diff --git a/bin/tests/system/journal/clean.sh b/bin/tests/system/journal/clean.sh index dc275f4391..45b6657dfa 100644 --- a/bin/tests/system/journal/clean.sh +++ b/bin/tests/system/journal/clean.sh @@ -14,4 +14,5 @@ rm -f */named.run rm -f dig.out* rm -f journalprint.out.* rm -f ns1/managed-keys.bind +rm -f ns2/managed-keys.bind rm -f tmp.jnl diff --git a/bin/tests/system/journal/ns2/managed-keys.bind.in b/bin/tests/system/journal/ns2/managed-keys.bind.in new file mode 100644 index 0000000000..21397066f4 --- /dev/null +++ b/bin/tests/system/journal/ns2/managed-keys.bind.in @@ -0,0 +1,14 @@ +$ORIGIN . +$TTL 0 ; 0 seconds +@ IN SOA . . ( + 29 ; serial + 0 ; refresh (0 seconds) + 0 ; retry (0 seconds) + 0 ; expire (0 seconds) + 0 ; minimum (0 seconds) + ) + KEYDATA 20210611104535 19700101000000 19700101000000 0 0 0 ( + + ) ; ZSK; alg = 0; key id = 0 + ; next refresh: Fri, 11 Jun 2021 10:45:35 GMT + ; no trust diff --git a/bin/tests/system/journal/ns2/managed-keys.bind.jnl.in b/bin/tests/system/journal/ns2/managed-keys.bind.jnl.in new file mode 100644 index 0000000000..01c1d47271 Binary files /dev/null and b/bin/tests/system/journal/ns2/managed-keys.bind.jnl.in differ diff --git a/bin/tests/system/journal/ns2/named.conf.in b/bin/tests/system/journal/ns2/named.conf.in new file mode 100644 index 0000000000..17d1f12aa9 --- /dev/null +++ b/bin/tests/system/journal/ns2/named.conf.in @@ -0,0 +1,34 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + session-keyfile "session.key"; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + dnssec-validation yes; + minimal-responses no; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/journal/setup.sh b/bin/tests/system/journal/setup.sh index 4a5253900c..62387d2e0d 100644 --- a/bin/tests/system/journal/setup.sh +++ b/bin/tests/system/journal/setup.sh @@ -43,3 +43,7 @@ cp ns1/maxjournal2.jnl.saved ns1/maxjournal2.db.jnl cp ns1/managed-keys.bind.in ns1/managed-keys.bind $PERL ../fromhex.pl < ns1/managed-keys.bind.jnl.in > ns1/managed-keys.bind.jnl + +copy_setports ns2/named.conf.in ns2/named.conf +cp ns2/managed-keys.bind.in ns2/managed-keys.bind +cp ns2/managed-keys.bind.jnl.in ns2/managed-keys.bind.jnl diff --git a/bin/tests/system/journal/tests.sh b/bin/tests/system/journal/tests.sh index 3c20925dbc..c5fbd4b6c6 100644 --- a/bin/tests/system/journal/tests.sh +++ b/bin/tests/system/journal/tests.sh @@ -243,5 +243,11 @@ done [ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "check that journal is applied to zone with keydata placeholder record" +ret=0 +grep 'managed-keys-zone: journal rollforward completed successfully: up to date' ns2/named.run > /dev/null 2>&1 || ret=1 +[ $ret -eq 0 ] || echo_i "failed" + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/lib/dns/rdata/generic/keydata_65533.c b/lib/dns/rdata/generic/keydata_65533.c index 27eb20c026..6c78c98a1f 100644 --- a/lib/dns/rdata/generic/keydata_65533.c +++ b/lib/dns/rdata/generic/keydata_65533.c @@ -71,6 +71,11 @@ fromtext_keydata(ARGS_FROMTEXT) { RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion)); RETERR(mem_tobuffer(target, &alg, 1)); + /* Do we have a placeholder KEYDATA record? */ + if (flags == 0 && proto == 0 && alg == 0) { + return (ISC_R_SUCCESS); + } + /* No Key? */ if ((flags & 0xc000) == 0xc000) { return (ISC_R_SUCCESS); @@ -84,7 +89,7 @@ totext_keydata(ARGS_TOTEXT) { isc_region_t sr; char buf[sizeof("64000")]; unsigned int flags; - unsigned char algorithm; + unsigned char proto, algorithm; unsigned long refresh, add, deltime; char algbuf[DNS_NAME_FORMATSIZE]; const char *keyinfo; @@ -132,7 +137,8 @@ totext_keydata(ARGS_TOTEXT) { } /* protocol */ - snprintf(buf, sizeof(buf), "%u", sr.base[0]); + proto = sr.base[0]; + snprintf(buf, sizeof(buf), "%u", proto); isc_region_consume(&sr, 1); RETERR(str_totext(buf, target)); RETERR(str_totext(" ", target)); @@ -143,6 +149,14 @@ totext_keydata(ARGS_TOTEXT) { isc_region_consume(&sr, 1); RETERR(str_totext(buf, target)); + /* Do we have a placeholder KEYDATA record? */ + if (flags == 0 && proto == 0 && algorithm == 0) { + if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) { + RETERR(str_totext(" ; placeholder", target)); + } + return (ISC_R_SUCCESS); + } + /* No Key? */ if ((flags & 0xc000) == 0xc000) { return (ISC_R_SUCCESS);