summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/forward
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:37:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:37:14 +0000
commitea648e70a989cca190cd7403fe892fd2dcc290b4 (patch)
treee2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/system/forward
parentInitial commit. (diff)
downloadbind9-upstream.tar.xz
bind9-upstream.zip
Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/forward')
-rw-r--r--bin/tests/system/forward/clean.sh17
-rw-r--r--bin/tests/system/forward/ns1/example.db12
-rw-r--r--bin/tests/system/forward/ns1/named.conf.in56
-rw-r--r--bin/tests/system/forward/ns1/root.db28
-rw-r--r--bin/tests/system/forward/ns2/example.db12
-rw-r--r--bin/tests/system/forward/ns2/named.conf.in56
-rw-r--r--bin/tests/system/forward/ns2/root.db28
-rw-r--r--bin/tests/system/forward/ns3/named.conf.in45
-rw-r--r--bin/tests/system/forward/ns3/root.db28
-rw-r--r--bin/tests/system/forward/ns4/named.conf.in54
-rw-r--r--bin/tests/system/forward/ns4/root.db28
-rw-r--r--bin/tests/system/forward/ns5/named.conf.in27
-rw-r--r--bin/tests/system/forward/ns5/root.db28
-rw-r--r--bin/tests/system/forward/rfc1918-inherited.conf15
-rw-r--r--bin/tests/system/forward/rfc1918-notinherited.conf16
-rw-r--r--bin/tests/system/forward/setup.sh20
-rw-r--r--bin/tests/system/forward/tests.sh135
-rw-r--r--bin/tests/system/forward/ula-inherited.conf15
-rw-r--r--bin/tests/system/forward/ula-notinherited.conf16
19 files changed, 636 insertions, 0 deletions
diff --git a/bin/tests/system/forward/clean.sh b/bin/tests/system/forward/clean.sh
new file mode 100644
index 0000000..3052d27
--- /dev/null
+++ b/bin/tests/system/forward/clean.sh
@@ -0,0 +1,17 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+#
+# Clean up after forward tests.
+#
+rm -f dig.out.*
+rm -f */named.conf
+rm -f */named.memstats
+rm -f */named.run
+rm -f ns*/named.lock
diff --git a/bin/tests/system/forward/ns1/example.db b/bin/tests/system/forward/ns1/example.db
new file mode 100644
index 0000000..ebbc2ae
--- /dev/null
+++ b/bin/tests/system/forward/ns1/example.db
@@ -0,0 +1,12 @@
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+txt TXT "recursed"
diff --git a/bin/tests/system/forward/ns1/named.conf.in b/bin/tests/system/forward/ns1/named.conf.in
new file mode 100644
index 0000000..7ce81dd
--- /dev/null
+++ b/bin/tests/system/forward/ns1/named.conf.in
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+zone "example1." {
+ type master;
+ file "example.db";
+};
+
+zone "example2." {
+ type master;
+ file "example.db";
+};
+
+zone "example3." {
+ type master;
+ file "example.db";
+};
+
+zone "example4." {
+ type master;
+ file "example.db";
+};
+
+zone "example5." {
+ type master;
+ file "example.db";
+};
+
+/* A forward zone without forwarders. */
+zone "example6" {
+ type forward;
+};
diff --git a/bin/tests/system/forward/ns1/root.db b/bin/tests/system/forward/ns1/root.db
new file mode 100644
index 0000000..7346810
--- /dev/null
+++ b/bin/tests/system/forward/ns1/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns2/example.db b/bin/tests/system/forward/ns2/example.db
new file mode 100644
index 0000000..3a5f46c
--- /dev/null
+++ b/bin/tests/system/forward/ns2/example.db
@@ -0,0 +1,12 @@
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+txt TXT "forwarded"
diff --git a/bin/tests/system/forward/ns2/named.conf.in b/bin/tests/system/forward/ns2/named.conf.in
new file mode 100644
index 0000000..ff104d4
--- /dev/null
+++ b/bin/tests/system/forward/ns2/named.conf.in
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type master;
+ file "example.db";
+};
+
+zone "example2." {
+ type master;
+ file "example.db";
+};
+
+zone "example3." {
+ type master;
+ file "example.db";
+};
+
+zone "example4." {
+ type master;
+ file "example.db";
+};
+
+zone "grafted." {
+ type master;
+ file "example.db";
+};
+
+zone "1.0.10.in-addr.arpa." {
+ type master;
+ file "example.db";
+};
diff --git a/bin/tests/system/forward/ns2/root.db b/bin/tests/system/forward/ns2/root.db
new file mode 100644
index 0000000..7346810
--- /dev/null
+++ b/bin/tests/system/forward/ns2/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns3/named.conf.in b/bin/tests/system/forward/ns3/named.conf.in
new file mode 100644
index 0000000..80a4f7e
--- /dev/null
+++ b/bin/tests/system/forward/ns3/named.conf.in
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ forwarders { 10.53.0.2; };
+ forward first;
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type forward;
+ forward first;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example2." {
+ type forward;
+ forward first;
+ forwarders { };
+};
+
+zone "example3." {
+ type forward;
+ forward only;
+ forwarders { };
+};
diff --git a/bin/tests/system/forward/ns3/root.db b/bin/tests/system/forward/ns3/root.db
new file mode 100644
index 0000000..7346810
--- /dev/null
+++ b/bin/tests/system/forward/ns3/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns4/named.conf.in b/bin/tests/system/forward/ns4/named.conf.in
new file mode 100644
index 0000000..480530b
--- /dev/null
+++ b/bin/tests/system/forward/ns4/named.conf.in
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.4;
+ notify-source 10.53.0.4;
+ transfer-source 10.53.0.4;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
+
+zone "example1." {
+ type forward;
+ forward first;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example3." {
+ type forward;
+ forwarders { 10.53.0.2; };
+};
+
+zone "example5." {
+ type forward;
+ forward only;
+ forwarders { 10.53.0.2; };
+};
+
+zone "1.0.10.in-addr.arpa" {
+ type forward;
+ forward only;
+ forwarders { 10.53.0.2; };
+};
+
+zone "grafted" {
+ type forward;
+ forward only;
+ forwarders { 10.53.0.2; };
+};
diff --git a/bin/tests/system/forward/ns4/root.db b/bin/tests/system/forward/ns4/root.db
new file mode 100644
index 0000000..7346810
--- /dev/null
+++ b/bin/tests/system/forward/ns4/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/ns5/named.conf.in b/bin/tests/system/forward/ns5/named.conf.in
new file mode 100644
index 0000000..0e65985
--- /dev/null
+++ b/bin/tests/system/forward/ns5/named.conf.in
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ forward only;
+ forwarders { 10.53.0.4; };
+};
+
+zone "." {
+ type hint;
+ file "root.db";
+};
diff --git a/bin/tests/system/forward/ns5/root.db b/bin/tests/system/forward/ns5/root.db
new file mode 100644
index 0000000..7346810
--- /dev/null
+++ b/bin/tests/system/forward/ns5/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
diff --git a/bin/tests/system/forward/rfc1918-inherited.conf b/bin/tests/system/forward/rfc1918-inherited.conf
new file mode 100644
index 0000000..3c310d0
--- /dev/null
+++ b/bin/tests/system/forward/rfc1918-inherited.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone 10.in-addr.arpa {
+ type forward;
+ forwarders { 1.2.3.4; };
+};
diff --git a/bin/tests/system/forward/rfc1918-notinherited.conf b/bin/tests/system/forward/rfc1918-notinherited.conf
new file mode 100644
index 0000000..d3febc1
--- /dev/null
+++ b/bin/tests/system/forward/rfc1918-notinherited.conf
@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone 10.in-addr.arpa {
+ type forward;
+ forward first;
+ forwarders { 1.2.3.4; };
+};
diff --git a/bin/tests/system/forward/setup.sh b/bin/tests/system/forward/setup.sh
new file mode 100644
index 0000000..c63aeb1
--- /dev/null
+++ b/bin/tests/system/forward/setup.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$SHELL clean.sh
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+copy_setports ns4/named.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh
new file mode 100644
index 0000000..f23cde1
--- /dev/null
+++ b/bin/tests/system/forward/tests.sh
@@ -0,0 +1,135 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="-p ${PORT}"
+
+root=10.53.0.1
+hidden=10.53.0.2
+f1=10.53.0.3
+f2=10.53.0.4
+
+status=0
+
+echo_i "checking that a forward zone overrides global forwarders"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward first zone no forwarders recurses"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward only zone no forwarders fails"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that global forwarders work"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward zone works"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that forwarding doesn't spontaneously happen"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.root dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward zone with no specified policy works"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward only doesn't recurse"
+ret=0
+$DIG $DIGOPTS txt.example5. txt @$f2 > dig.out.f2 || ret=1
+grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking for negative caching of forwarder response"
+# prime the cache, shutdown the forwarder then check that we can
+# get the answer from the cache. restart forwarder.
+ret=0
+$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+$PERL ../stop.pl . ns4 || ret=1
+$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+$PERL ../start.pl --restart --noclean --port ${PORT} . ns4 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that forward only zone overrides empty zone"
+ret=0
+$DIG $DIGOPTS 1.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
+grep "status: NOERROR" dig.out.f2 > /dev/null || ret=1
+$DIG $DIGOPTS 2.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that DS lookups for grafting forward zones are isolated"
+ret=0
+$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q1
+$DIG $DIGOPTS grafted DS @10.53.0.4 > dig.out.q2
+$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q3
+$DIG $DIGOPTS grafted AAAA @10.53.0.4 > dig.out.q4
+grep "status: NOERROR" dig.out.q1 > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.q2 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q3 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q4 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that rfc1918 inherited 'forward first;' zones are warned about"
+ret=0
+$CHECKCONF rfc1918-inherited.conf | grep "forward first;" >/dev/null || ret=1
+$CHECKCONF rfc1918-notinherited.conf | grep "forward first;" >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that ULA inherited 'forward first;' zones are warned about"
+ret=0
+$CHECKCONF ula-inherited.conf | grep "forward first;" >/dev/null || ret=1
+$CHECKCONF ula-notinherited.conf | grep "forward first;" >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/bin/tests/system/forward/ula-inherited.conf b/bin/tests/system/forward/ula-inherited.conf
new file mode 100644
index 0000000..27fc8ed
--- /dev/null
+++ b/bin/tests/system/forward/ula-inherited.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone d.f.ip6.arpa {
+ type forward;
+ forwarders { 1.2.3.4; };
+};
diff --git a/bin/tests/system/forward/ula-notinherited.conf b/bin/tests/system/forward/ula-notinherited.conf
new file mode 100644
index 0000000..e235d20
--- /dev/null
+++ b/bin/tests/system/forward/ula-notinherited.conf
@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone d.f.ip6.arpa {
+ type forward;
+ forward first;
+ forwarders { 1.2.3.4; };
+};