1#!/bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12# shellcheck source=conf.sh 13. ../conf.sh 14 15set -e 16 17status=0 18n=0 19 20rm -f dig.out.* 21 22dig_with_opts() { 23 "$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@" 24} 25 26rndc_with_opts() { 27 "$RNDC" -c ../common/rndc.conf -p "$CONTROLPORT" -s "$@" 28} 29 30echo_i "checking DNSSEC SERVFAIL is cached ($n)" 31ret=0 32dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 33rndc_dumpdb ns5 -all 34awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db.test$n > sfcache.$n 35grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1 36n=$((n+1)) 37if [ $ret != 0 ]; then echo_i "failed"; fi 38status=$((status+ret)) 39 40echo_i "checking SERVFAIL is returned from cache ($n)" 41ret=0 42dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 43grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 44n=$((n+1)) 45if [ $ret != 0 ]; then echo_i "failed"; fi 46status=$((status+ret)) 47 48echo_i "checking that +cd bypasses cache check ($n)" 49ret=0 50dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 51grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1 52n=$((n+1)) 53if [ $ret != 0 ]; then echo_i "failed"; fi 54status=$((status+ret)) 55 56echo_i "switching to non-dnssec SERVFAIL tests" 57ret=0 58rndc_with_opts 10.53.0.5 flush 2>&1 | sed 's/^/I:ns5 /' 59rndc_dumpdb ns5 -all 60mv ns5/named_dump.db.test$n ns5/named_dump.db.test$n.1 61awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db.test$n.1 > sfcache.$n.1 62[ -s "sfcache.$n.1" ] && ret=1 63echo_i "checking SERVFAIL is cached ($n)" 64dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 65rndc_dumpdb ns5 -all 66mv ns5/named_dump.db.test$n ns5/named_dump.db.test$n.2 67awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db.test$n.2 > sfcache.$n.2 68grep "^; bar.example2/A" sfcache.$n.2 > /dev/null || ret=1 69n=$((n+1)) 70if [ $ret != 0 ]; then echo_i "failed"; fi 71status=$((status+ret)) 72 73echo_i "checking SERVFAIL is returned from cache ($n)" 74ret=0 75nextpart ns5/named.run > /dev/null 76dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 77grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 78nextpart ns5/named.run > ns5/named.run.part$n 79grep 'servfail cache hit bar.example2/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1 80n=$((n+1)) 81if [ $ret != 0 ]; then echo_i "failed"; fi 82status=$((status+ret)) 83 84echo_i "checking cache is bypassed with +cd query ($n)" 85ret=0 86dig_with_opts +cd bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 87grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 88nextpart ns5/named.run > ns5/named.run.part$n 89grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1 90n=$((n+1)) 91if [ $ret != 0 ]; then echo_i "failed"; fi 92status=$((status+ret)) 93 94echo_i "checking cache is used for subsequent +cd query ($n)" 95ret=0 96dig_with_opts +dnssec bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 97grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 98nextpart ns5/named.run > ns5/named.run.part$n 99grep 'servfail cache hit bar.example2/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1 100n=$((n+1)) 101if [ $ret != 0 ]; then echo_i "failed"; fi 102status=$((status+ret)) 103 104echo_i "exit status: $status" 105[ $status -eq 0 ] || exit 1 106