1#!/bin/sh 2# 3# Copyright (C) 2010-2014 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# tests for TSIG-GSS updates 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23 24DIGOPTS="@10.53.0.1 -p 5300" 25 26test_update() { 27 host="$1" 28 type="$2" 29 cmd="$3" 30 digout="$4" 31 should_fail="$5" 32 33 cat <<EOF > ns1/update.txt 34server 10.53.0.1 5300 35update add $host $cmd 36send 37EOF 38 39 echo "I:testing update for $host $type $cmd $comment" 40 $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || { 41 [ "$should_fail" ] || \ 42 echo "I:update failed for $host $type $cmd" 43 return 1 44 } 45 46 out=`$DIG $DIGOPTS -t $type -q $host | egrep "^$host"` 47 lines=`echo "$out" | grep "$digout" | wc -l` 48 [ $lines -eq 1 ] || { 49 [ "$should_fail" ] || \ 50 echo "I:dig output incorrect for $host $type $cmd: $out" 51 return 1 52 } 53 return 0 54} 55 56ret=0 57 58test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 59status=`expr $status + $ret` 60 61test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1 62status=`expr $status + $ret` 63 64test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 65status=`expr $status + $ret` 66 67test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 68status=`expr $status + $ret` 69 70echo "I:testing passing client info into DLZ driver" 71ret=0 72out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'` 73addr=`eval echo "$out" | cut -f1 -d'#'` 74[ "$addr" = "10.53.0.1" ] || ret=1 75[ "$ret" -eq 0 ] || echo "I:failed" 76status=`expr $status + $ret` 77 78ret=0 79echo "I:testing DLZ driver is cleaned up on reload" 80$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' 81for i in 0 1 2 3 4 5 6 7 8 9; do 82 ret=0 83 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 84 [ "$ret" -eq 0 ] && break 85 sleep 1 86done 87[ "$ret" -eq 0 ] || echo "I:failed" 88status=`expr $status + $ret` 89 90ret=0 91echo "I:testing multiple DLZ drivers" 92test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 93status=`expr $status + $ret` 94 95ret=0 96echo "I:testing AXFR from DLZ drivers" 97$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.1 98n=`cat dig.out.ns1.1 | wc -l` 99[ "$n" -eq 4 ] || ret=1 100$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.2 101n=`cat dig.out.ns1.2 | wc -l` 102[ "$n" -eq 5 ] || ret=1 103[ "$ret" -eq 0 ] || echo "I:failed" 104status=`expr $status + $ret` 105 106ret=0 107echo "I:testing unsearched/unregistered DLZ zone is not found" 108$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.3 109grep "3600.IN.NS.other.nil." dig.out.ns1.3 > /dev/null && ret=1 110[ "$ret" -eq 0 ] || echo "I:failed" 111status=`expr $status + $ret` 112 113ret=0 114echo "I:testing unsearched/registered DLZ zone is found" 115$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.4 116grep "3600.IN.NS.zone.nil." dig.out.ns1.4 > /dev/null || ret=1 117[ "$ret" -eq 0 ] || echo "I:failed" 118status=`expr $status + $ret` 119 120ret=0 121echo "I:testing unsearched/registered DLZ zone is found" 122$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.5 123grep "3600.IN.NS.zone.nil." dig.out.ns1.5 > /dev/null || ret=1 124[ "$ret" -eq 0 ] || echo "I:failed" 125status=`expr $status + $ret` 126 127ret=0 128echo "I:testing correct behavior with findzone returning ISC_R_NOMORE" 129$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1 130# we should only find one logged lookup per searched DLZ database 131lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l` 132[ $lines -eq 1 ] || ret=1 133lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l` 134[ $lines -eq 1 ] || ret=1 135[ "$ret" -eq 0 ] || echo "I:failed" 136status=`expr $status + $ret` 137 138ret=0 139echo "I:testing findzone can return different results per client" 140$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1 141# we should only find one logged lookup per searched DLZ database 142lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 143[ $lines -eq 1 ] || ret=1 144lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 145[ $lines -eq 1 ] || ret=1 146$DIG $DIGOPTS -b 10.53.0.2 +noall a test.example.net > /dev/null 2>&1 || ret=1 147# we should find several logged lookups this time 148lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 149[ $lines -gt 2 ] || ret=1 150lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 151[ $lines -gt 2 ] || ret=1 152[ "$ret" -eq 0 ] || echo "I:failed" 153status=`expr $status + $ret` 154 155ret=0 156echo "I:testing zone returning oversized data" 157$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.6 2>&1 || ret=1 158grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1 159[ "$ret" -eq 0 ] || echo "I:failed" 160status=`expr $status + $ret` 161 162ret=0 163echo "I:testing zone returning oversized data at zone origin" 164$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1 165grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1 166[ "$ret" -eq 0 ] || echo "I:failed" 167status=`expr $status + $ret` 168 169exit $status 170