From f6dd701b8381cfa6dad373a86a17bb861447641a Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 24 May 2024 13:16:16 +0000
Subject: [PATCH] Test that 'rndc reconfig' reconfigures catz member zones

Catalog zone member zones should be reconfigured as all the other
zones during a reconfiguration. Test it by checking whether the newly
added allow-query setting affects a member zone.
---
 bin/tests/system/catz/ns2/named1.conf.in |  1 +
 bin/tests/system/catz/tests.sh           | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in
index bef4751295..e16416d22d 100644
--- a/bin/tests/system/catz/ns2/named1.conf.in
+++ b/bin/tests/system/catz/ns2/named1.conf.in
@@ -29,6 +29,7 @@ options {
 	notify no;
 	notify-delay 0;
 	recursion no;
+#T5	allow-query { 10.53.0.99; };
 	serial-query-rate 100;
 	dnssec-validation no;
 };
diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh
index 37f30b1e15..80cbc8168e 100644
--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@@ -702,6 +702,23 @@ wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# GL #4733
+n=$((n + 1))
+echo_i "reconfiguring secondary - checking if catz member zones are reconfigured ($n)"
+ret=0
+sed -e "s/^#T5//" <ns2/named1.conf.in >ns2/named.conf.tmp
+copy_setports ns2/named.conf.tmp ns2/named.conf
+rndccmd 10.53.0.2 reconfig || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking that dom3.example. is refused by secondary because of an activated allow-query ($n)"
+ret=0
+wait_for_no_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "reconfiguring secondary - reverting the bad configuration ($n)"
 ret=0