1#!/bin/sh 2# 3# Copyright (C) 2004, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") 4# Copyright (C) 2000, 2001 Internet Software Consortium. 5# 6# Permission to use, copy, modify, and/or distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16# PERFORMANCE OF THIS SOFTWARE. 17 18# Id: tests.sh,v 1.22 2012/02/09 23:47:18 tbox Exp 19 20SYSTEMTESTTOP=.. 21. $SYSTEMTESTTOP/conf.sh 22 23status=0 24n=0 25 26echo "I:checking non-cachable NXDOMAIN response handling" 27ret=0 28$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 29grep "status: NXDOMAIN" dig.out > /dev/null || ret=1 30if [ $ret != 0 ]; then echo "I:failed"; fi 31status=`expr $status + $ret` 32 33if [ -x ${RESOLVE} ] ; then 34echo "I:checking non-cachable NXDOMAIN response handling using dns_client" 35 ret=0 36 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out || ret=1 37 grep "resolution failed: ncache nxdomain" resolve.out > /dev/null || ret=1 38 if [ $ret != 0 ]; then echo "I:failed"; fi 39 status=`expr $status + $ret` 40fi 41 42if [ -x ${RESOLVE} ] ; then 43echo "I:checking that local bound address can be set (Can't query from a denied address)" 44 ret=0 45 ${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out || ret=1 46 grep "resolution failed: failure" resolve.out > /dev/null || ret=1 47 if [ $ret != 0 ]; then echo "I:failed"; fi 48 status=`expr $status + $ret` 49 50echo "I:checking that local bound address can be set (Can query from an allowed address)" 51 ret=0 52 ${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1 53 grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 54 if [ $ret != 0 ]; then echo "I:failed"; fi 55 status=`expr $status + $ret` 56fi 57 58echo "I:checking non-cachable NODATA response handling" 59ret=0 60$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 61grep "status: NOERROR" dig.out > /dev/null || ret=1 62if [ $ret != 0 ]; then echo "I:failed"; fi 63status=`expr $status + $ret` 64 65if [ -x ${RESOLVE} ] ; then 66 echo "I:checking non-cachable NODATA response handling using dns_client" 67 ret=0 68 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out || ret=1 69 grep "resolution failed: ncache nxrrset" resolve.out > /dev/null || ret=1 70 if [ $ret != 0 ]; then echo "I:failed"; fi 71 status=`expr $status + $ret` 72fi 73 74echo "I:checking handling of bogus referrals" 75# If the server has the "INSIST(!external)" bug, this query will kill it. 76$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 77 78if [ -x ${RESOLVE} ] ; then 79 echo "I:checking handling of bogus referrals using dns_client" 80 ret=0 81 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out || ret=1 82 grep "resolution failed: failure" resolve.out > /dev/null || ret=1 83 if [ $ret != 0 ]; then echo "I:failed"; fi 84 status=`expr $status + $ret` 85fi 86 87echo "I:check handling of cname + other data / 1" 88$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 89 90echo "I:check handling of cname + other data / 2" 91$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 92 93echo "I:check that server is still running" 94$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 95 96echo "I:checking answer IPv4 address filtering (deny)" 97ret=0 98$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 99grep "status: SERVFAIL" dig.out > /dev/null || ret=1 100if [ $ret != 0 ]; then echo "I:failed"; fi 101status=`expr $status + $ret` 102 103echo "I:checking answer IPv6 address filtering (deny)" 104ret=0 105$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out || ret=1 106grep "status: SERVFAIL" dig.out > /dev/null || ret=1 107if [ $ret != 0 ]; then echo "I:failed"; fi 108status=`expr $status + $ret` 109 110echo "I:checking answer IPv4 address filtering (accept)" 111ret=0 112$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 113grep "status: NOERROR" dig.out > /dev/null || ret=1 114if [ $ret != 0 ]; then echo "I:failed"; fi 115status=`expr $status + $ret` 116 117 118if [ -x ${RESOLVE} ] ; then 119 echo "I:checking answer IPv4 address filtering using dns_client (accept)" 120 ret=0 121 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1 122 grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 123 if [ $ret != 0 ]; then echo "I:failed"; fi 124 status=`expr $status + $ret` 125fi 126 127echo "I:checking answer IPv6 address filtering (accept)" 128ret=0 129$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out || ret=1 130grep "status: NOERROR" dig.out > /dev/null || ret=1 131if [ $ret != 0 ]; then echo "I:failed"; fi 132status=`expr $status + $ret` 133 134if [ -x ${RESOLVE} ] ; then 135 echo "I:checking answer IPv6 address filtering using dns_client (accept)" 136 ret=0 137 ${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out || ret=1 138 grep "www.example.org..*.2001:db8:beef::1" resolve.out > /dev/null || ret=1 139 if [ $ret != 0 ]; then echo "I:failed"; fi 140 status=`expr $status + $ret` 141fi 142 143echo "I:checking CNAME target filtering (deny)" 144ret=0 145$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 146grep "status: SERVFAIL" dig.out > /dev/null || ret=1 147if [ $ret != 0 ]; then echo "I:failed"; fi 148status=`expr $status + $ret` 149 150echo "I:checking CNAME target filtering (accept)" 151ret=0 152$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 153grep "status: NOERROR" dig.out > /dev/null || ret=1 154if [ $ret != 0 ]; then echo "I:failed"; fi 155status=`expr $status + $ret` 156 157if [ -x ${RESOLVE} ] ; then 158 echo "I:checking CNAME target filtering using dns_client (accept)" 159 ret=0 160 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out || ret=1 161 grep "goodcname.example.net..*.goodcname.example.org." resolve.out > /dev/null || ret=1 162 grep "goodcname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 163 if [ $ret != 0 ]; then echo "I:failed"; fi 164 status=`expr $status + $ret` 165fi 166 167echo "I:checking CNAME target filtering (accept due to subdomain)" 168ret=0 169$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 170grep "status: NOERROR" dig.out > /dev/null || ret=1 171if [ $ret != 0 ]; then echo "I:failed"; fi 172status=`expr $status + $ret` 173 174if [ -x ${RESOLVE} ] ; then 175 echo "I:checking CNAME target filtering using dns_client (accept due to subdomain)" 176 ret=0 177 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out || ret=1 178 grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1 179 grep "ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 180 if [ $ret != 0 ]; then echo "I:failed"; fi 181 status=`expr $status + $ret` 182fi 183 184echo "I:checking DNAME target filtering (deny)" 185ret=0 186$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 187grep "status: SERVFAIL" dig.out > /dev/null || ret=1 188if [ $ret != 0 ]; then echo "I:failed"; fi 189status=`expr $status + $ret` 190 191echo "I:checking DNAME target filtering (accept)" 192ret=0 193$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 194grep "status: NOERROR" dig.out > /dev/null || ret=1 195if [ $ret != 0 ]; then echo "I:failed"; fi 196status=`expr $status + $ret` 197 198if [ -x ${RESOLVE} ] ; then 199 echo "I:checking DNAME target filtering using dns_client (accept)" 200 ret=0 201 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out || ret=1 202 grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out > /dev/null || ret=1 203 grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 204 if [ $ret != 0 ]; then echo "I:failed"; fi 205 status=`expr $status + $ret` 206fi 207 208echo "I:checking DNAME target filtering (accept due to subdomain)" 209ret=0 210$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 211grep "status: NOERROR" dig.out > /dev/null || ret=1 212if [ $ret != 0 ]; then echo "I:failed"; fi 213status=`expr $status + $ret` 214 215if [ -x ${RESOLVE} ] ; then 216 echo "I:checking DNAME target filtering using dns_client (accept due to subdomain)" 217 ret=0 218 ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out || ret=1 219 grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1 220 grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 221 if [ $ret != 0 ]; then echo "I:failed"; fi 222 status=`expr $status + $ret` 223fi 224 225n=`expr $n + 1` 226echo "I: RT21594 regression test check setup ($n)" 227ret=0 228# Check that "aa" is not being set by the authoritative server. 229$DIG +tcp . @10.53.0.4 soa -p 5300 > dig.ns4.out.${n} || ret=1 230grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1 231if [ $ret != 0 ]; then echo "I:failed"; fi 232status=`expr $status + $ret` 233 234n=`expr $n + 1` 235echo "I: RT21594 regression test positive answers ($n)" 236ret=0 237# Check that resolver accepts the non-authoritative positive answers. 238$DIG +tcp . @10.53.0.5 soa -p 5300 > dig.ns5.out.${n} || ret=1 239grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1 240if [ $ret != 0 ]; then echo "I:failed"; fi 241status=`expr $status + $ret` 242 243n=`expr $n + 1` 244echo "I: RT21594 regression test NODATA answers ($n)" 245ret=0 246# Check that resolver accepts the non-authoritative nodata answers. 247$DIG +tcp . @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1 248grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1 249if [ $ret != 0 ]; then echo "I:failed"; fi 250status=`expr $status + $ret` 251 252n=`expr $n + 1` 253echo "I: RT21594 regression test NXDOMAIN answers ($n)" 254ret=0 255# Check that resolver accepts the non-authoritative positive answers. 256$DIG +tcp noexistant @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1 257grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1 258if [ $ret != 0 ]; then echo "I:failed"; fi 259status=`expr $status + $ret` 260 261n=`expr $n + 1` 262echo "I:check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)" 263ret=0 264$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=1 265grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1 266if [ $ret = 1 ]; then echo "I:mx priming failed"; fi 267$NSUPDATE << EOF 268server 10.53.0.6 5300 269zone example.net 270update delete mail.example.net A 271update add mail.example.net 0 AAAA ::1 272send 273EOF 274$DIG +tcp a mail.example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2 275grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2 276grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2 277if [ $ret = 2 ]; then echo "I:ncache priming failed"; fi 278$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=3 279grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3 280$DIG +tcp rrsig mail.example.net +norec @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=4 281grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4 282grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4 283if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 284status=`expr $status + $ret` 285 286if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 287status=`expr $status + $ret` 288 289n=`expr $n + 1` 290echo "I:checking that update a nameservers address has immediate effects ($n)" 291ret=0 292$DIG +tcp TXT foo.moves @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1 293grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 294$NSUPDATE << EOF 295server 10.53.0.7 5300 296zone server 297update delete ns.server A 298update add ns.server 300 A 10.53.0.4 299send 300EOF 301sleep 1 302$DIG +tcp TXT bar.moves @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1 303grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1 304 305if [ $ret != 0 ]; then echo "I:failed"; status=1; fi 306 307n=`expr $n + 1` 308echo "I:checking that update a nameservers glue has immediate effects ($n)" 309ret=0 310$DIG +tcp TXT foo.child.server @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1 311grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 312$NSUPDATE << EOF 313server 10.53.0.7 5300 314zone server 315update delete ns.child.server A 316update add ns.child.server 300 A 10.53.0.4 317send 318EOF 319sleep 1 320$DIG +tcp TXT bar.child.server @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1 321grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1 322 323if [ $ret != 0 ]; then echo "I:failed"; status=1; fi 324 325n=`expr $n + 1` 326echo "I:checking empty RFC 1918 reverse zones ($n)" 327ret=0 328# Check that "aa" is being set by the resolver for RFC 1918 zones 329# except the one that has been deliberately disabled 330$DIG @10.53.0.7 -p 5300 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1 331grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1 332$DIG @10.53.0.7 -p 5300 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1 333grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1 334$DIG @10.53.0.7 -p 5300 -x 172.16.1.1 > dig.ns4.out.3.${n} || ret=1 335grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1 336$DIG @10.53.0.7 -p 5300 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1 337grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1 338$DIG @10.53.0.7 -p 5300 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1 339grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1 340$DIG @10.53.0.7 -p 5300 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1 341grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1 342$DIG @10.53.0.7 -p 5300 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1 343grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1 344$DIG @10.53.0.7 -p 5300 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1 345grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1 346$DIG @10.53.0.7 -p 5300 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1 347grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1 348$DIG @10.53.0.7 -p 5300 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1 349grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1 350$DIG @10.53.0.7 -p 5300 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1 351grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1 352$DIG @10.53.0.7 -p 5300 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1 353grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1 354$DIG @10.53.0.7 -p 5300 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1 355grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1 356$DIG @10.53.0.7 -p 5300 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1 357grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1 358$DIG @10.53.0.7 -p 5300 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1 359grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1 360$DIG @10.53.0.7 -p 5300 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1 361grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1 362$DIG @10.53.0.7 -p 5300 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1 363grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1 364# but this one should NOT be authoritative 365$DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1 366grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1 367if [ $ret != 0 ]; then echo "I:failed"; status=1; fi 368 369n=`expr $n + 1` 370echo "I:checking that removal of a delegation is honoured ($n)" 371ret=0 372$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n} 373grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; } 374cp ns4/tld2.db ns4/tld.db 375($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) | 376sed -e '/reload queued/d' -e 's/^/I:ns4 /' 377old= 378for i in 0 1 2 3 4 5 6 7 8 9 379do 380 foo=0 381 $DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null 382 $DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n} 383 grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1 384 [ $foo = 0 ] && break 385 $NSUPDATE << EOF 386server 10.53.0.6 5300 387zone to-be-removed.tld 388update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld 389update delete to-be-removed.tld NS ns${old}.to-be-removed.tld 390send 391EOF 392 old=$i 393 sleep 1 394done 395[ $ret = 0 ] && ret=$foo; 396if [ $ret != 0 ]; then echo "I:failed"; status=1; fi 397 398n=`expr $n + 1` 399echo "I:check for improved error message with SOA mismatch ($n)" 400ret=0 401$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1 402grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1 403if [ $ret != 0 ]; then echo "I:failed"; fi 404status=`expr $status + $ret` 405 406cp ns7/named2.conf ns7/named.conf 407$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /' 408 409n=`expr $n + 1` 410echo "I:check resolution on the listening port ($n)" 411ret=0 412$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2 413grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1 414grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1 415if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 416status=`expr $status + $ret` 417 418n=`expr $n + 1` 419echo "I:check prefetch (${n})" 420ret=0 421$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.1.${n} || ret=1 422ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}` 423# sleep so we are in prefetch range 424sleep ${ttl1:-0} 425# trigger prefetch 426$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.2.${n} || ret=1 427ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 428sleep 1 429# check that prefetch occured 430$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.3.${n} || ret=1 431ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}` 432test ${ttl:-0} -gt ${ttl2:-1} || ret=1 433if [ $ret != 0 ]; then echo "I:failed"; fi 434status=`expr $status + $ret` 435 436n=`expr $n + 1` 437echo "I:check prefetch disabled (${n})" 438ret=0 439$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.1.${n} || ret=1 440ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.1.${n}` 441# sleep so we are in expire range 442sleep ${ttl1:-0} 443# look for zero ttl, allow for one miss at getting zero ttl 444zerotonine="0 1 2 3 4 5 6 7 8 9" 445for i in $zerotonine $zerotonine $zerotonine $zerotonine 446do 447 $DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.2.${n} || ret=1 448 ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 449 test ${ttl2:-1} -eq 0 && break 450 $PERL -e 'select(undef, undef, undef, 0.05);' 451done 452test ${ttl2:-1} -eq 0 || ret=1 453# delay so that any prefetched record will have a lower ttl than expected 454sleep 3 455# check that prefetch has not occured 456$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.3.${n} || ret=1 457ttl=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.3.${n}` 458test ${ttl:-0} -eq ${ttl1:-1} || ret=1 459if [ $ret != 0 ]; then echo "I:failed"; fi 460status=`expr $status + $ret` 461 462n=`expr $n + 1` 463echo "I:check prefetch qtype * (${n})" 464ret=0 465$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.1.${n} || ret=1 466ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}` 467# sleep so we are in prefetch range 468sleep ${ttl1:-0} 469# trigger prefetch 470$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.2.${n} || ret=1 471ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 472sleep 1 473# check that the nameserver is still alive 474$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.3.${n} || ret=1 475if [ $ret != 0 ]; then echo "I:failed"; fi 476status=`expr $status + $ret` 477 478n=`expr $n + 1` 479echo "I:check that E was logged on EDNS queries in the query log (${n})" 480ret=0 481$DIG @10.53.0.5 -p 5300 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1 482grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1 483$DIG @10.53.0.5 -p 5300 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1 484grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1 485grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1 486if [ $ret != 0 ]; then echo "I:failed"; fi 487status=`expr $status + $ret` 488 489n=`expr $n + 1` 490echo "I:check that '-t aaaa' in .digrc does not have unexpected side effects ($n)" 491ret=0 492echo "-t aaaa" > .digrc 493env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . > dig.out.1.${n} || ret=1 494env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . A > dig.out.2.${n} || ret=1 495env HOME=`pwd` $DIG @10.53.0.4 -p 5300 -x 127.0.0.1 > dig.out.3.${n} || ret=1 496grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1 497grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1 498grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1 499grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1 500if [ $ret != 0 ]; then echo "I:failed"; fi 501status=`expr $status + $ret` 502 503n=`expr $n + 1` 504echo "I:check that CNAME nameserver is logged correctly (${n})" 505ret=0 506$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 507grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1 508grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1 509if [ $ret != 0 ]; then echo "I:failed"; fi 510status=`expr $status + $ret` 511 512echo "I:exit status: $status" 513exit $status 514