Projects
openEuler:22.03:LTS:LoongArch
bind
_service:tar_scm_kernel_repo:backport-Test-dnss...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-Test-dnssec-policy-max-zone-ttl-rejects-zone-with-to.patch of Package bind
From 2022384b8dc7249671d521dc9ef5a292a960521d Mon Sep 17 00:00:00 2001 From: Matthijs Mekking <matthijs@isc.org> Date: Wed, 13 Jul 2022 10:27:18 +0200 Subject: [PATCH] Test dnssec-policy max-zone-ttl rejects zone with too high TTL Similar to the 'max-zone-ttl' zone option, the 'dnssec-policy' option should reject zones with TTLs that are out of range. Conflict: NA Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/2022384b8dc7249671d521dc9ef5a292a960521d --- bin/tests/system/kasp/ns3/named.conf.in | 9 +++++++ .../system/kasp/ns3/policies/kasp.conf.in | 4 ++++ bin/tests/system/kasp/ns3/setup.sh | 24 ++++++++----------- bin/tests/system/kasp/tests.sh | 9 +++++++ 4 files changed, 32 insertions(+), 14 deletions(-) diff --git a/bin/tests/system/kasp/ns3/named.conf.in b/bin/tests/system/kasp/ns3/named.conf.in index e229fd9158..64ae2aa402 100644 --- a/bin/tests/system/kasp/ns3/named.conf.in +++ b/bin/tests/system/kasp/ns3/named.conf.in @@ -223,6 +223,15 @@ zone "ecdsa384.kasp" { dnssec-policy "ecdsa384"; }; +/* + * Zone with too high TTL. + */ +zone "max-zone-ttl.kasp" { + type primary; + file "max-zone-ttl.kasp.db"; + dnssec-policy "ttl"; +}; + /* * Zones in different signing states. */ diff --git a/bin/tests/system/kasp/ns3/policies/kasp.conf.in b/bin/tests/system/kasp/ns3/policies/kasp.conf.in index d0ae96ce08..17b900c7b3 100644 --- a/bin/tests/system/kasp/ns3/policies/kasp.conf.in +++ b/bin/tests/system/kasp/ns3/policies/kasp.conf.in @@ -132,3 +132,7 @@ dnssec-policy "checkds-csk" { csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; }; }; + +dnssec-policy "ttl" { + max-zone-ttl 299; +}; diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh index 21c4c9126d..bc4a0fc11d 100644 --- a/bin/tests/system/kasp/ns3/setup.sh +++ b/bin/tests/system/kasp/ns3/setup.sh @@ -64,20 +64,16 @@ if [ -f ../ed448-supported.file ]; then cat ed448.conf >> named.conf fi -# Set up zone that stays unsigned. -zone="unsigned.kasp" -echo_i "setting up zone: $zone" -zonefile="${zone}.db" -infile="${zone}.db.infile" -cp template.db.in $infile -cp template.db.in $zonefile - -# Set up zone that stays unsigned. -zone="insecure.kasp" -echo_i "setting up zone: $zone" -zonefile="${zone}.db" -infile="${zone}.db.infile" -cp template.db.in $zonefile +# Set up zones that stay unsigned. +for zn in unsigned insecure max-zone-ttl +do + zone="${zn}.kasp" + echo_i "setting up zone: $zone" + zonefile="${zone}.db" + infile="${zone}.db.infile" + cp template.db.in $infile + cp template.db.in $zonefile +done # Some of these zones already have keys. zone="dnssec-keygen.kasp" diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 4a458945a0..ff4d32cc7b 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -253,6 +253,15 @@ status=$((status+ret)) next_key_event_threshold=$((next_key_event_threshold+i)) +# Test max-zone-ttl rejects zones with too high TTL. +n=$((n+1)) +echo_i "check that max-zone-ttl rejects zones with too high TTL ($n)" +ret=0 +set_zone "max-zone-ttl.kasp" +grep "loading from master file ${ZONE}.db failed: out of range" "ns3/named.run" > /dev/null || ret=1 +test "$ret" -eq 0 || echo_i "failed" +status=$((status+ret)) + # # Zone: default.kasp. # -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.