1# Copyright (C) 2005, 2007, 2010-2015 Internet Systems Consortium, Inc. ("ISC") 2# 3# Permission to use, copy, modify, and/or distribute this software for any 4# purpose with or without fee is hereby granted, provided that the above 5# copyright notice and this permission notice appear in all copies. 6# 7# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 8# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 9# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 10# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 11# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 12# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 13# PERFORMANCE OF THIS SOFTWARE. 14 15# Id 16 17SYSTEMTESTTOP=.. 18. $SYSTEMTESTTOP/conf.sh 19 20status=0 21 22echo "I: checking that named-checkconf handles a known good config" 23ret=0 24$CHECKCONF good.conf > /dev/null 2>&1 || ret=1 25if [ $ret != 0 ]; then echo "I:failed"; fi 26status=`expr $status + $ret` 27 28echo "I: checking that named-checkconf prints a known good config" 29ret=0 30awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in 31[ -s good.conf.in ] || ret=1 32$CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 33cmp good.conf.in good.conf.out || ret=1 34if [ $ret != 0 ]; then echo "I:failed"; fi 35status=`expr $status + $ret` 36 37echo "I: checking that named-checkconf -x removes secrets" 38ret=0 39# ensure there is a secret and that it is not the check string. 40grep 'secret "' good.conf.in > /dev/null || ret=1 41grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1 42$CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 43grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 44if [ $ret != 0 ]; then echo "I:failed"; fi 45status=`expr $status + $ret` 46 47for bad in bad*.conf 48do 49 ret=0 50 echo "I: checking that named-checkconf detects error in $bad" 51 $CHECKCONF $bad > /dev/null 2>&1 52 if [ $? != 1 ]; then echo "I:failed"; ret=1; fi 53 status=`expr $status + $ret` 54done 55 56echo "I: checking that named-checkconf -z catches missing hint file" 57ret=0 58$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1 59grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1 60if [ $ret != 0 ]; then echo "I:failed"; fi 61status=`expr $status + $ret` 62 63echo "I: checking that named-checkconf catches range errors" 64ret=0 65$CHECKCONF range.conf > /dev/null 2>&1 && ret=1 66if [ $ret != 0 ]; then echo "I:failed"; fi 67status=`expr $status + $ret` 68 69echo "I: checking that named-checkconf warns of notify inconsistencies" 70ret=0 71warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l` 72[ $warnings -eq 3 ] || ret=1 73if [ $ret != 0 ]; then echo "I:failed"; fi 74status=`expr $status + $ret` 75 76echo "I: checking named-checkconf dnssec warnings" 77ret=0 78$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 79$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1 80$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1 81$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 82# this one should have no warnings 83$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1 84if [ $ret != 0 ]; then echo "I:failed"; fi 85status=`expr $status + $ret` 86 87echo "I: range checking fields that do not allow zero" 88ret=0 89for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do 90 cat > badzero.conf << EOF 91options { 92 $field 0; 93}; 94EOF 95 $CHECKCONF badzero.conf > /dev/null 2>&1 96 [ $? -eq 1 ] || { echo "I: options $field failed" ; ret=1; } 97 cat > badzero.conf << EOF 98view dummy { 99 $field 0; 100}; 101EOF 102 $CHECKCONF badzero.conf > /dev/null 2>&1 103 [ $? -eq 1 ] || { echo "I: view $field failed" ; ret=1; } 104 cat > badzero.conf << EOF 105options { 106 $field 0; 107}; 108view dummy { 109}; 110EOF 111 $CHECKCONF badzero.conf > /dev/null 2>&1 112 [ $? -eq 1 ] || { echo "I: options + view $field failed" ; ret=1; } 113 cat > badzero.conf << EOF 114zone dummy { 115 type slave; 116 masters { 0.0.0.0; }; 117 $field 0; 118}; 119EOF 120 $CHECKCONF badzero.conf > /dev/null 2>&1 121 [ $? -eq 1 ] || { echo "I: zone $field failed" ; ret=1; } 122done 123if [ $ret != 0 ]; then echo "I:failed"; fi 124status=`expr $status + $ret` 125 126echo "I: checking options allowed in inline-signing slaves" 127ret=0 128n=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l` 129[ $n -eq 1 ] || ret=1 130n=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l` 131[ $n -eq 1 ] || ret=1 132n=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l` 133[ $n -eq 1 ] || ret=1 134if [ $ret != 0 ]; then echo "I:failed"; fi 135status=`expr $status + $ret` 136 137echo "I: check file + inline-signing for slave zones" 138n=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l` 139[ $n -eq 0 ] || ret=1 140n=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l` 141[ $n -eq 0 ] || ret=1 142n=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l` 143[ $n -eq 1 ] || ret=1 144if [ $ret != 0 ]; then echo "I:failed"; fi 145status=`expr $status + $ret` 146 147echo "I: checking named-checkconf DLZ warnings" 148ret=0 149$CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1 150if [ $ret != 0 ]; then echo "I:failed"; fi 151status=`expr $status + $ret` 152 153echo "I: checking for missing key directory warning" 154ret=0 155rm -rf test.keydir 156n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l` 157[ $n -eq 1 ] || ret=1 158touch test.keydir 159n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l` 160[ $n -eq 1 ] || ret=1 161rm -f test.keydir 162mkdir test.keydir 163n=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l` 164[ $n -eq 0 ] || ret=1 165rm -rf test.keydir 166if [ $ret != 0 ]; then echo "I:failed"; fi 167 168echo "I: checking that named-checkconf -z catches conflicting ttl with max-ttl" 169ret=0 170$CHECKCONF -z max-ttl.conf > check.out 2>&1 171grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 172grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 173grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 174if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 175status=`expr $status + $ret` 176 177echo "I: checking that named-checkconf -z catches invalid max-ttl" 178ret=0 179$CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1 180if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 181status=`expr $status + $ret` 182 183echo "I: checking that named-checkconf -z skips zone check with alternate databases" 184ret=0 185$CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1 186if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 187status=`expr $status + $ret` 188 189echo "I: checking that named-checkconf -z skips zone check with DLZ" 190ret=0 191$CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1 192if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 193status=`expr $status + $ret` 194 195echo "I: check that check-names fails as configured" 196ret=0 197$CHECKCONF -z check-names-fail.conf > checkconf.out1 2>&1 && ret=1 198grep "near '_underscore': bad name (check-names)" checkconf.out1 > /dev/null || ret=1 199grep "zone check-names/IN: loaded serial" < checkconf.out1 > /dev/null && ret=1 200if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 201status=`expr $status + $ret` 202 203echo "I: check that check-mx fails as configured" 204ret=0 205$CHECKCONF -z check-mx-fail.conf > checkconf.out2 2>&1 && ret=1 206grep "near '10.0.0.1': MX is an address" checkconf.out2 > /dev/null || ret=1 207grep "zone check-mx/IN: loaded serial" < checkconf.out2 > /dev/null && ret=1 208if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 209status=`expr $status + $ret` 210 211echo "I: check that check-dup-records fails as configured" 212ret=0 213$CHECKCONF -z check-dup-records-fail.conf > checkconf.out3 2>&1 && ret=1 214grep "has semantically identical records" checkconf.out3 > /dev/null || ret=1 215grep "zone check-dup-records/IN: loaded serial" < checkconf.out3 > /dev/null && ret=1 216if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 217status=`expr $status + $ret` 218 219echo "I: check that check-mx fails as configured" 220ret=0 221$CHECKCONF -z check-mx-fail.conf > checkconf.out4 2>&1 && ret=1 222grep "failed: MX is an address" checkconf.out4 > /dev/null || ret=1 223grep "zone check-mx/IN: loaded serial" < checkconf.out4 > /dev/null && ret=1 224if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 225status=`expr $status + $ret` 226 227echo "I: check that check-mx-cname fails as configured" 228ret=0 229$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out5 2>&1 && ret=1 230grep "MX.* is a CNAME (illegal)" checkconf.out5 > /dev/null || ret=1 231grep "zone check-mx-cname/IN: loaded serial" < checkconf.out5 > /dev/null && ret=1 232if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 233status=`expr $status + $ret` 234 235echo "I: check that check-srv-cname fails as configured" 236ret=0 237$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out6 2>&1 && ret=1 238grep "SRV.* is a CNAME (illegal)" checkconf.out6 > /dev/null || ret=1 239grep "zone check-mx-cname/IN: loaded serial" < checkconf.out6 > /dev/null && ret=1 240if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 241status=`expr $status + $ret` 242 243echo "I:exit status: $status" 244exit $status 245