ret -eq 1 ] ; then
     echo "I: failed"; status=1
 fi
 
+echo "I:testing with 'minimal-responses no-auth;'"
+minimal=no-auth
+dotests
+
 echo "I:reconfiguring server"
 cp ns1/named4.conf ns1/named.conf
 $RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /'
 sleep 2
 
+echo "I:testing with 'minimal-responses no-auth-recursive;'"
+minimal=no-auth-recursive
+dotests
+
 n=`expr $n + 1`
 echo "I:testing returning TLSA records with MX query ($n)"
 ret=0