4405. [bug] Change 4342 introduced a regression where you could

not remove a delegation in a NSEC3 signed zone using OPTOUT via nsupdate. [RT #42702] (cherry picked from commit d811a7d9ef)
2016-07-06 10:13:15 +10:00
parent 4695e981ba
commit 8d9a134fe7
8 changed files with 87 additions and 18 deletions
--- a/bin/tests/system/nsupdate/ns3/delegation.test.db.in
+++ b/bin/tests/system/nsupdate/ns3/delegation.test.db.in
@@ -0,0 +1,10 @@
+; Copyright (C) 2011, 2016  Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$TTL 10
+delegation.test. IN SOA delegation.test. hostmaster.delegation.test. 1 3600 900 2419200 3600
+delegation.test. IN NS delegation.test.
+delegation.test. IN A 10.53.0.3
--- a/bin/tests/system/nsupdate/ns3/named.conf
+++ b/bin/tests/system/nsupdate/ns3/named.conf
@@ -59,3 +59,9 @@ zone "many.test" {
 	allow-update-forwarding { any; };
 	file "many.test.bk";
 };
+
+zone "delegation.test" {
+	type master;
+	allow-update { any; };
+	file "delegation.test.db.signed";
+};
--- a/bin/tests/system/nsupdate/ns3/sign.sh
+++ b/bin/tests/system/nsupdate/ns3/sign.sh
@@ -30,3 +30,14 @@ keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $keyname1.key $keyname2.key >$zonefile

 $SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+
+zone=delegation.test.
+infile=delegation.test.db.in
+zonefile=delegation.test.db
+
+keyname1=`$KEYGEN -q -r $RANDFILE -3 -f KSK $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -3 $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null