diff --git a/CHANGES b/CHANGES index fd5de9da4f..08963442a8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ +2959. [func] Check that named starts with a missing masterfile. + [RT #22076] + +2958. [bug] named failed to start with a missing master file. + [RT #22076] + 2957. [bug] entropy_get() and entropy_getpseudo() failed to match the API for RAND_bytes() and RAND_pseudo_bytes() respectively. [RT #21962] diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 277b0c78d6..090376cd49 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.164 2010/08/11 18:14:18 each Exp $ */ +/* $Id: zoneconf.c,v 1.165 2010/09/15 03:32:34 marka Exp $ */ /*% */ @@ -565,22 +565,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, * Unless we're using some alternative database, a master zone * will be needing a master file. */ - if (ztype == dns_zone_master && cpval == default_dbtype) { - if (filename == NULL) { - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "zone '%s': 'file' not specified", - zname); - return (ISC_R_FAILURE); - } - - if (!isc_file_exists(filename)) { - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "zone '%s': master file not found", - zname); - return (ISC_R_NOTFOUND); - } + if (ztype == dns_zone_master && cpval == default_dbtype && + filename == NULL) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "zone '%s': 'file' not specified", + zname); + return (ISC_R_FAILURE); } masterformat = dns_masterformat_text; diff --git a/bin/tests/system/addzone/clean.sh b/bin/tests/system/addzone/clean.sh index f6d5595de7..4adfc92b10 100644 --- a/bin/tests/system/addzone/clean.sh +++ b/bin/tests/system/addzone/clean.sh @@ -14,9 +14,10 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2 2010/08/11 18:14:18 each Exp $ +# $Id: clean.sh,v 1.3 2010/09/15 03:32:34 marka Exp $ rm -f dig.out.* +rm -f rndc.out.* rm -f ns2/named.conf rm -f */named.memstats rm -f ns2/*.nzf diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh index 20aff4cb2c..3c98812f78 100644 --- a/bin/tests/system/addzone/tests.sh +++ b/bin/tests/system/addzone/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2 2010/08/11 18:14:18 each Exp $ +# $Id: tests.sh,v 1.3 2010/09/15 03:32:34 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -51,6 +51,19 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:adding new zone with missing master file ($n)" +ret=0 +$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1 +grep "status: NOERROR" dig.out.ns2.pre.$n > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n +grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1 +grep "status: NOERROR" dig.out.ns2.post.$n > /dev/null || ret=1 +$PERL ../digcomp.pl dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:deleting previously added zone ($n)" ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /' @@ -71,9 +84,10 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:attempt to delete a normally-loaded zone (should fail) ($n)" +echo "I:attempt to delete a normally-loaded zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2>&1 | sed 's/^/I:ns2 /' +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2> rndc.out.ns2.$n +grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 @@ -109,9 +123,10 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:attempting to add zone to internal view (should fail) ($n)" +echo "I:attempting to add zone to internal view ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n +grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` diff --git a/bin/tests/system/masterfile/clean.sh b/bin/tests/system/masterfile/clean.sh index d90a65dc67..c14f47675a 100644 --- a/bin/tests/system/masterfile/clean.sh +++ b/bin/tests/system/masterfile/clean.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.5 2007/09/26 03:22:44 marka Exp $ +# $Id: clean.sh,v 1.6 2010/09/15 03:32:34 marka Exp $ -rm -f dig.out +rm -f dig.out.* rm -f */named.memstats diff --git a/bin/tests/system/masterfile/ns2/example.db b/bin/tests/system/masterfile/ns2/example.db new file mode 100644 index 0000000000..6ecc88efdb --- /dev/null +++ b/bin/tests/system/masterfile/ns2/example.db @@ -0,0 +1,26 @@ +; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: example.db,v 1.2 2010/09/15 03:32:34 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2010042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 diff --git a/bin/tests/system/masterfile/ns2/named.conf b/bin/tests/system/masterfile/ns2/named.conf new file mode 100644 index 0000000000..52b9b93408 --- /dev/null +++ b/bin/tests/system/masterfile/ns2/named.conf @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2010/09/15 03:32:34 marka Exp $ */ + +// NS2 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "example" { + type master; + file "example.db"; +}; + +zone "missing" { + type master; + file "missing.db"; +}; + diff --git a/bin/tests/system/masterfile/tests.sh b/bin/tests/system/masterfile/tests.sh index beebcdca6a..12129fce86 100644 --- a/bin/tests/system/masterfile/tests.sh +++ b/bin/tests/system/masterfile/tests.sh @@ -15,23 +15,44 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5 2007/06/19 23:47:04 tbox Exp $ +# $Id: tests.sh,v 1.6 2010/09/15 03:32:34 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 +n=0 -echo "I:test master file \$INCLUDE semantics" -$DIG +nostats +nocmd include. axfr @10.53.0.1 -p 5300 >dig.out +ret=0 +n=`expr $n + 1` +echo "I:test master file \$INCLUDE semantics ($n)" +$DIG +nostats +nocmd include. axfr @10.53.0.1 -p 5300 >dig.out.$n -echo "I:test master file BIND 8 compatibility TTL and \$TTL semantics" -$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out +echo "I:test master file BIND 8 compatibility TTL and \$TTL semantics ($n)" +$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out.$n -echo "I:test of master file RFC1035 TTL and \$TTL semantics" -$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out +echo "I:test of master file RFC1035 TTL and \$TTL semantics ($n)" +$DIG +nostats +nocmd ttl2. axfr @10.53.0.1 -p 5300 >>dig.out.$n -diff dig.out knowngood.dig.out || status=1 +diff dig.out.$n knowngood.dig.out || status=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +ret=0 +n=`expr $n + 1` +echo "I:test that the nameserver is running with a missing master file ($n)" +$DIG +tcp +noall +answer example soa @10.53.0.2 -p 5300 > dig.out.$n +grep SOA dig.out.$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +ret=0 +n=`expr $n + 1` +echo "I:test that the nameserver returns SERVFAIL for a missing master file ($n)" +$DIG +tcp +all missing soa @10.53.0.2 -p 5300 > dig.out.$n +grep "status: SERVFAIL" dig.out.$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` echo "I:exit status: $status" exit $status