2963. [security] The allow-query acl was being applied instead of the
allow-query-cache acl to cache lookups. [RT #22114]
This commit is contained in:
Mark Andrews
@@ -14,7 +14,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: tests.sh,v 1.3 2010/09/15 03:32:34 marka Exp $
|
||||
# $Id: tests.sh,v 1.4 2010/09/24 05:09:03 marka Exp $
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
@@ -54,11 +54,11 @@ status=`expr $status + $ret`
|
||||
echo "I:adding new zone with missing master file ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns2.pre.$n > /dev/null || ret=1
|
||||
grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n
|
||||
grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns2.post.$n > /dev/null || ret=1
|
||||
grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
@@ -68,7 +68,7 @@ echo "I:deleting previously added zone ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
|
||||
$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.previous.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
@@ -78,7 +78,7 @@ echo "I:deleting newly added zone ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
|
||||
$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
@@ -102,11 +102,21 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2
|
||||
sleep 5
|
||||
|
||||
echo "I:adding new zone to external view ($n)"
|
||||
# NOTE: The internal view has "recursion yes" set, and so queries for
|
||||
# nonexistent zones should return NOERROR. The external view is
|
||||
# "recursion no", so queries for nonexistent zones should return
|
||||
# REFUSED. This behavior should be the same regardless of whether
|
||||
# the zone does not exist because a) it has not yet been loaded, b)
|
||||
# it failed to load, or c) it has been deleted.
|
||||
ret=0
|
||||
$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
|
||||
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.int.$n > /dev/null || ret=1
|
||||
$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
|
||||
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
|
||||
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
@@ -117,7 +127,7 @@ echo "I:deleting newly added zone ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
|
||||
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
@@ -125,10 +135,14 @@ status=`expr $status + $ret`
|
||||
|
||||
echo "I:attempting to add zone to internal view ($n)"
|
||||
ret=0
|
||||
$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n
|
||||
grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
Reference in New Issue
Block a user