1#!/bin/sh 2# 3# Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id: tests.sh,v 1.7 2010/01/18 19:19:31 each Exp 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22# replace_data dname RR old_data new_data 23replace_data() 24{ 25 if [ $# -ne 4 ]; then 26 echo I:unexpected input for replace_data 27 return 1 28 fi 29 30 _dname=$1 31 _rr=$2 32 _olddata=$3 33 _newdata=$4 34 35 _ret=0 36 $NSUPDATE -d <<END>> nsupdate.out.test 2>&1 || _ret=1 37server 10.53.0.2 5300 38update delete ${_dname} 30 ${_rr} ${_olddata} 39update add ${_dname} 30 ${_rr} ${_newdata} 40send 41END 42 43 if [ $_ret != 0 ]; then 44 echo I:failed to update the test data 45 return 1 46 fi 47 48 return 0 49} 50 51status=0 52n=0 53 54DIGOPTS="+short +tcp -p 5300" 55DIGOPTS_CD="$DIGOPTS +cd" 56 57echo I:Priming cache. 58ret=0 59expect="10 mail.example." 60ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1 61test "$ans" = "$expect" || ret=1 62test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 63status=`expr $status + $ret` 64 65echo I:Checking that bogus additional is not returned with +CD. 66ret=0 67expect="10.0.0.2" 68ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1 69test "$ans" = "$expect" || ret=1 70test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 71status=`expr $status + $ret` 72 73# 74# Prime cache with pending additional records. These should not be promoted 75# to answer. 76# 77echo "I:Priming cache (pending additional A and AAAA)" 78ret=0 79expect="10 mail.example.com." 80ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1 81test "$ans" = "$expect" || ret=1 82test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 83status=`expr $status + $ret` 84 85echo "I:Replacing pending A" 86ret=0 87replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1 88status=`expr $status + $ret` 89 90echo "I:Replacing pending AAAA" 91ret=0 92replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1 93status=`expr $status + $ret` 94 95echo "I:Checking updated data to be returned (without CD)" 96ret=0 97expect="192.0.2.3" 98ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1 99test "$ans" = "$expect" || ret=1 100test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 101status=`expr $status + $ret` 102 103echo "I:Checking updated data to be returned (with CD)" 104ret=0 105expect="2001:db8::3" 106ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1 107test "$ans" = "$expect" || ret=1 108test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 109status=`expr $status + $ret` 110 111# 112# Prime cache with a pending answer record. It can be returned (without 113# validation) with +CD. 114# 115echo "I:Priming cache (pending answer)" 116ret=0 117expect="192.0.2.2" 118ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 119test "$ans" = "$expect" || ret=1 120test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 121status=`expr $status + $ret` 122 123echo I:Replacing pending data 124ret=0 125replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1 126status=`expr $status + $ret` 127 128echo I:Confirming cached pending data to be returned with CD 129ret=0 130expect="192.0.2.2" 131ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 132test "$ans" = "$expect" || ret=1 133test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 134status=`expr $status + $ret` 135 136# 137# Prime cache with a pending answer record. It should not be returned 138# to no-DNSSEC clients. 139# 140echo "I:Priming cache (pending answer)" 141ret=0 142expect="192.0.2.102" 143ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1 144test "$ans" = "$expect" || ret=1 145test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 146status=`expr $status + $ret` 147 148echo I:Replacing pending data 149ret=0 150replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1 151status=`expr $status + $ret` 152 153echo I:Confirming updated data returned, not the cached one, without CD 154ret=0 155expect="192.0.2.103" 156ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1 157test "$ans" = "$expect" || ret=1 158test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 159status=`expr $status + $ret` 160 161# 162# Try to fool the resolver with an out-of-bailiwick CNAME 163# 164echo I:Trying to Prime out-of-bailiwick pending answer with CD 165ret=0 166expect="10.10.10.10" 167ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1 168ans=`echo $ans | awk '{print $NF}'` 169test "$ans" = "$expect" || ret=1 170test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 171status=`expr $status + $ret` 172 173echo I:Confirming the out-of-bailiwick answer is not cached or reused with CD 174ret=0 175expect="10.10.10.10" 176ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1 177ans=`echo $ans | awk '{print $NF}'` 178test "$ans" = "$expect" || ret=1 179test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 180status=`expr $status + $ret` 181 182# 183# Make sure the resolver doesn't cache bogus NXDOMAIN 184# 185echo I:Trying to Prime bogus NXDOMAIN 186ret=0 187expect="SERVFAIL" 188ans=`$DIG +tcp -p 5300 @10.53.0.4 removed.example.com. A` || ret=1 189ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` 190test "$ans" = "$expect" || ret=1 191test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 192status=`expr $status + $ret` 193 194echo I:Confirming the bogus NXDOMAIN was not cached 195ret=0 196expect="SERVFAIL" 197ans=`$DIG +tcp -p 5300 @10.53.0.4 removed.example.com. A` || ret=1 198ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` 199test "$ans" = "$expect" || ret=1 200test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" 201status=`expr $status + $ret` 202 203echo "I:exit status: $status" 204exit $status 205