1#!/bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12. ../conf.sh 13 14status=0 15n=0 16 17DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie" 18RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" 19 20newtest() { 21 n=`expr $n + 1` 22 echo_i "${1} (${n})" 23 ret=0 24} 25 26test_update() { 27 host="$1" 28 type="$2" 29 cmd="$3" 30 digout="$4" 31 should_fail="$5" 32 33 cat <<EOF > ns1/update.txt 34server 10.53.0.1 ${PORT} 35update add $host $cmd 36send 37EOF 38 39 newtest "testing update for $host $type $cmd${comment:+ }$comment" 40 $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || { 41 [ "$should_fail" ] || \ 42 echo_i "update failed for $host $type $cmd" 43 return 1 44 } 45 46 out=`$DIG $DIGOPTS -t $type -q $host | egrep "^$host"` 47 lines=`echo "$out" | grep "$digout" | wc -l` 48 [ $lines -eq 1 ] || { 49 [ "$should_fail" ] || \ 50 echo_i "dig output incorrect for $host $type $cmd: $out" 51 return 1 52 } 53 return 0 54} 55 56test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 57status=`expr $status + $ret` 58 59test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1 60status=`expr $status + $ret` 61 62test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 63status=`expr $status + $ret` 64 65test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 66status=`expr $status + $ret` 67 68newtest "testing nxrrset" 69$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n 70grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 71grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1 72status=`expr $status + $ret` 73 74newtest "testing prerequisites are checked correctly" 75cat > ns1/update.txt << EOF 76server 10.53.0.1 ${PORT} 77prereq nxdomain testdc3.example.nil 78update add testdc3.example.nil 86500 in a 10.53.0.12 79send 80EOF 81$NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1 82out=`$DIG $DIGOPTS +short a testdc3.example.nil` 83[ "$out" = "10.53.0.12" ] && ret=1 84[ "$ret" -eq 0 ] || echo_i "failed" 85status=`expr $status + $ret` 86 87newtest "testing passing client info into DLZ driver" 88out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'` 89addr=`eval echo "$out" | cut -f1 -d'#'` 90[ "$addr" = "10.53.0.1" ] || ret=1 91[ "$ret" -eq 0 ] || echo_i "failed" 92status=`expr $status + $ret` 93 94newtest "testing DLZ driver is cleaned up on reload" 95rndc_reload ns1 10.53.0.1 96for i in 0 1 2 3 4 5 6 7 8 9; do 97 ret=0 98 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 99 [ "$ret" -eq 0 ] && break 100 sleep 1 101done 102[ "$ret" -eq 0 ] || echo_i "failed" 103status=`expr $status + $ret` 104 105newtest "testing multiple DLZ drivers" 106test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 107status=`expr $status + $ret` 108 109newtest "testing AXFR from DLZ drivers" 110$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n 111lines=`cat dig.out.example.ns1.test$n | wc -l` 112[ ${lines:-0} -eq 4 ] || ret=1 113$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n 114lines=`cat dig.out.alternate.ns1.test$n | wc -l` 115[ ${lines:-0} -eq 5 ] || ret=1 116[ "$ret" -eq 0 ] || echo_i "failed" 117status=`expr $status + $ret` 118 119newtest "testing AXFR denied from DLZ drivers" 120$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n 121grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1 122$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n 123grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1 124[ "$ret" -eq 0 ] || echo_i "failed" 125status=`expr $status + $ret` 126 127newtest "testing AXFR denied based on view ACL" 128# 10.53.0.1 should be disallowed 129$DIG $DIGOPTS -b 10.53.0.1 +noall +answer axfr example.org > dig.out.example.ns1.test$n.1 130grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1 131# 10.53.0.2 should be allowed 132$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2 133grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1 134[ "$ret" -eq 0 ] || echo_i "failed" 135status=`expr $status + $ret` 136 137newtest "testing unsearched/unregistered DLZ zone is not found" 138$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n 139grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1 140[ "$ret" -eq 0 ] || echo_i "failed" 141status=`expr $status + $ret` 142 143newtest "testing unsearched/registered DLZ zone is found" 144$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n 145grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 146[ "$ret" -eq 0 ] || echo_i "failed" 147status=`expr $status + $ret` 148 149newtest "testing unsearched/registered DLZ zone is found" 150$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n 151grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 152[ "$ret" -eq 0 ] || echo_i "failed" 153status=`expr $status + $ret` 154 155newtest "testing correct behavior with findzone returning ISC_R_NOMORE" 156$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1 157# we should only find one logged lookup per searched DLZ database 158lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l` 159[ $lines -eq 1 ] || ret=1 160lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l` 161[ $lines -eq 1 ] || ret=1 162[ "$ret" -eq 0 ] || echo_i "failed" 163status=`expr $status + $ret` 164 165newtest "testing findzone can return different results per client" 166$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1 167# we should only find one logged lookup per searched DLZ database 168lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 169[ $lines -eq 1 ] || ret=1 170lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 171[ $lines -eq 1 ] || ret=1 172$DIG $DIGOPTS -b 10.53.0.2 +noall a test.example.net > /dev/null 2>&1 || ret=1 173# we should find several logged lookups this time 174lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 175[ $lines -gt 2 ] || ret=1 176lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 177[ $lines -gt 2 ] || ret=1 178[ "$ret" -eq 0 ] || echo_i "failed" 179status=`expr $status + $ret` 180 181newtest "testing zone returning oversized data" 182$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1 183grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 184[ "$ret" -eq 0 ] || echo_i "failed" 185status=`expr $status + $ret` 186 187newtest "testing zone returning oversized data at zone origin" 188$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1 189grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 190[ "$ret" -eq 0 ] || echo_i "failed" 191status=`expr $status + $ret` 192 193newtest "checking redirected lookup for nonexistent name" 194$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1 195grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 196grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 197grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 198if [ $ret != 0 ]; then echo_i "failed"; fi 199status=`expr $status + $ret` 200 201newtest "checking no redirected lookup for nonexistent type" 202$DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1 203grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 204grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 205if [ $ret != 0 ]; then echo_i "failed"; fi 206status=`expr $status + $ret` 207 208newtest "checking redirected lookup for a long nonexistent name" 209$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1 210grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 211grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1 212grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 213lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l` 214[ "$lookups" -eq 1 ] || ret=1 215if [ $ret != 0 ]; then echo_i "failed"; fi 216status=`expr $status + $ret` 217 218echo_i "exit status: $status" 219[ $status -eq 0 ] || exit 1 220