Merge branch '4281-CVE-2023-5517-test-9.16' into 'bind-9.16'

[9.16] [CVE-2023-5517] Checking nxdomain-redirect against built-in RFC-1918 zone See merge request isc-projects/bind9!8921
2024-03-28 14:12:22 +00:00
parent 42e270e0a9 adad957108
commit 340910b41e
2 changed files with 9 additions and 0 deletions
--- a/bin/tests/system/redirect/ns3/redirect.db
+++ b/bin/tests/system/redirect/ns3/redirect.db
@@ -12,5 +12,6 @@
 $TTL 300
@ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0
@ IN NS a.root-servers.nil.
+10.in-addr.arpa	TXT turn off redirect
 * IN A 100.100.100.1
 * IN AAAA 2001:ffff:ffff::100.100.100.1
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -517,6 +517,14 @@ n=$(expr $n + 1)
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$(expr $status + $ret)

+echo_i "checking nxdomain-redirect against built-in RFC-1918 zone ($n)"
+ret=0
+$DIG $DIGOPTS -x 10.0.0.1 @10.53.0.4 -b 10.53.0.2 >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+n=$((n + 1))
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
 ret=0
 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1