1#!/bin/sh 2# 3# Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id: tests.sh,v 1.3 2011/03/01 23:48:06 tbox Exp 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23n=1 24 25rm -f dig.out.* 26 27DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" 28 29for conf in conf/good*.conf 30do 31 echo "I:checking that $conf is accepted ($n)" 32 ret=0 33 $CHECKCONF "$conf" || ret=1 34 n=`expr $n + 1` 35 if [ $ret != 0 ]; then echo "I:failed"; fi 36 status=`expr $status + $ret` 37done 38 39for conf in conf/bad*.conf 40do 41 echo "I:checking that $conf is rejected ($n)" 42 ret=0 43 $CHECKCONF "$conf" >/dev/null && ret=1 44 n=`expr $n + 1` 45 if [ $ret != 0 ]; then echo "I:failed"; fi 46 status=`expr $status + $ret` 47done 48 49echo "I:checking A redirect works for nonexist ($n)" 50ret=0 51$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 52grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 53grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 54n=`expr $n + 1` 55if [ $ret != 0 ]; then echo "I:failed"; fi 56status=`expr $status + $ret` 57 58echo "I:checking AAAA redirect works for nonexist ($n)" 59ret=0 60$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 61grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 62grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 63n=`expr $n + 1` 64if [ $ret != 0 ]; then echo "I:failed"; fi 65status=`expr $status + $ret` 66 67echo "I:checking ANY redirect works for nonexist ($n)" 68ret=0 69$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 70grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 71grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 72grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 73n=`expr $n + 1` 74if [ $ret != 0 ]; then echo "I:failed"; fi 75status=`expr $status + $ret` 76 77echo "I:checking A redirect doesn't work for acl miss ($n)" 78ret=0 79$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1 80grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 81grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 82n=`expr $n + 1` 83if [ $ret != 0 ]; then echo "I:failed"; fi 84status=`expr $status + $ret` 85 86echo "I:checking AAAA redirect doesn't work for acl miss ($n)" 87ret=0 88$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 89grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 90grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 91n=`expr $n + 1` 92if [ $ret != 0 ]; then echo "I:failed"; fi 93status=`expr $status + $ret` 94 95echo "I:checking ANY redirect doesn't work for acl miss ($n)" 96ret=0 97$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=1 98grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 99grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 100grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 101n=`expr $n + 1` 102if [ $ret != 0 ]; then echo "I:failed"; fi 103status=`expr $status + $ret` 104 105echo "I:checking A redirect works for signed nonexist, DO=0 ($n)" 106ret=0 107$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 108grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 109grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 110n=`expr $n + 1` 111if [ $ret != 0 ]; then echo "I:failed"; fi 112status=`expr $status + $ret` 113 114echo "I:checking AAAA redirect works for signed nonexist, DO=0 ($n)" 115ret=0 116$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 117grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 118grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 119n=`expr $n + 1` 120if [ $ret != 0 ]; then echo "I:failed"; fi 121status=`expr $status + $ret` 122 123echo "I:checking ANY redirect works for signed nonexist, DO=0 ($n)" 124ret=0 125$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 126grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 127grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 128grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 129n=`expr $n + 1` 130if [ $ret != 0 ]; then echo "I:failed"; fi 131status=`expr $status + $ret` 132 133echo "I:checking A redirect fails for signed nonexist, DO=1 ($n)" 134ret=0 135$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 136grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 137grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 138n=`expr $n + 1` 139if [ $ret != 0 ]; then echo "I:failed"; fi 140status=`expr $status + $ret` 141 142echo "I:checking AAAA redirect fails for signed nonexist, DO=1 ($n)" 143ret=0 144$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 145grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 146grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 147n=`expr $n + 1` 148if [ $ret != 0 ]; then echo "I:failed"; fi 149status=`expr $status + $ret` 150 151echo "I:checking ANY redirect fails for signed nonexist, DO=1 ($n)" 152ret=0 153$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 154grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 155grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 156grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 157n=`expr $n + 1` 158if [ $ret != 0 ]; then echo "I:failed"; fi 159status=`expr $status + $ret` 160 161echo "I:checking A redirect fails for nsec3 signed nonexist, DO=1 ($n)" 162ret=0 163$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 164grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 165grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 166grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 167n=`expr $n + 1` 168if [ $ret != 0 ]; then echo "I:failed"; fi 169status=`expr $status + $ret` 170 171echo "I:checking AAAA redirect fails for nsec3 signed nonexist, DO=1 ($n)" 172ret=0 173$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 174grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 175grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 176grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 177n=`expr $n + 1` 178if [ $ret != 0 ]; then echo "I:failed"; fi 179status=`expr $status + $ret` 180 181echo "I:checking ANY redirect fails for nsec3 signed nonexist, DO=1 ($n)" 182ret=0 183$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 184grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 185grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 186grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 187grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 188n=`expr $n + 1` 189if [ $ret != 0 ]; then echo "I:failed"; fi 190status=`expr $status + $ret` 191 192echo "I:checking A redirect works for nonexist authoritative ($n)" 193ret=0 194$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 195grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 196grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 197n=`expr $n + 1` 198if [ $ret != 0 ]; then echo "I:failed"; fi 199status=`expr $status + $ret` 200 201echo "I:checking AAAA redirect works for nonexist authoritative ($n)" 202ret=0 203$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 204grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 205grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 206n=`expr $n + 1` 207if [ $ret != 0 ]; then echo "I:failed"; fi 208status=`expr $status + $ret` 209 210echo "I:checking ANY redirect works for nonexist authoritative ($n)" 211ret=0 212$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 213grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 214grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 215grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 216n=`expr $n + 1` 217if [ $ret != 0 ]; then echo "I:failed"; fi 218status=`expr $status + $ret` 219 220echo "I:checking A redirect doesn't work for acl miss authoritative ($n)" 221ret=0 222$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1 223grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 224grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 225n=`expr $n + 1` 226if [ $ret != 0 ]; then echo "I:failed"; fi 227status=`expr $status + $ret` 228 229echo "I:checking AAAA redirect doesn't work for acl miss authoritative ($n)" 230ret=0 231$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1 232grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 233grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 234n=`expr $n + 1` 235if [ $ret != 0 ]; then echo "I:failed"; fi 236status=`expr $status + $ret` 237 238echo "I:checking ANY redirect doesn't work for acl miss authoritative ($n)" 239ret=0 240$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=1 241grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 242grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 243grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 244n=`expr $n + 1` 245if [ $ret != 0 ]; then echo "I:failed"; fi 246status=`expr $status + $ret` 247 248echo "I:checking A redirect works for signed nonexist, DO=0 authoritative ($n)" 249ret=0 250$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 251grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 252grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 253n=`expr $n + 1` 254if [ $ret != 0 ]; then echo "I:failed"; fi 255status=`expr $status + $ret` 256 257echo "I:checking AAAA redirect works for signed nonexist, DO=0 authoritative ($n)" 258ret=0 259$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 260grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 261grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 262n=`expr $n + 1` 263if [ $ret != 0 ]; then echo "I:failed"; fi 264status=`expr $status + $ret` 265 266echo "I:checking ANY redirect works for signed nonexist, DO=0 authoritative ($n)" 267ret=0 268$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 269grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 270grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 271grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 272n=`expr $n + 1` 273if [ $ret != 0 ]; then echo "I:failed"; fi 274status=`expr $status + $ret` 275 276echo "I:checking A redirect fails for signed nonexist, DO=1 authoritative ($n)" 277ret=0 278$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 279grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 280grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 281n=`expr $n + 1` 282if [ $ret != 0 ]; then echo "I:failed"; fi 283status=`expr $status + $ret` 284 285echo "I:checking AAAA redirect fails for signed nonexist, DO=1 authoritative ($n)" 286ret=0 287$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 288grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 289grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 290n=`expr $n + 1` 291if [ $ret != 0 ]; then echo "I:failed"; fi 292status=`expr $status + $ret` 293 294echo "I:checking ANY redirect fails for signed nonexist, DO=1 authoritative ($n)" 295ret=0 296$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 297grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 298grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 299grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 300n=`expr $n + 1` 301if [ $ret != 0 ]; then echo "I:failed"; fi 302status=`expr $status + $ret` 303 304echo "I:checking A redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" 305ret=0 306$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 307grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 308grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 309grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 310n=`expr $n + 1` 311if [ $ret != 0 ]; then echo "I:failed"; fi 312status=`expr $status + $ret` 313 314echo "I:checking AAAA redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" 315ret=0 316$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 317grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 318grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 319grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 320n=`expr $n + 1` 321if [ $ret != 0 ]; then echo "I:failed"; fi 322status=`expr $status + $ret` 323 324echo "I:checking ANY redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" 325ret=0 326$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 327grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 328grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 329grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 330grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 331n=`expr $n + 1` 332if [ $ret != 0 ]; then echo "I:failed"; fi 333status=`expr $status + $ret` 334 335echo "I:checking redirect works (with noerror) when qtype is not found ($n)" 336ret=0 337$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1 338grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 339n=`expr $n + 1` 340if [ $ret != 0 ]; then echo "I:failed"; fi 341status=`expr $status + $ret` 342 343echo "I:checking that redirect zones reload correctly" 344ret=0 345sleep 1 # ensure file mtime will have changed 346sed -e 's/0 0 0 0 0/1 0 0 0 0/' < ns2/example.db.in > ns2/example.db 347sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' < ns2/redirect.db.in > ns2/redirect.db 348$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload > rndc.out || ret=1 349sed 's/^/I:ns2 /' rndc.out 350for i in 1 2 3 4 5 6 7 8 9; do 351 tmp=0 352 $DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || tmp=1 353 set -- `cat dig.out.ns1.test$n` 354 [ $3 = 1 ] || tmp=1 355 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || tmp=1 356 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || tmp=1 357 grep "100.100.100.2" dig.out.ns2.test$n > /dev/null || tmp=1 358 [ $tmp -eq 0 ] && break 359 sleep 1 360done 361[ $tmp -eq 1 ] && ret=1 362n=`expr $n + 1` 363if [ $ret != 0 ]; then echo "I:failed"; fi 364status=`expr $status + $ret` 365 366echo "I:exit status: $status" 367exit $status 368