1#!/bin/sh
2#
3# Copyright (C) 2010-2013  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# Id: tests.sh,v 1.6 2011/06/17 23:47:49 tbox Exp
18
19SYSTEMTESTTOP=..
20. $SYSTEMTESTTOP/conf.sh
21
22DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p 5300"
23status=0
24n=0
25
26echo "I:checking normally loaded zone ($n)"
27ret=0
28$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
29grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
30grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
31n=`expr $n + 1`
32if [ $ret != 0 ]; then echo "I:failed"; fi
33status=`expr $status + $ret`
34
35echo "I:checking previously added zone ($n)"
36ret=0
37$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
38grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
39grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
40n=`expr $n + 1`
41if [ $ret != 0 ]; then echo "I:failed"; fi
42status=`expr $status + $ret`
43
44echo "I:adding new zone ($n)"
45ret=0
46$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
47$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
48grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
49grep '^a.added.example' dig.out.ns2.$n > /dev/null || ret=1
50n=`expr $n + 1`
51if [ $ret != 0 ]; then echo "I:failed"; fi
52status=`expr $status + $ret`
53
54echo "I:adding a zone that requires quotes ($n)"
55ret=0
56$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
57$DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n || ret=1
58grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
59grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null || ret=1
60n=`expr $n + 1`
61if [ $ret != 0 ]; then echo "I:failed"; fi
62status=`expr $status + $ret`
63
64echo "I:adding a zone with a quote in the name ($n)"
65ret=0
66$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
67$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n || ret=1
68grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
69grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null || ret=1
70n=`expr $n + 1`
71if [ $ret != 0 ]; then echo "I:failed"; fi
72status=`expr $status + $ret`
73
74echo "I:adding new zone with missing master file ($n)"
75ret=0
76$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
77grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
78$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n
79grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
80$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
81grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
82$PERL ../digcomp.pl dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
83n=`expr $n + 1`
84if [ $ret != 0 ]; then echo "I:failed"; fi
85status=`expr $status + $ret`
86
87echo "I:verifying no comments in nzf file ($n)"
88ret=0
89hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
90[ $hcount -eq 0 ] || ret=1
91n=`expr $n + 1`
92if [ $ret != 0 ]; then echo "I:failed"; fi
93status=`expr $status + $ret`
94
95echo "I:deleting previously added zone ($n)"
96ret=0
97$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
98$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n
99grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
100grep '^a.previous.example' dig.out.ns2.$n > /dev/null && ret=1
101n=`expr $n + 1`
102if [ $ret != 0 ]; then echo "I:failed"; fi
103status=`expr $status + $ret`
104
105echo "I:checking nzf file now has comment ($n)"
106ret=0
107hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
108[ $hcount -eq 1 ] || ret=1
109n=`expr $n + 1`
110if [ $ret != 0 ]; then echo "I:failed"; fi
111status=`expr $status + $ret`
112
113echo "I:deleting newly added zone ($n)"
114ret=0
115$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
116$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n
117grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
118grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
119n=`expr $n + 1`
120if [ $ret != 0 ]; then echo "I:failed"; fi
121status=`expr $status + $ret`
122
123echo "I:deleting newly added zone with escaped quote ($n)"
124ret=0
125$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /'
126$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n
127grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
128grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null && ret=1
129n=`expr $n + 1`
130if [ $ret != 0 ]; then echo "I:failed"; fi
131status=`expr $status + $ret`
132
133echo "I:attempt to delete a normally-loaded zone ($n)"
134ret=0
135$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2> rndc.out.ns2.$n
136grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
137$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n
138grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
139grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
140n=`expr $n + 1`
141if [ $ret != 0 ]; then echo "I:failed"; fi
142status=`expr $status + $ret`
143
144echo "I:attempting to add master zone with inline signing ($n)"
145$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inline.example { type master; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
146for i in 1 2 3 4 5
147do
148ret=0
149$DIG $DIGOPTS @10.53.0.2 a.inline.example a > dig.out.ns2.$n || ret=1
150grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
151grep '^a.inline.example' dig.out.ns2.$n > /dev/null || ret=1
152[ $ret = 0 ] && break
153sleep 1
154done
155n=`expr $n + 1`
156if [ $ret != 0 ]; then echo "I:failed"; fi
157status=`expr $status + $ret`
158
159echo "I:attempting to add master zone with inline signing and missing master ($n)"
160ret=0
161$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlinemissing.example { type master; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
162grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
163n=`expr $n + 1`
164if [ $ret != 0 ]; then echo "I:failed"; fi
165status=`expr $status + $ret`
166
167echo "I:attempting to add slave zone with inline signing ($n)"
168$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
169for i in 1 2 3 4 5
170do
171ret=0
172$DIG $DIGOPTS @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
173grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
174grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1
175[ $ret = 0 ] && break
176sleep 1
177done
178n=`expr $n + 1`
179if [ $ret != 0 ]; then echo "I:failed"; fi
180status=`expr $status + $ret`
181
182echo "I:attempting to delete slave zone with inline signing ($n)"
183ret=0
184for i in 0 1 2 3 4 5 6 7 8 9
185do
186	test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break
187	sleep 1
188done
189$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone inlineslave.example 2>&1 > rndc.out2.test$n
190test -f inlineslave.bk ||
191grep '^inlineslave.bk$' rndc.out2.test$n > /dev/null || {
192	echo "I:failed to report inlineslave.bk"; ret=1;
193}
194test ! -f inlineslave.bk.signed ||
195grep '^inlineslave.bk.signed$' rndc.out2.test$n > /dev/null || {
196	echo "I:failed to report inlineslave.bk.signed"; ret=1;
197}
198n=`expr $n + 1`
199status=`expr $status + $ret`
200
201echo "I:restoring slave zone with inline signing ($n)"
202$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
203for i in 1 2 3 4 5
204do
205ret=0
206$DIG $DIGOPTS @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
207grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
208grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1
209[ $ret = 0 ] && break
210sleep 1
211done
212n=`expr $n + 1`
213if [ $ret != 0 ]; then echo "I:failed"; fi
214status=`expr $status + $ret`
215
216echo "I:deleting slave zone with automatic zone file removal ($n)"
217ret=0
218for i in 0 1 2 3 4 5 6 7 8 9
219do
220	test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break
221	sleep 1
222done
223$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone -clean inlineslave.example 2>&1 > /dev/null
224for i in 0 1 2 3 4 5 6 7 8 9
225do
226        ret=0
227	test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && ret=1
228        [ $ret = 0 ] && break
229	sleep 1
230done
231n=`expr $n + 1`
232status=`expr $status + $ret`
233
234echo "I:reconfiguring server with multiple views"
235rm -f ns2/named.conf
236cp -f ns2/named2.conf ns2/named.conf
237$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /'
238sleep 5
239
240echo "I:adding new zone to external view ($n)"
241# NOTE: The internal view has "recursion yes" set, and so queries for
242# nonexistent zones should return NOERROR.  The external view is
243# "recursion no", so queries for nonexistent zones should return
244# REFUSED.  This behavior should be the same regardless of whether
245# the zone does not exist because a) it has not yet been loaded, b)
246# it failed to load, or c) it has been deleted.
247ret=0
248$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
249grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
250$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
251grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
252$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
253$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
254grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
255$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
256grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
257grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
258n=`expr $n + 1`
259if [ $ret != 0 ]; then echo "I:failed"; fi
260status=`expr $status + $ret`
261
262echo "I:checking new nzf file has comment ($n)"
263ret=0
264hcount=`grep "^# New zone file for view: external" ns2/3c4623849a49a539.nzf | wc -l`
265[ $hcount -eq 1 ] || ret=1
266n=`expr $n + 1`
267if [ $ret != 0 ]; then echo "I:failed"; fi
268status=`expr $status + $ret`
269
270
271echo "I:deleting newly added zone ($n)"
272ret=0
273$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
274$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
275grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
276grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
277n=`expr $n + 1`
278if [ $ret != 0 ]; then echo "I:failed"; fi
279status=`expr $status + $ret`
280
281echo "I:attempting to add zone to internal view ($n)"
282ret=0
283$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
284grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
285$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n
286grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
287$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
288grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
289$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
290grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
291n=`expr $n + 1`
292if [ $ret != 0 ]; then echo "I:failed"; fi
293status=`expr $status + $ret`
294
295echo "I:ensure the configuration context is cleaned up correctly ($n)"
296ret=0
297$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > /dev/null 2>&1 || ret=1
298sleep 5
299$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 status > /dev/null 2>&1 || ret=1
300n=`expr $n + 1`
301if [ $ret != 0 ]; then echo "I:failed"; fi
302status=`expr $status + $ret`
303
304echo "I:exit status: $status"
305exit $status
306