1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14SYSTEMTESTTOP=..
15. $SYSTEMTESTTOP/conf.sh
16
17status=0
18n=0
19
20rm -f dig.out.*
21
22DIGOPTS="+tcp +short -p ${PORT} @10.53.0.2"
23DIGOPTS6="+tcp +short -p ${PORT} @fd92:7065:b8e:ffff::2 -6"
24RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
25
26for conf in conf/good*.conf
27do
28	n=`expr $n + 1`
29	echo_i "checking that $conf is accepted ($n)"
30	ret=0
31	$CHECKCONF "$conf" || ret=1
32	if [ $ret != 0 ]; then echo_i "failed"; fi
33	status=`expr $status + $ret`
34done
35
36for conf in conf/bad*.conf
37do
38	n=`expr $n + 1`
39	echo_i "checking that $conf is rejected ($n)"
40	ret=0
41	$CHECKCONF "$conf" >/dev/null && ret=1
42	if [ $ret != 0 ]; then echo_i "failed"; fi
43	status=`expr $status + $ret`
44done
45
46n=`expr $n + 1`
47echo_i "checking Country database by code using IPv4 ($n)"
48ret=0
49lret=0
50for i in 1 2 3 4 5 6 7; do
51    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
52    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
53    [ "$i" = "$j" ] || lret=1
54    [ $lret -eq 1 ] && break
55done
56[ $lret -eq 1 ] && ret=1
57[ $ret -eq 0 ] || echo_i "failed"
58status=`expr $status + $ret`
59
60if testsock6 fd92:7065:b8e:ffff::3
61then
62  n=`expr $n + 1`
63  echo_i "checking Country database by code using IPv6 ($n)"
64  ret=0
65  lret=0
66  for i in 1 2 3 4 5 6 7; do
67    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
68    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
69    [ "$i" = "$j" ] || lret=1
70    [ $lret -eq 1 ] && break
71  done
72  [ $lret -eq 1 ] && ret=1
73  [ $ret -eq 0 ] || echo_i "failed"
74  status=`expr $status + $ret`
75else
76  echo_i "IPv6 unavailable; skipping IPv6 country code test"
77fi
78
79echo_i "reloading server"
80copy_setports ns2/named2.conf.in ns2/named.conf
81$CHECKCONF ns2/named.conf | cat_i
82rndc_reload ns2 10.53.0.2
83sleep 3
84
85n=`expr $n + 1`
86echo_i "checking Country database with nested ACLs using IPv4 ($n)"
87ret=0
88lret=0
89for i in 1 2 3 4 5 6 7; do
90    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
91    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
92    [ "$i" = "$j" ] || lret=1
93    [ $lret -eq 1 ] && break
94done
95[ $lret -eq 1 ] && ret=1
96[ $ret -eq 0 ] || echo_i "failed"
97status=`expr $status + $ret`
98
99if testsock6 fd92:7065:b8e:ffff::3
100then
101  n=`expr $n + 1`
102  echo_i "checking Country database with nested ACLs using IPv6 ($n)"
103  ret=0
104  lret=0
105  for i in 1 2 3 4 5 6 7; do
106    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
107      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
108      [ "$i" = "$j" ] || lret=1
109      [ $lret -eq 1 ] && break
110  done
111  [ $lret -eq 1 ] && ret=1
112  [ $ret -eq 0 ] || echo_i "failed"
113  status=`expr $status + $ret`
114else
115  echo_i "IPv6 unavailable; skipping IPv6 country nested ACL test"
116fi
117
118echo_i "reloading server"
119copy_setports ns2/named3.conf.in ns2/named.conf
120$CHECKCONF ns2/named.conf | cat_i
121rndc_reload ns2 10.53.0.2
122sleep 3
123
124n=`expr $n + 1`
125echo_i "checking Country database by name using IPv4 ($n)"
126ret=0
127lret=0
128for i in 1 2 3 4 5 6 7; do
129    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
130    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
131    [ "$i" = "$j" ] || lret=1
132    [ $lret -eq 1 ] && break
133done
134[ $lret -eq 1 ] && ret=1
135[ $ret -eq 0 ] || echo_i "failed"
136status=`expr $status + $ret`
137
138if testsock6 fd92:7065:b8e:ffff::3
139then
140  n=`expr $n + 1`
141  echo_i "checking Country database by name using IPv6 ($n)"
142  ret=0
143  lret=0
144  for i in 1 2 3 4 5 6 7; do
145    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
146    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
147    [ "$i" = "$j" ] || lret=1
148    [ $lret -eq 1 ] && break
149  done
150  [ $lret -eq 1 ] && ret=1
151  [ $ret -eq 0 ] || echo_i "failed"
152  status=`expr $status + $ret`
153else
154  echo_i "IPv6 unavailable; skipping IPv6 country name test"
155fi
156
157echo_i "reloading server"
158copy_setports ns2/named4.conf.in ns2/named.conf
159$CHECKCONF ns2/named.conf | cat_i
160rndc_reload ns2 10.53.0.2
161sleep 3
162
163n=`expr $n + 1`
164echo_i "checking Country database by continent code using IPv4 ($n)"
165ret=0
166lret=0
167# deliberately skipping 4 and 6 as they have duplicate continents
168for i in 1 2 3 5 7; do
169    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
170    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
171    [ "$i" = "$j" ] || lret=1
172    [ $lret -eq 1 ] && break
173done
174[ $lret -eq 1 ] && ret=1
175[ $ret -eq 0 ] || echo_i "failed"
176status=`expr $status + $ret`
177
178if testsock6 fd92:7065:b8e:ffff::3
179then
180  n=`expr $n + 1`
181  echo_i "checking Country database by continent code using IPv6 ($n)"
182  ret=0
183  lret=0
184  # deliberately skipping 4 and 6 as they have duplicate continents
185  for i in 1 2 3 5 7; do
186    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
187    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
188    [ "$i" = "$j" ] || lret=1
189    [ $lret -eq 1 ] && break
190  done
191  [ $lret -eq 1 ] && ret=1
192  [ $ret -eq 0 ] || echo_i "failed"
193  status=`expr $status + $ret`
194else
195  echo_i "IPv6 unavailable; skipping IPv6 continent code test"
196fi
197
198echo_i "reloading server"
199copy_setports ns2/named5.conf.in ns2/named.conf
200$CHECKCONF ns2/named.conf | cat_i
201rndc_reload ns2 10.53.0.2
202sleep 3
203
204n=`expr $n + 1`
205echo_i "checking City database by region code using IPv4 ($n)"
206ret=0
207lret=0
208# skipping 2 on purpose here; it has the same region code as 1
209for i in 1 3 4 5 6 7; do
210    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
211    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
212    [ "$i" = "$j" ] || lret=1
213    [ $lret -eq 1 ] && break
214done
215[ $lret -eq 1 ] && ret=1
216[ $ret -eq 0 ] || echo_i "failed"
217status=`expr $status + $ret`
218
219if testsock6 fd92:7065:b8e:ffff::3
220then
221  n=`expr $n + 1`
222  echo_i "checking City database by region code using IPv6 ($n)"
223  ret=0
224  lret=0
225# skipping 2 on purpose here; it has the same region code as 1
226  for i in 1 3 4 5 6 7; do
227    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
228    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
229    [ "$i" = "$j" ] || lret=1
230    [ $lret -eq 1 ] && break
231  done
232  [ $lret -eq 1 ] && ret=1
233  [ $ret -eq 0 ] || echo_i "failed"
234  status=`expr $status + $ret`
235else
236  echo_i "IPv6 unavailable; skipping IPv6 region code test"
237fi
238
239n=`expr $n + 1`
240echo_i "reloading server"
241copy_setports ns2/named6.conf.in ns2/named.conf
242$CHECKCONF ns2/named.conf | cat_i
243rndc_reload ns2 10.53.0.2
244sleep 3
245
246n=`expr $n + 1`
247echo_i "checking City database by city name using IPv4 ($n)"
248ret=0
249lret=0
250for i in 1 2 3 4 5 6 7; do
251    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
252    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
253    [ "$i" = "$j" ] || lret=1
254    [ $lret -eq 1 ] && break
255done
256[ $lret -eq 1 ] && ret=1
257[ $ret -eq 0 ] || echo_i "failed"
258status=`expr $status + $ret`
259
260if testsock6 fd92:7065:b8e:ffff::3
261then
262  n=`expr $n + 1`
263  echo_i "checking City database by city name using IPv6 ($n)"
264  ret=0
265  lret=0
266  for i in 1 2 3 4 5 6 7; do
267    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
268    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
269    [ "$i" = "$j" ] || lret=1
270    [ $lret -eq 1 ] && break
271  done
272  [ $lret -eq 1 ] && ret=1
273  [ $ret -eq 0 ] || echo_i "failed"
274  status=`expr $status + $ret`
275else
276  echo_i "IPv6 unavailable; skipping IPv6 city test"
277fi
278
279echo_i "reloading server"
280copy_setports ns2/named7.conf.in ns2/named.conf
281$CHECKCONF ns2/named.conf | cat_i
282rndc_reload ns2 10.53.0.2
283sleep 3
284
285n=`expr $n + 1`
286echo_i "checking ISP database using IPv4 ($n)"
287ret=0
288lret=0
289for i in 1 2 3 4 5 6 7; do
290    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
291    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
292    [ "$i" = "$j" ] || lret=1
293    [ $lret -eq 1 ] && break
294done
295[ $lret -eq 1 ] && ret=1
296[ $ret -eq 0 ] || echo_i "failed"
297status=`expr $status + $ret`
298
299if testsock6 fd92:7065:b8e:ffff::3
300then
301  n=`expr $n + 1`
302  echo_i "checking ISP database using IPv6 ($n)"
303  ret=0
304  lret=0
305  for i in 1 2 3 4 5 6 7; do
306    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
307      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
308      [ "$i" = "$j" ] || lret=1
309      [ $lret -eq 1 ] && break
310  done
311  [ $lret -eq 1 ] && ret=1
312  [ $ret -eq 0 ] || echo_i "failed"
313  status=`expr $status + $ret`
314else
315  echo_i "IPv6 unavailable; skipping IPv6 ISP test"
316fi
317
318echo_i "reloading server"
319copy_setports ns2/named8.conf.in ns2/named.conf
320$CHECKCONF ns2/named.conf | cat_i
321rndc_reload ns2 10.53.0.2
322sleep 3
323
324n=`expr $n + 1`
325echo_i "checking ASN database by org name using IPv4 ($n)"
326ret=0
327lret=0
328for i in 1 2 3 4 5 6 7; do
329    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
330    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
331    [ "$i" = "$j" ] || lret=1
332    [ $lret -eq 1 ] && break
333done
334[ $lret -eq 1 ] && ret=1
335[ $ret -eq 0 ] || echo_i "failed"
336status=`expr $status + $ret`
337
338if testsock6 fd92:7065:b8e:ffff::3
339then
340  n=`expr $n + 1`
341  echo_i "checking ASN database by org name using IPv6 ($n)"
342  ret=0
343  lret=0
344  for i in 1 2 3 4 5 6 7; do
345    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
346      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
347      [ "$i" = "$j" ] || lret=1
348      [ $lret -eq 1 ] && break
349  done
350  [ $lret -eq 1 ] && ret=1
351  [ $ret -eq 0 ] || echo_i "failed"
352  status=`expr $status + $ret`
353else
354  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
355fi
356
357echo_i "reloading server"
358copy_setports ns2/named9.conf.in ns2/named.conf
359$CHECKCONF ns2/named.conf | cat_i
360rndc_reload ns2 10.53.0.2
361sleep 3
362
363n=`expr $n + 1`
364echo_i "checking GeoIP6 ASN database, ASNNNN only, using IPv4 ($n)"
365ret=0
366lret=0
367for i in 1 2 3 4 5 6 7; do
368    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
369    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
370    [ "$i" = "$j" ] || lret=1
371    [ $lret -eq 1 ] && break
372done
373[ $lret -eq 1 ] && ret=1
374[ $ret -eq 0 ] || echo_i "failed"
375status=`expr $status + $ret`
376
377if testsock6 fd92:7065:b8e:ffff::3
378then
379  n=`expr $n + 1`
380  echo_i "checking ASN database, ASNNNN only, using IPv6 ($n)"
381  ret=0
382  lret=0
383  for i in 1 2 3 4 5 6 7; do
384    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
385      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
386      [ "$i" = "$j" ] || lret=1
387      [ $lret -eq 1 ] && break
388  done
389  [ $lret -eq 1 ] && ret=1
390  [ $ret -eq 0 ] || echo_i "failed"
391  status=`expr $status + $ret`
392else
393  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
394fi
395
396echo_i "reloading server"
397copy_setports ns2/named10.conf.in ns2/named.conf
398$CHECKCONF ns2/named.conf | cat_i
399rndc_reload ns2 10.53.0.2
400sleep 3
401
402n=`expr $n + 1`
403echo_i "checking GeoIP6 ASN database, NNNN only, using IPv4 ($n)"
404ret=0
405lret=0
406for i in 1 2 3 4 5 6 7; do
407    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
408    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
409    [ "$i" = "$j" ] || lret=1
410    [ $lret -eq 1 ] && break
411done
412[ $lret -eq 1 ] && ret=1
413[ $ret -eq 0 ] || echo_i "failed"
414status=`expr $status + $ret`
415
416if testsock6 fd92:7065:b8e:ffff::3
417then
418  n=`expr $n + 1`
419  echo_i "checking ASN database, NNNN only, using IPv6 ($n)"
420  ret=0
421  lret=0
422  for i in 1 2 3 4 5 6 7; do
423    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
424      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
425      [ "$i" = "$j" ] || lret=1
426      [ $lret -eq 1 ] && break
427  done
428  [ $lret -eq 1 ] && ret=1
429  [ $ret -eq 0 ] || echo_i "failed"
430  status=`expr $status + $ret`
431else
432  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
433fi
434
435echo_i "reloading server"
436copy_setports ns2/named11.conf.in ns2/named.conf
437$CHECKCONF ns2/named.conf | cat_i
438rndc_reload ns2 10.53.0.2
439sleep 3
440
441n=`expr $n + 1`
442echo_i "checking Domain database using IPv4 ($n)"
443ret=0
444lret=0
445for i in 1 2 3 4 5 6 7; do
446    $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1
447    j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
448    [ "$i" = "$j" ] || lret=1
449    [ $lret -eq 1 ] && break
450done
451[ $lret -eq 1 ] && ret=1
452[ $ret -eq 0 ] || echo_i "failed"
453status=`expr $status + $ret`
454
455if testsock6 fd92:7065:b8e:ffff::3
456then
457  n=`expr $n + 1`
458  echo_i "checking Domain database using IPv6 ($n)"
459  ret=0
460  lret=0
461  for i in 1 2 3 4 5 6 7; do
462    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1
463      j=`cat dig.out.ns2.test$n.$i | tr -d '"'`
464      [ "$i" = "$j" ] || lret=1
465      [ $lret -eq 1 ] && break
466  done
467  [ $lret -eq 1 ] && ret=1
468  [ $ret -eq 0 ] || echo_i "failed"
469  status=`expr $status + $ret`
470else
471  echo_i "IPv6 unavailable; skipping IPv6 Domain test"
472fi
473
474echo_i "reloading server"
475copy_setports ns2/named12.conf.in ns2/named.conf
476$CHECKCONF ns2/named.conf | cat_i
477rndc_reload ns2 10.53.0.2
478sleep 3
479
480n=`expr $n + 1`
481echo_i "checking geoip blackhole ACL ($n)"
482ret=0
483$DIG $DIGOPTS txt example -b 10.53.0.7 > dig.out.ns2.test$n || ret=1
484$RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1
485[ $ret -eq 0 ] || echo_i "failed"
486status=`expr $status + $ret`
487
488echo_i "exit status: $status"
489[ $status -eq 0 ] || exit 1
490