add a regression test for record deletion

test that there's no crash when querying for a newly-deleted node. (incidentally also renamed ns3/named.conf.in to ns3/named1.conf.in, because named2.conf.in does exist, and they should match.)
2024-12-20 16:39:49 -08:00
parent 2025ba8f7a
commit 3334b3ee83
5 changed files with 29 additions and 3 deletions
--- a/bin/tests/system/nsec3/ns3/named1.conf.in
+++ b/bin/tests/system/nsec3/ns3/named1.conf.in
--- a/bin/tests/system/nsec3/ns3/named2-fips.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2-fips.conf.in
@@ -145,3 +145,13 @@ zone "nsec3-inline-to-dynamic.kasp" {
       dnssec-policy "nsec3";
       allow-update { any; };
 };
+
+/*
+ * This zone will have a node deleted.
+ */
+zone "nsec3-ent.kasp" {
+	type primary;
+	file "nsec3-ent.kasp.db";
+	dnssec-policy "nsec3";
+	inline-signing yes;
+};
--- a/bin/tests/system/nsec3/ns3/setup.sh
+++ b/bin/tests/system/nsec3/ns3/setup.sh
@@ -20,14 +20,14 @@ setup() {
  zone="$1"
  echo_i "setting up zone: $zone"
  zonefile="${zone}.db"
-  infile="${zone}.db.infile"
  cp template.db.in "$zonefile"
 }

 for zn in nsec-to-nsec3 nsec3 nsec3-other nsec3-change nsec3-to-nsec \
  nsec3-to-optout nsec3-from-optout nsec3-dynamic \
  nsec3-dynamic-change nsec3-dynamic-to-inline \
-  nsec3-inline-to-dynamic nsec3-dynamic-update-inline; do
+  nsec3-inline-to-dynamic nsec3-dynamic-update-inline \
+  nsec3-ent; do
  setup "${zn}.kasp"
 done

--- a/bin/tests/system/nsec3/setup.sh
+++ b/bin/tests/system/nsec3/setup.sh
@@ -27,7 +27,7 @@ if [ $RSASHA1_SUPPORTED = 0 ]; then
 else
  copy_setports ns3/named-fips.conf.in ns3/named-fips.conf
  # includes named-fips.conf
-  cp ns3/named.conf.in ns3/named.conf
+  cp ns3/named1.conf.in ns3/named.conf
 fi
 (
  cd ns3
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@@ -584,5 +584,21 @@ set_key_default_values "KEY1"
 echo_i "check zone ${ZONE} after reload"
 check_nsec3

+# Zone: nsec3-ent.kasp (regression test for #5108)
+n=$((n + 1))
+echo_i "check queries for newly empty names do not crash ($n)"
+set_zone_policy "nsec3-ent.kasp"
+set_server "ns3" "10.53.0.3"
+# confirm the pre-existing name still exists
+dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.1" || ret=1
+grep "c\.nsec3-ent\.kasp\..*IN.*A.*10\.0\.0\.3" "dig.out.$ZONE.test$n.1" >/dev/null || ret=1
+# remove a name, bump the SOA, reload, and try the query again
+sed -e 's/1 *; serial/2/' -e '/^c/d' ns3/template.db.in >ns3/nsec3-ent.kasp.db
+rndc_reload ns3 10.53.0.3
+dig_with_opts +noquestion "@${SERVER}" c.$ZONE >"dig.out.$ZONE.test$n.2" || ret=1
+grep "status: NXDOMAIN" "dig.out.$ZONE.test$n.2" >/dev/null || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1