denied axfr requests were not effective for writable DLZ zones

2019-02-06 11:35:21 -08:00
parent 5e7f1a8d67
commit a9307de85e
3 changed files with 31 additions and 11 deletions
--- a/bin/tests/system/dlzexternal/tests.sh
+++ b/bin/tests/system/dlzexternal/tests.sh
@@ -108,15 +108,23 @@ test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
 status=`expr $status + $ret`

 newtest "testing AXFR from DLZ drivers"
-$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.test$n
-lines=`cat dig.out.ns1.test$n | wc -l`
+$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n
+lines=`cat dig.out.example.ns1.test$n | wc -l`
 [ ${lines:-0} -eq 4 ] || ret=1
-$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.test$n
-lines=`cat dig.out.ns1.test$n | wc -l`
+$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
+lines=`cat dig.out.alternate.ns1.test$n | wc -l`
 [ ${lines:-0} -eq 5 ] || ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=`expr $status + $ret`

+newtest "testing AXFR denied from DLZ drivers"
+$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n
+grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
+grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1
+[ "$ret" -eq 0 ] || echo_i "failed"
+status=`expr $status + $ret`
+
 newtest "testing unsearched/unregistered DLZ zone is not found"
 $DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
 grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1