Merge branch '4445-stop-leaking-queries-to-root-in-tests' into 'main'

Ensure no test queries leak to root server Closes #4445 See merge request isc-projects/bind9!8521
2024-01-18 16:21:08 +00:00
parent 19ccf59eeb f69df830c6
commit 64b8ab0845
11 changed files with 55 additions and 46 deletions
--- a/bin/tests/system/_common/root.hint.blackhole
+++ b/bin/tests/system/_common/root.hint.blackhole
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 999999
+.			 IN NS	ns99.root-servers.nil.
+ns99.root-servers.nil.	 IN A	10.53.0.99
--- a/bin/tests/system/addzone/ns3/named1.conf.in
+++ b/bin/tests/system/addzone/ns3/named1.conf.in
@@ -34,5 +34,5 @@ zone "." {
 };

 primaries "test" {
-	192.5.5.241;
+	10.53.0.99;
 };
--- a/bin/tests/system/chain/ns2/named.conf.in
+++ b/bin/tests/system/chain/ns2/named.conf.in
@@ -26,6 +26,11 @@ options {
 	notify yes;
 };

+zone . {
+       type hint;
+       file "../../_common/root.hint";
+};
+
 zone "example" {
 	type primary;
 	file "example.db.signed";
--- a/bin/tests/system/dnssec/ns4/named4.conf.in
+++ b/bin/tests/system/dnssec/ns4/named4.conf.in
@@ -39,6 +39,11 @@ key auth {

 include "trusted.conf";

+zone "." {
+	type hint;
+	file "../../_common/root.hint";
+};
+
 view rec {
 	match-recursive-only yes;
 	recursion yes;
@@ -46,11 +51,6 @@ view rec {
 	dnssec-accept-expired yes;
 	minimal-responses no;

-	zone "." {
-		type hint;
-		file "../../_common/root.hint";
-	};
-
 	zone secure.example {
 		type static-stub;
 		server-addresses { 10.53.0.4; };
--- a/bin/tests/system/dnssec/ns4/named5.conf.in
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-// NS4
-
-options {
-	query-source address 10.53.0.4;
-	notify-source 10.53.0.4;
-	transfer-source 10.53.0.4;
-	port @PORT@;
-	pid-file "named.pid";
-	listen-on { 10.53.0.4; };
-	listen-on-v6 { none; };
-	bindkeys-file "managed.conf";
-	dnssec-validation no;
-};
-
-key rndc_key {
-	secret "1234abcd8765";
-	algorithm @DEFAULT_HMAC@;
-};
-
-controls {
-	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
-};
-
-key auth {
-	secret "1234abcd8765";
-	algorithm @DEFAULT_HMAC@;
-};
--- a/bin/tests/system/journal/ns1/named.conf.in
+++ b/bin/tests/system/journal/ns1/named.conf.in
@@ -36,6 +36,11 @@ controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+zone . {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
+
 zone changed {
 	type primary;
 	update-policy local;
--- a/bin/tests/system/journal/ns2/named.conf.in
+++ b/bin/tests/system/journal/ns2/named.conf.in
@@ -35,3 +35,8 @@ key rndc_key {
 controls {
 	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
+
+zone . {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
--- a/bin/tests/system/kasp/ns3/named-fips.conf.in
+++ b/bin/tests/system/kasp/ns3/named-fips.conf.in
@@ -39,6 +39,11 @@ controls {
        inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+zone "." {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
+
 /* Zones that are getting initially signed */

 /* The default case: No keys created, using default policy. */
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -39,6 +39,11 @@ controls {
 	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+zone "." {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
+
 /* This zone switch from dynamic to inline-signing. */
 zone "dynamic2inline.kasp" {
 	type primary;
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -38,6 +38,11 @@ controls {
 	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+zone "." {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
+
 /* This zone switch from dynamic to inline-signing. */
 zone "dynamic2inline.kasp" {
 	type primary;
--- a/bin/tests/system/nsupdate/ns3/named.conf.in
+++ b/bin/tests/system/nsupdate/ns3/named.conf.in
@@ -35,6 +35,11 @@ controls {
 	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+zone "." {
+	type hint;
+	file "../../_common/root.hint.blackhole";
+};
+
 dnssec-policy "default-dynamic" {
 	inline-signing no;
 };