1#!/bin/sh
2#
3# Copyright (C) 2004, 2007, 2009-2014  Internet Systems Consortium, Inc. ("ISC")
4# Copyright (C) 2000, 2001  Internet Software Consortium.
5#
6# Permission to use, copy, modify, and/or distribute this software for any
7# purpose with or without fee is hereby granted, provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16# PERFORMANCE OF THIS SOFTWARE.
17
18# Id: tests.sh,v 1.22 2012/02/09 23:47:18 tbox Exp
19
20SYSTEMTESTTOP=..
21. $SYSTEMTESTTOP/conf.sh
22
23status=0
24n=0
25
26echo "I:checking non-cachable NXDOMAIN response handling"
27ret=0
28$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
29grep "status: NXDOMAIN" dig.out > /dev/null || ret=1
30if [ $ret != 0 ]; then echo "I:failed"; fi
31status=`expr $status + $ret`
32
33if [ -x ${RESOLVE} ] ; then
34echo "I:checking non-cachable NXDOMAIN response handling using dns_client"
35   ret=0
36   ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out || ret=1
37   grep "resolution failed: ncache nxdomain" resolve.out > /dev/null || ret=1
38   if [ $ret != 0 ]; then echo "I:failed"; fi
39   status=`expr $status + $ret`
40fi
41
42if [ -x ${RESOLVE} ] ; then
43echo "I:checking that local bound address can be set (Can't query from a denied address)"
44   ret=0
45   ${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out || ret=1
46   grep "resolution failed: failure" resolve.out > /dev/null || ret=1
47   if [ $ret != 0 ]; then echo "I:failed"; fi
48   status=`expr $status + $ret`
49
50echo "I:checking that local bound address can be set (Can query from an allowed address)"
51   ret=0
52   ${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1
53   grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
54   if [ $ret != 0 ]; then echo "I:failed"; fi
55   status=`expr $status + $ret`
56fi
57
58echo "I:checking non-cachable NODATA response handling"
59ret=0
60$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
61grep "status: NOERROR" dig.out > /dev/null || ret=1
62if [ $ret != 0 ]; then echo "I:failed"; fi
63status=`expr $status + $ret`
64
65if [ -x ${RESOLVE} ] ; then
66    echo "I:checking non-cachable NODATA response handling using dns_client"
67    ret=0
68    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out || ret=1
69    grep "resolution failed: ncache nxrrset" resolve.out > /dev/null || ret=1
70    if [ $ret != 0 ]; then echo "I:failed"; fi
71    status=`expr $status + $ret`
72fi
73
74echo "I:checking handling of bogus referrals"
75# If the server has the "INSIST(!external)" bug, this query will kill it.
76$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
77
78if [ -x ${RESOLVE} ] ; then
79    echo "I:checking handling of bogus referrals using dns_client"
80    ret=0
81    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out || ret=1
82    grep "resolution failed: failure" resolve.out > /dev/null || ret=1
83    if [ $ret != 0 ]; then echo "I:failed"; fi
84    status=`expr $status + $ret`
85fi
86
87echo "I:check handling of cname + other data / 1"
88$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
89
90echo "I:check handling of cname + other data / 2"
91$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
92
93echo "I:check that server is still running"
94$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
95
96echo "I:checking answer IPv4 address filtering (deny)"
97ret=0
98$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
99grep "status: SERVFAIL" dig.out > /dev/null || ret=1
100if [ $ret != 0 ]; then echo "I:failed"; fi
101status=`expr $status + $ret`
102
103echo "I:checking answer IPv6 address filtering (deny)"
104ret=0
105$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out || ret=1
106grep "status: SERVFAIL" dig.out > /dev/null || ret=1
107if [ $ret != 0 ]; then echo "I:failed"; fi
108status=`expr $status + $ret`
109
110echo "I:checking answer IPv4 address filtering (accept)"
111ret=0
112$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
113grep "status: NOERROR" dig.out > /dev/null || ret=1
114if [ $ret != 0 ]; then echo "I:failed"; fi
115status=`expr $status + $ret`
116
117
118if [ -x ${RESOLVE} ] ; then
119    echo "I:checking answer IPv4 address filtering using dns_client (accept)"
120    ret=0
121    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1
122    grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
123    if [ $ret != 0 ]; then echo "I:failed"; fi
124    status=`expr $status + $ret`
125fi
126
127echo "I:checking answer IPv6 address filtering (accept)"
128ret=0
129$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out || ret=1
130grep "status: NOERROR" dig.out > /dev/null || ret=1
131if [ $ret != 0 ]; then echo "I:failed"; fi
132status=`expr $status + $ret`
133
134if [ -x ${RESOLVE} ] ; then
135    echo "I:checking answer IPv6 address filtering using dns_client (accept)"
136    ret=0
137    ${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out || ret=1
138    grep "www.example.org..*.2001:db8:beef::1" resolve.out > /dev/null || ret=1
139    if [ $ret != 0 ]; then echo "I:failed"; fi
140    status=`expr $status + $ret`
141fi
142
143echo "I:checking CNAME target filtering (deny)"
144ret=0
145$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
146grep "status: SERVFAIL" dig.out > /dev/null || ret=1
147if [ $ret != 0 ]; then echo "I:failed"; fi
148status=`expr $status + $ret`
149
150echo "I:checking CNAME target filtering (accept)"
151ret=0
152$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
153grep "status: NOERROR" dig.out > /dev/null || ret=1
154if [ $ret != 0 ]; then echo "I:failed"; fi
155status=`expr $status + $ret`
156
157if [ -x ${RESOLVE} ] ; then
158    echo "I:checking CNAME target filtering using dns_client (accept)"
159    ret=0
160    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out || ret=1
161    grep "goodcname.example.net..*.goodcname.example.org." resolve.out > /dev/null || ret=1
162    grep "goodcname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
163    if [ $ret != 0 ]; then echo "I:failed"; fi
164    status=`expr $status + $ret`
165fi
166
167echo "I:checking CNAME target filtering (accept due to subdomain)"
168ret=0
169$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
170grep "status: NOERROR" dig.out > /dev/null || ret=1
171if [ $ret != 0 ]; then echo "I:failed"; fi
172status=`expr $status + $ret`
173
174if [ -x ${RESOLVE} ] ; then
175    echo "I:checking CNAME target filtering using dns_client (accept due to subdomain)"
176    ret=0
177    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out || ret=1
178    grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
179    grep "ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
180    if [ $ret != 0 ]; then echo "I:failed"; fi
181    status=`expr $status + $ret`
182fi
183
184echo "I:checking DNAME target filtering (deny)"
185ret=0
186$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
187grep "status: SERVFAIL" dig.out > /dev/null || ret=1
188if [ $ret != 0 ]; then echo "I:failed"; fi
189status=`expr $status + $ret`
190
191echo "I:checking DNAME target filtering (accept)"
192ret=0
193$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
194grep "status: NOERROR" dig.out > /dev/null || ret=1
195if [ $ret != 0 ]; then echo "I:failed"; fi
196status=`expr $status + $ret`
197
198if [ -x ${RESOLVE} ] ; then
199    echo "I:checking DNAME target filtering using dns_client (accept)"
200    ret=0
201    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out || ret=1
202    grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out > /dev/null || ret=1
203    grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
204    if [ $ret != 0 ]; then echo "I:failed"; fi
205    status=`expr $status + $ret`
206fi
207
208echo "I:checking DNAME target filtering (accept due to subdomain)"
209ret=0
210$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
211grep "status: NOERROR" dig.out > /dev/null || ret=1
212if [ $ret != 0 ]; then echo "I:failed"; fi
213status=`expr $status + $ret`
214
215if [ -x ${RESOLVE} ] ; then
216    echo "I:checking DNAME target filtering using dns_client (accept due to subdomain)"
217    ret=0
218    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out || ret=1
219    grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
220    grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
221    if [ $ret != 0 ]; then echo "I:failed"; fi
222    status=`expr $status + $ret`
223fi
224
225n=`expr $n + 1`
226echo "I: RT21594 regression test check setup ($n)"
227ret=0
228# Check that "aa" is not being set by the authoritative server.
229$DIG +tcp . @10.53.0.4 soa -p 5300 > dig.ns4.out.${n} || ret=1
230grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
231if [ $ret != 0 ]; then echo "I:failed"; fi
232status=`expr $status + $ret`
233
234n=`expr $n + 1`
235echo "I: RT21594 regression test positive answers ($n)"
236ret=0
237# Check that resolver accepts the non-authoritative positive answers.
238$DIG +tcp . @10.53.0.5 soa -p 5300 > dig.ns5.out.${n} || ret=1
239grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
240if [ $ret != 0 ]; then echo "I:failed"; fi
241status=`expr $status + $ret`
242
243n=`expr $n + 1`
244echo "I: RT21594 regression test NODATA answers ($n)"
245ret=0
246# Check that resolver accepts the non-authoritative nodata answers.
247$DIG +tcp . @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1
248grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
249if [ $ret != 0 ]; then echo "I:failed"; fi
250status=`expr $status + $ret`
251
252n=`expr $n + 1`
253echo "I: RT21594 regression test NXDOMAIN answers ($n)"
254ret=0
255# Check that resolver accepts the non-authoritative positive answers.
256$DIG +tcp noexistant @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1
257grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
258if [ $ret != 0 ]; then echo "I:failed"; fi
259status=`expr $status + $ret`
260
261n=`expr $n + 1`
262echo "I:check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
263ret=0
264$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=1
265grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
266if [ $ret = 1 ]; then echo "I:mx priming failed"; fi
267$NSUPDATE << EOF
268server 10.53.0.6 5300
269zone example.net
270update delete mail.example.net A
271update add mail.example.net 0 AAAA ::1
272send
273EOF
274$DIG +tcp a mail.example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
275grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
276grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
277if [ $ret = 2 ]; then echo "I:ncache priming failed"; fi
278$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=3
279grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
280$DIG +tcp rrsig mail.example.net +norec @10.53.0.7 -p 5300 > dig.ns7.out.${n}  || ret=4
281grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
282grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
283if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
284status=`expr $status + $ret`
285
286if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
287status=`expr $status + $ret`
288
289n=`expr $n + 1`
290echo "I:checking that update a nameservers address has immediate effects ($n)"
291ret=0
292$DIG +tcp TXT foo.moves @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1
293grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
294$NSUPDATE << EOF
295server 10.53.0.7 5300
296zone server
297update delete ns.server A
298update add ns.server 300 A 10.53.0.4
299send
300EOF
301sleep 1
302$DIG +tcp TXT bar.moves @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1
303grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
304
305if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
306
307n=`expr $n + 1`
308echo "I:checking that update a nameservers glue has immediate effects ($n)"
309ret=0
310$DIG +tcp TXT foo.child.server @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1
311grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
312$NSUPDATE << EOF
313server 10.53.0.7 5300
314zone server
315update delete ns.child.server A
316update add ns.child.server 300 A 10.53.0.4
317send
318EOF
319sleep 1
320$DIG +tcp TXT bar.child.server @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1
321grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
322
323if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
324
325n=`expr $n + 1`
326echo "I:checking empty RFC 1918 reverse zones ($n)"
327ret=0
328# Check that "aa" is being set by the resolver for RFC 1918 zones
329# except the one that has been deliberately disabled
330$DIG @10.53.0.7 -p 5300 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
331grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
332$DIG @10.53.0.7 -p 5300 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
333grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
334$DIG @10.53.0.7 -p 5300 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
335grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
336$DIG @10.53.0.7 -p 5300 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
337grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
338$DIG @10.53.0.7 -p 5300 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
339grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
340$DIG @10.53.0.7 -p 5300 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
341grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
342$DIG @10.53.0.7 -p 5300 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
343grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
344$DIG @10.53.0.7 -p 5300 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
345grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
346$DIG @10.53.0.7 -p 5300 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
347grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
348$DIG @10.53.0.7 -p 5300 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
349grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
350$DIG @10.53.0.7 -p 5300 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
351grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
352$DIG @10.53.0.7 -p 5300 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
353grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
354$DIG @10.53.0.7 -p 5300 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
355grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
356$DIG @10.53.0.7 -p 5300 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
357grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
358$DIG @10.53.0.7 -p 5300 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
359grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
360$DIG @10.53.0.7 -p 5300 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
361grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
362$DIG @10.53.0.7 -p 5300 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
363grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
364# but this one should NOT be authoritative
365$DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
366grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
367if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
368
369n=`expr $n + 1`
370echo "I:checking that removal of a delegation is honoured ($n)"
371ret=0
372$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
373grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; }
374cp ns4/tld2.db ns4/tld.db
375($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) |
376sed -e '/reload queued/d' -e 's/^/I:ns4 /'
377old=
378for i in 0 1 2 3 4 5 6 7 8 9
379do
380	foo=0
381	$DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
382	$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
383	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
384	[ $foo = 0 ] && break
385	$NSUPDATE << EOF
386server 10.53.0.6 5300
387zone to-be-removed.tld
388update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
389update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
390send
391EOF
392	old=$i
393	sleep 1
394done
395[ $ret = 0 ] && ret=$foo;
396if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
397
398n=`expr $n + 1`
399echo "I:check for improved error message with SOA mismatch ($n)"
400ret=0
401$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
402grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
403if [ $ret != 0 ]; then echo "I:failed"; fi
404status=`expr $status + $ret`
405
406cp ns7/named2.conf ns7/named.conf
407$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /'
408
409n=`expr $n + 1`
410echo "I:check resolution on the listening port ($n)"
411ret=0
412$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
413grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
414grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
415if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
416status=`expr $status + $ret`
417
418n=`expr $n + 1`
419echo "I:check prefetch (${n})"
420ret=0
421$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.1.${n} || ret=1
422ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
423# sleep so we are in prefetch range
424sleep ${ttl1:-0}
425# trigger prefetch
426$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.2.${n} || ret=1
427ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
428sleep 1
429# check that prefetch occured
430$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.3.${n} || ret=1
431ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}`
432test ${ttl:-0} -gt ${ttl2:-1} || ret=1
433if [ $ret != 0 ]; then echo "I:failed"; fi
434status=`expr $status + $ret`
435
436n=`expr $n + 1`
437echo "I:check prefetch disabled (${n})"
438ret=0
439$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.1.${n} || ret=1
440ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.1.${n}`
441# sleep so we are in expire range
442sleep ${ttl1:-0}
443# look for zero ttl, allow for one miss at getting zero ttl
444zerotonine="0 1 2 3 4 5 6 7 8 9"
445for i in $zerotonine $zerotonine $zerotonine $zerotonine
446do
447	$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.2.${n} || ret=1
448	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
449	test ${ttl2:-1} -eq 0 && break
450	$PERL -e 'select(undef, undef, undef, 0.05);'
451done
452test ${ttl2:-1} -eq 0 || ret=1
453# delay so that any prefetched record will have a lower ttl than expected
454sleep 3
455# check that prefetch has not occured
456$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.3.${n} || ret=1
457ttl=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.3.${n}`
458test ${ttl:-0} -eq ${ttl1:-1} || ret=1
459if [ $ret != 0 ]; then echo "I:failed"; fi
460status=`expr $status + $ret`
461
462n=`expr $n + 1`
463echo "I:check prefetch qtype * (${n})"
464ret=0
465$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.1.${n} || ret=1
466ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
467# sleep so we are in prefetch range
468sleep ${ttl1:-0}
469# trigger prefetch
470$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.2.${n} || ret=1
471ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
472sleep 1
473# check that the nameserver is still alive
474$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.3.${n} || ret=1
475if [ $ret != 0 ]; then echo "I:failed"; fi
476status=`expr $status + $ret`
477
478n=`expr $n + 1`
479echo "I:check that E was logged on EDNS queries in the query log (${n})"
480ret=0
481$DIG @10.53.0.5 -p 5300 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
482grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
483$DIG @10.53.0.5 -p 5300 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
484grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
485grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
486if [ $ret != 0 ]; then echo "I:failed"; fi
487status=`expr $status + $ret`
488
489n=`expr $n + 1`
490echo "I:check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
491ret=0
492echo "-t aaaa" > .digrc
493env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . > dig.out.1.${n} || ret=1
494env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . A > dig.out.2.${n} || ret=1
495env HOME=`pwd` $DIG @10.53.0.4 -p 5300 -x 127.0.0.1 > dig.out.3.${n} || ret=1
496grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
497grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
498grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
499grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1
500if [ $ret != 0 ]; then echo "I:failed"; fi
501status=`expr $status + $ret`
502
503n=`expr $n + 1`
504echo "I:check that CNAME nameserver is logged correctly (${n})"
505ret=0
506$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
507grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
508grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
509if [ $ret != 0 ]; then echo "I:failed"; fi
510status=`expr $status + $ret`
511
512echo "I:exit status: $status"
513exit $status
514