1#!/bin/sh 2# 3# Copyright (C) 2004, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") 4# Copyright (C) 2000, 2001 Internet Software Consortium. 5# 6# Permission to use, copy, modify, and/or distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16# PERFORMANCE OF THIS SOFTWARE. 17 18# Id: tests.sh,v 1.42 2011/12/16 23:01:17 each Exp 19 20SYSTEMTESTTOP=.. 21. $SYSTEMTESTTOP/conf.sh 22 23status=0 24n=0 25 26# wait for zone transfer to complete 27tries=0 28while true; do 29 if [ $tries -eq 10 ] 30 then 31 exit 1 32 fi 33 34 if grep "example.nil/IN.*Transfer completed" ns2/named.run > /dev/null 35 then 36 break 37 else 38 echo "I:zones are not fully loaded, waiting..." 39 tries=`expr $tries + 1` 40 sleep 1 41 fi 42done 43 44ret=0 45echo "I:fetching first copy of zone before update" 46$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 47 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 48[ $ret = 0 ] || { echo I:failed; status=1; } 49 50ret=0 51echo "I:fetching second copy of zone before update" 52$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 53 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 54[ $ret = 0 ] || { echo I:failed; status=1; } 55 56ret=0 57echo "I:comparing pre-update copies to known good data" 58$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || ret=1 59$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || ret=1 60[ $ret = 0 ] || { echo I:failed; status=1; } 61 62ret=0 63echo "I:updating zone" 64# nsupdate will print a ">" prompt to stdout as it gets each input line. 65$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 66server 10.53.0.1 5300 67update add updated.example.nil. 600 A 10.10.10.1 68add updated.example.nil. 600 TXT Foo 69delete t.example.nil. 70 71END 72[ $ret = 0 ] || { echo I:failed; status=1; } 73 74echo "I:sleeping 5 seconds for server to incorporate changes" 75sleep 5 76 77ret=0 78echo "I:fetching first copy of zone after update" 79$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 80 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 81[ $ret = 0 ] || { echo I:failed; status=1; } 82 83ret=0 84echo "I:fetching second copy of zone after update" 85$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 86 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 87[ $ret = 0 ] || { echo I:failed; status=1; } 88 89ret=0 90echo "I:comparing post-update copies to known good data" 91$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1 92$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || ret=1 93[ $ret = 0 ] || { echo I:failed; status=1; } 94 95ret=0 96echo "I:testing local update policy" 97pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1 98[ -z "$pre" ] || ret=1 99[ $ret = 0 ] || { echo I:failed; status=1; } 100 101ret=0 102echo "I:updating zone" 103# nsupdate will print a ">" prompt to stdout as it gets each input line. 104$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || ret=1 105zone other.nil. 106update add new.other.nil. 600 IN A 10.10.10.1 107send 108END 109[ $ret = 0 ] || { echo I:failed; status=1; } 110 111echo "I:sleeping 5 seconds for server to incorporate changes" 112sleep 5 113 114ret=0 115echo "I:checking result of update" 116post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1 117[ "$post" = "10.10.10.1" ] || ret=1 118[ $ret = 0 ] || { echo I:failed; status=1; } 119 120ret=0 121echo "I:comparing post-update copy to known good data" 122$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1 123[ $ret = 0 ] || { echo I:failed; status=1; } 124 125ret=0 126echo "I:testing zone consistency checks" 127# inserting an NS record without a corresponding A or AAAA record should fail 128$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1 129update add other.nil. 600 in ns ns3.other.nil. 130send 131END 132grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1 133# ...but should work if an A record is inserted first: 134$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 135update add ns4.other.nil 600 in a 10.53.0.1 136send 137update add other.nil. 600 in ns ns4.other.nil. 138send 139END 140grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 141# ...or if an AAAA record does: 142$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 143update add ns5.other.nil 600 in aaaa 2001:db8::1 144send 145update add other.nil. 600 in ns ns5.other.nil. 146send 147END 148grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 149# ...or if the NS and A/AAAA are inserted together: 150$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 151update add other.nil. 600 in ns ns6.other.nil. 152update add ns6.other.nil 600 in a 10.53.0.1 153send 154END 155grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 156[ $ret = 0 ] || { echo I:failed; status=1; } 157 158echo "I:sleeping 5 seconds for server to incorporate changes" 159sleep 5 160 161ret=0 162echo "I:checking result of update" 163$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || ret=1 164grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1 165grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 166grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 167grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 168[ $ret = 0 ] || { echo I:failed; status=1; } 169 170ret=0 171echo "I:check SIG(0) key is accepted" 172key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx` 173echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1 174[ $ret = 0 ] || { echo I:failed; status=1; } 175 176n=`expr $n + 1` 177ret=0 178echo "I:check TYPE=0 update is rejected by nsupdate ($n)" 179$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 180 server 10.53.0.1 5300 181 ttl 300 182 update add example.nil. in type0 "" 183 send 184END 185grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1 186[ $ret = 0 ] || { echo I:failed; status=1; } 187 188n=`expr $n + 1` 189ret=0 190echo "I:check TYPE=0 prerequisite is handled ($n)" 191$NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1 192 server 10.53.0.1 5300 193 prereq nxrrset example.nil. type0 194 send 195END 196$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 197grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 198[ $ret = 0 ] || { echo I:failed; status=1; } 199 200n=`expr $n + 1` 201ret=0 202echo "I:check that TYPE=0 update is handled ($n)" 203echo "a0e4280000010000000100000000060001c00c000000fe000000000000" | 204$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 205$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 206grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 207[ $ret = 0 ] || { echo I:failed; status=1; } 208 209n=`expr $n + 1` 210echo "I:check that TYPE=0 additional data is handled ($n)" 211echo "a0e4280000010000000000010000060001c00c000000fe000000000000" | 212$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 213$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 214grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 215[ $ret = 0 ] || { echo I:failed; status=1; } 216 217n=`expr $n + 1` 218echo "I:check that update to undefined class is handled ($n)" 219echo "a0e4280000010001000000000000060101c00c000000fe000000000000" | 220$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 221$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 222grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 223[ $ret = 0 ] || { echo I:failed; status=1; } 224 225n=`expr $n + 1` 226echo "I:check that address family mismatch is handled ($n)" 227$NSUPDATE <<END > /dev/null 2>&1 && ret=1 228server ::1 229local 127.0.0.1 230update add 600 txt.example.nil in txt "test" 231send 232END 233[ $ret = 0 ] || { echo I:failed; status=1; } 234 235 236n=`expr $n + 1` 237echo "I:check that unixtime serial number is correctly generated ($n)" 238oldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 239$NSUPDATE <<END > /dev/null 2>&1 || ret=1 240 server 10.53.0.1 5300 241 ttl 600 242 update add new.unixtime.nil in a 1.2.3.4 243 send 244END 245now=`$PERL -e 'print time()."\n";'` 246sleep 1 247serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 248[ "$oldserial" -ne "$serial" ] || ret=1 249# allow up to 2 seconds difference between the serial 250# number and the unix epoch date but no more 251$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1 252[ $ret = 0 ] || { echo I:failed; status=1; } 253 254if $PERL -e 'use Net::DNS;' 2>/dev/null 255then 256 echo "I:running update.pl test" 257 $PERL update_test.pl -s 10.53.0.1 -p 5300 update.nil. || status=1 258else 259 echo "I:The second part of this test requires the Net::DNS library." >&2 260fi 261 262ret=0 263echo "I:fetching first copy of test zone" 264$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 265 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 266[ $ret = 0 ] || { echo I:failed; status=1; } 267 268echo "I:fetching second copy of test zone" 269$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 270 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 271[ $ret = 0 ] || { echo I:failed; status=1; } 272 273ret=0 274echo "I:comparing zones" 275$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || ret=1 276[ $ret = 0 ] || { echo I:failed; status=1; } 277 278echo "I:SIGKILL and restart server ns1" 279cd ns1 280kill -KILL `cat named.pid` 281rm named.pid 282cd .. 283sleep 10 284if 285 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 286then 287 echo "I:restarted server ns1" 288else 289 echo "I:could not restart server ns1" 290 exit 1 291fi 292sleep 10 293 294ret=0 295echo "I:fetching ns1 after hard restart" 296$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 297 @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || ret=1 298[ $ret = 0 ] || { echo I:failed; status=1; } 299 300ret=0 301echo "I:comparing zones" 302$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || ret=1 303[ $ret = 0 ] || { echo I:failed; status=1; } 304 305echo "I:begin RT #482 regression test" 306 307ret=0 308echo "I:update master" 309$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 310server 10.53.0.1 5300 311update add updated2.example.nil. 600 A 10.10.10.2 312update add updated2.example.nil. 600 TXT Bar 313update delete c.example.nil. 314send 315END 316[ $ret = 0 ] || { echo I:failed; status=1; } 317 318sleep 5 319 320echo "I:SIGHUP slave" 321kill -HUP `cat ns2/named.pid` 322 323sleep 5 324 325ret=0 326echo "I:update master again" 327$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 328server 10.53.0.1 5300 329update add updated3.example.nil. 600 A 10.10.10.3 330update add updated3.example.nil. 600 TXT Zap 331del d.example.nil. 332send 333END 334[ $ret = 0 ] || { echo I:failed; status=1; } 335 336sleep 5 337 338echo "I:SIGHUP slave again" 339kill -HUP `cat ns2/named.pid` 340 341sleep 5 342 343echo "I:check to 'out of sync' message" 344if grep "out of sync" ns2/named.run 345then 346 echo "I: failed (found 'out of sync')" 347 status=1 348fi 349 350echo "I:end RT #482 regression test" 351 352n=`expr $n + 1` 353ret=0 354echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)" 355$NSUPDATE << EOF 356server 10.53.0.3 5300 357update add example 3600 nsec3param 1 0 0 - 358send 359EOF 360 361sleep 1 362 363# the zone is not signed. The nsec3param records should be removed. 364# this also proves that the server is still running. 365$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\ 366 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 367grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1 368grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 369[ $ret = 0 ] || { echo I:failed; status=1; } 370 371n=`expr $n + 1` 372ret=0 373echo "I:change the NSEC3PARAM ttl via update ($n)" 374$NSUPDATE << EOF 375server 10.53.0.3 5300 376update add nsec3param.test 3600 NSEC3PARAM 1 0 1 - 377send 378EOF 379 380sleep 1 381 382$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 383 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 384grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 385grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1 386grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 387[ $ret = 0 ] || { echo I:failed; status=1; } 388 389n=`expr $n + 1` 390ret=0 391echo "I:add a new the NSEC3PARAM via update ($n)" 392$NSUPDATE << EOF 393server 10.53.0.3 5300 394update add nsec3param.test 3600 NSEC3PARAM 1 0 4 - 395send 396EOF 397 398sleep 1 399 400$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 401 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 402grep "ANSWER: 2" dig.out.ns3.$n > /dev/null || ret=1 403grep "NSEC3PARAM 1 0 4 -" dig.out.ns3.$n > /dev/null || ret=1 404grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 405if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 406 407n=`expr $n + 1` 408ret=0 409echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)" 410$NSUPDATE << EOF 411server 10.53.0.3 5300 412update delete nsec3param.test NSEC3PARAM 413update add nsec3param.test 7200 NSEC3PARAM 1 0 5 - 414send 415EOF 416 417sleep 1 418 419$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 420 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 421grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 422grep "7200.*NSEC3PARAM 1 0 5 -" dig.out.ns3.$n > /dev/null || ret=1 423grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 424$JOURNALPRINT ns3/nsec3param.test.db.signed.jnl > jp.out.ns3.$n 425# intermediate TTL changes. 426grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 4 -" jp.out.ns3.$n > /dev/null || ret=1 427grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 1 -" jp.out.ns3.$n > /dev/null || ret=1 428# delayed adds and deletes. 429grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000180000500" jp.out.ns3.$n > /dev/null || ret=1 430grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000100" jp.out.ns3.$n > /dev/null || ret=1 431grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000400" jp.out.ns3.$n > /dev/null || ret=1 432if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 433 434 435 436echo "I:testing that rndc stop updates the master file" 437$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 438server 10.53.0.1 5300 439update add updated4.example.nil. 600 A 10.10.10.3 440send 441END 442$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1 443# Removing the journal file and restarting the server means 444# that the data served by the new server process are exactly 445# those dumped to the master file by "rndc stop". 446rm -f ns1/*jnl 447$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 448$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\ 449 @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1 450$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || ret=1 451[ $ret = 0 ] || { echo I:failed; status=1; } 452 453ret=0 454echo "I:check that 'nsupdate -l' with a missing keyfile reports the missing file" 455$NSUPDATE -l -p 5300 -k ns1/nonexistant.key 2> nsupdate.out < /dev/null 456grep ns1/nonexistant.key nsupdate.out > /dev/null || ret=1 457if test $ret -ne 0 458then 459echo "I:failed"; status=1 460fi 461 462n=`expr $n + 1` 463ret=0 464echo "I:check that changes to the DNSKEY RRset TTL do not have side effects ($n)" 465$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ 466 @10.53.0.3 -p 5300 dnskey | \ 467 sed -n 's/\(.*\)10.IN/update add \1600 IN/p' | 468 (echo server 10.53.0.3 5300; cat - ; echo send ) | 469$NSUPDATE 470 471$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ 472 @10.53.0.3 -p 5300 any > dig.out.ns3.$n 473 474grep "600.*DNSKEY" dig.out.ns3.$n > /dev/null || ret=1 475grep TYPE65534 dig.out.ns3.$n > /dev/null && ret=1 476if test $ret -ne 0 477then 478echo "I:failed"; status=1 479fi 480 481n=`expr $n + 1` 482ret=0 483echo "I:check notify with TSIG worked ($n)" 484# if the alternate view received a notify--meaning, the notify was 485# validly signed by "altkey"--then the zonefile update.alt.bk will 486# will have been created. 487[ -f ns2/update.alt.bk ] || ret=1 488if [ $ret -ne 0 ]; then 489 echo "I:failed" 490 status=1 491fi 492 493n=`expr $n + 1` 494ret=0 495echo "I:check type list options ($n)" 496$NSUPDATE -T > typelist.out.T.${n} || { ret=1; echo "I: nsupdate -T failed"; } 497$NSUPDATE -P > typelist.out.P.${n} || { ret=1; echo "I: nsupdate -P failed"; } 498$NSUPDATE -TP > typelist.out.TP.${n} || { ret=1; echo "I: nsupdate -TP failed"; } 499grep ANY typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-T)"; } 500grep ANY typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-P)"; } 501grep ANY typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-TP)"; } 502grep KEYDATA typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-T)"; } 503grep KEYDATA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-P)"; } 504grep KEYDATA typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-TP)"; } 505grep AAAA typelist.out.T.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-T)"; } 506grep AAAA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: AAAA found (-P)"; } 507grep AAAA typelist.out.TP.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-TP)"; } 508if [ $ret -ne 0 ]; then 509 echo "I:failed" 510 status=1 511fi 512 513n=`expr $n + 1` 514ret=0 515echo "I:check command list ($n)" 516( 517while read cmd 518do 519 echo "$cmd" | $NSUPDATE > /dev/null 2>&1 520 if test $? -gt 1 ; then 521 echo "I: failed ($cmd)" 522 ret=1 523 fi 524 echo "$cmd " | $NSUPDATE > /dev/null 2>&1 525 if test $? -gt 1 ; then 526 echo "I: failed ($cmd)" 527 ret=1 528 fi 529done 530exit $ret 531) < commandlist || ret=1 532if [ $ret -ne 0 ]; then 533 status=1 534fi 535 536n=`expr $n + 1` 537ret=0 538echo "I:check TSIG key algorithms ($n)" 539for alg in md5 sha1 sha224 sha256 sha384 sha512; do 540 $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1 541server 10.53.0.1 5300 542update add ${alg}.keytests.nil. 600 A 10.10.10.3 543send 544END 545done 546sleep 2 547for alg in md5 sha1 sha224 sha256 sha384 sha512; do 548 $DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1 549done 550if [ $ret -ne 0 ]; then 551 echo "I:failed" 552 status=1 553fi 554 555n=`expr $n + 1` 556ret=0 557echo "I:check that ttl is capped by max-ttl ($n)" 558$NSUPDATE <<END > /dev/null || ret=1 559server 10.53.0.1 5300 560update add cap.max-ttl.nil. 600 A 10.10.10.3 561update add nocap.max-ttl.nil. 150 A 10.10.10.3 562send 563END 564sleep 2 565$DIG @10.53.0.1 -p 5300 cap.max-ttl.nil | grep "^cap.max-ttl.nil. 300" > /dev/null 2>&1 || ret=1 566$DIG @10.53.0.1 -p 5300 nocap.max-ttl.nil | grep "^nocap.max-ttl.nil. 150" > /dev/null 2>&1 || ret=1 567if [ $ret -ne 0 ]; then 568 echo "I:failed" 569 status=1 570fi 571 572n=`expr $n + 1` 573ret=0 574echo "I:add a record which is truncated when logged. ($n)" 575$NSUPDATE verylarge || ret=1 576$DIG +tcp @10.53.0.1 -p 5300 txt txt.update.nil > dig.out.ns1.test$n 577grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 578grep "adding an RR at 'txt.update.nil' TXT .* \[TRUNCATED\]" ns1/named.run > /dev/null || ret=1 579if [ $ret -ne 0 ]; then 580 echo "I:failed" 581 status=1 582fi 583 584echo "I:exit status: $status" 585exit $status 586