summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/forward/ns1
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/tests/system/forward/ns1/diditwork.net.db22
-rw-r--r--bin/tests/system/forward/ns1/example.db23
-rw-r--r--bin/tests/system/forward/ns1/named.conf.in87
-rw-r--r--bin/tests/system/forward/ns1/net.example.lll15
-rw-r--r--bin/tests/system/forward/ns1/root.db.in36
-rw-r--r--bin/tests/system/forward/ns1/sign.sh34
-rw-r--r--bin/tests/system/forward/ns1/sld.tld.db22
-rw-r--r--bin/tests/system/forward/ns1/spoofed.net.db22
-rw-r--r--bin/tests/system/forward/ns1/sub.local.net.db22
-rw-r--r--bin/tests/system/forward/ns10/fakenet.zone17
-rw-r--r--bin/tests/system/forward/ns10/fakenet2.zone15
-rw-r--r--bin/tests/system/forward/ns10/fakesublocalnet.zone15
-rw-r--r--bin/tests/system/forward/ns10/fakesublocaltld.zone15
-rw-r--r--bin/tests/system/forward/ns10/named.conf.in53
-rw-r--r--bin/tests/system/forward/ns10/net.example.lll15
-rw-r--r--bin/tests/system/forward/ns10/spoofednet.zone16
16 files changed, 429 insertions, 0 deletions
diff --git a/bin/tests/system/forward/ns1/diditwork.net.db b/bin/tests/system/forward/ns1/diditwork.net.db
new file mode 100644
index 0000000..fd9a46e
--- /dev/null
+++ b/bin/tests/system/forward/ns1/diditwork.net.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ TXT "recursed"
+ns A 10.53.0.1
diff --git a/bin/tests/system/forward/ns1/example.db b/bin/tests/system/forward/ns1/example.db
new file mode 100644
index 0000000..aac1bef
--- /dev/null
+++ b/bin/tests/system/forward/ns1/example.db
@@ -0,0 +1,23 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+
+txt TXT "recursed"
diff --git a/bin/tests/system/forward/ns1/named.conf.in b/bin/tests/system/forward/ns1/named.conf.in
new file mode 100644
index 0000000..f871fd6
--- /dev/null
+++ b/bin/tests/system/forward/ns1/named.conf.in
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.1;
+ query-source-v6 address fd92:7065:b8e:ffff::1;
+ notify-source 10.53.0.1;
+ notify-source-v6 fd92:7065:b8e:ffff::1;
+ transfer-source 10.53.0.1;
+ transfer-source-v6 fd92:7065:b8e:ffff::1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { fd92:7065:b8e:ffff::1; };
+ recursion no;
+ dnssec-validation no;
+};
+
+zone "." {
+ type primary;
+ file "root.db.signed";
+};
+
+zone "example1." {
+ type primary;
+ file "example.db";
+};
+
+zone "example2." {
+ type primary;
+ file "example.db";
+};
+
+zone "example3." {
+ type primary;
+ file "example.db";
+};
+
+zone "example4." {
+ type primary;
+ file "example.db";
+};
+
+zone "example5." {
+ type primary;
+ file "example.db";
+};
+
+zone "sld.tld" {
+ type primary;
+ file "sld.tld.db";
+};
+
+/* A forward zone without forwarders. */
+zone "example6" {
+ type forward;
+};
+
+zone "diditwork.net" {
+ type primary;
+ file "diditwork.net.db";
+};
+
+zone "spoofed.net" {
+ type primary;
+ file "spoofed.net.db";
+};
+
+zone "sub.local.net" {
+ type primary;
+ file "sub.local.net.db";
+};
+
+zone "net.example.lll" {
+ type master;
+ file "net.example.lll";
+};
diff --git a/bin/tests/system/forward/ns1/net.example.lll b/bin/tests/system/forward/ns1/net.example.lll
new file mode 100644
index 0000000..ba0804f
--- /dev/null
+++ b/bin/tests/system/forward/ns1/net.example.lll
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+net.example.lll. SOA . . 0 0 0 0 0
+net.example.lll. NS attackSecureDomain.net.
+didItWork.net.example.lll. TXT "if you can see this record the attack worked"
diff --git a/bin/tests/system/forward/ns1/root.db.in b/bin/tests/system/forward/ns1/root.db.in
new file mode 100644
index 0000000..95ffac3
--- /dev/null
+++ b/bin/tests/system/forward/ns1/root.db.in
@@ -0,0 +1,36 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+. NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+
+example1 NS ns.example1
+ns.example1 A 10.53.0.1
+
+example2 NS ns.example2
+ns.example2 A 10.53.0.1
+
+example3 NS ns.example3
+ns.example3 A 10.53.0.1
+
+example7 NS ns.example7
+ns.example7 A 10.53.0.2
+
+tld NS ns.tld
+ns.tld A 10.53.0.2
diff --git a/bin/tests/system/forward/ns1/sign.sh b/bin/tests/system/forward/ns1/sign.sh
new file mode 100644
index 0000000..cba1918
--- /dev/null
+++ b/bin/tests/system/forward/ns1/sign.sh
@@ -0,0 +1,34 @@
+#!/bin/sh -e
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
+
+set -e
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+echo_i "ns1/sign.sh"
+
+ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+
+cat "$infile" "$ksk.key" "$zsk.key" > "$zonefile"
+
+"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
+
+# Configure the resolving server with a static key.
+keyfile_to_static_ds "$ksk" > trusted.conf
+cp trusted.conf ../ns3/trusted.conf
diff --git a/bin/tests/system/forward/ns1/sld.tld.db b/bin/tests/system/forward/ns1/sld.tld.db
new file mode 100644
index 0000000..f0d4b05
--- /dev/null
+++ b/bin/tests/system/forward/ns1/sld.tld.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+xxx TXT "foo"
diff --git a/bin/tests/system/forward/ns1/spoofed.net.db b/bin/tests/system/forward/ns1/spoofed.net.db
new file mode 100644
index 0000000..eedc46f
--- /dev/null
+++ b/bin/tests/system/forward/ns1/spoofed.net.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ns A 10.53.0.1
+sub TXT "recursed"
diff --git a/bin/tests/system/forward/ns1/sub.local.net.db b/bin/tests/system/forward/ns1/sub.local.net.db
new file mode 100644
index 0000000..fd9a46e
--- /dev/null
+++ b/bin/tests/system/forward/ns1/sub.local.net.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns root (
+ 2000082401 ; serial
+ 1800 ; refresh (30 minutes)
+ 1800 ; retry (30 minutes)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns
+ TXT "recursed"
+ns A 10.53.0.1
diff --git a/bin/tests/system/forward/ns10/fakenet.zone b/bin/tests/system/forward/ns10/fakenet.zone
new file mode 100644
index 0000000..b655a32
--- /dev/null
+++ b/bin/tests/system/forward/ns10/fakenet.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+net. SOA . . 0 0 0 0 0
+net. NS attackSecureDomain.net.
+attackSecureDomain.net. A 10.53.0.10
+didItWork.net. TXT "if you can see this record the attack worked"
+ns.spoofed.net. A 10.53.0.10
diff --git a/bin/tests/system/forward/ns10/fakenet2.zone b/bin/tests/system/forward/ns10/fakenet2.zone
new file mode 100644
index 0000000..cd1e6e9
--- /dev/null
+++ b/bin/tests/system/forward/ns10/fakenet2.zone
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+net2. SOA . . 0 0 0 0 0
+net2. NS attackSecureDomain.net.
+net2. DNAME net.example.lll.
diff --git a/bin/tests/system/forward/ns10/fakesublocalnet.zone b/bin/tests/system/forward/ns10/fakesublocalnet.zone
new file mode 100644
index 0000000..160b533
--- /dev/null
+++ b/bin/tests/system/forward/ns10/fakesublocalnet.zone
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+sub.local.net. SOA . . 0 0 0 0 0
+sub.local.net. NS ns.spoofed.net.
+sub.local.net. TXT "if you see this attacker overrode local delegation"
diff --git a/bin/tests/system/forward/ns10/fakesublocaltld.zone b/bin/tests/system/forward/ns10/fakesublocaltld.zone
new file mode 100644
index 0000000..f78cbc7
--- /dev/null
+++ b/bin/tests/system/forward/ns10/fakesublocaltld.zone
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+sub.local.tld. 3600 IN SOA . . 0 0 0 0 0
+sub.local.tld. 3600 IN NS ns.sub.local.tld.
+sub.local.tld. 3600 IN TXT bad
+ns.sub.local.tld. 3600 IN A 10.53.0.8
diff --git a/bin/tests/system/forward/ns10/named.conf.in b/bin/tests/system/forward/ns10/named.conf.in
new file mode 100644
index 0000000..1f318dd
--- /dev/null
+++ b/bin/tests/system/forward/ns10/named.conf.in
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.10;
+ notify-source 10.53.0.10;
+ transfer-source 10.53.0.10;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.10; };
+ listen-on-v6 { none; };
+ minimal-responses no;
+};
+
+zone "net." {
+ type master;
+ file "fakenet.zone";
+};
+
+zone "spoofed.net." {
+ type master;
+ file "spoofednet.zone";
+};
+
+zone "sub.local.net." {
+ type master;
+ file "fakesublocalnet.zone";
+};
+
+zone "net2" {
+ type master;
+ file "fakenet2.zone";
+};
+
+zone "net.example.lll" {
+ type master;
+ file "net.example.lll";
+};
+
+zone "sub.local.tld." {
+ type master;
+ file "fakesublocaltld.zone";
+};
diff --git a/bin/tests/system/forward/ns10/net.example.lll b/bin/tests/system/forward/ns10/net.example.lll
new file mode 100644
index 0000000..ba0804f
--- /dev/null
+++ b/bin/tests/system/forward/ns10/net.example.lll
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+net.example.lll. SOA . . 0 0 0 0 0
+net.example.lll. NS attackSecureDomain.net.
+didItWork.net.example.lll. TXT "if you can see this record the attack worked"
diff --git a/bin/tests/system/forward/ns10/spoofednet.zone b/bin/tests/system/forward/ns10/spoofednet.zone
new file mode 100644
index 0000000..fb70a43
--- /dev/null
+++ b/bin/tests/system/forward/ns10/spoofednet.zone
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 86400
+spoofed.net. SOA . . 0 0 0 0 0
+spoofed.net. NS ns.spoofed.net.
+ns.spoofed.net. A 10.53.0.10
+spoofed.net. TXT "this record is clearly spoofed"