1#!/bin/sh 2# 3# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17SYSTEMTESTTOP=.. 18. $SYSTEMTESTTOP/conf.sh 19 20status=0 21t=0 22 23# $1 = test name (such as 1a, 1b, etc. for which named.$1.conf exists) 24run_server() { 25 TESTNAME=$1 26 27 echo "I:stopping resolver" 28 $PERL $SYSTEMTESTTOP/stop.pl . ns2 29 30 sleep 1 31 32 echo "I:starting resolver using named.$TESTNAME.conf" 33 cp -f ns2/named.$TESTNAME.conf ns2/named.conf 34 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns2 35} 36 37run_query() { 38 TESTNAME=$1 39 LINE=$2 40 41 NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1` 42 $DIG $DIGOPTS $NAME a @10.53.0.2 -p 5300 -b 127.0.0.1 > dig.out.${t} 43 grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 && return 1 44 return 0 45} 46 47# $1 = test name (such as 1a, 1b, etc. for which $1.queries exists) 48# $2 = line number in query file to test (the name to query is taken from this line) 49expect_norecurse() { 50 TESTNAME=$1 51 LINE=$2 52 53 NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1` 54 t=`expr $t + 1` 55 echo "I:testing $NAME doesn't recurse (${t})" 56 run_query $TESTNAME $LINE || { 57 echo "I:test ${t} failed" 58 status=1 59 } 60} 61 62# $1 = test name (such as 1a, 1b, etc. for which $1.queries exists) 63# $2 = line number in query file to test (the name to query is taken from this line) 64expect_recurse() { 65 TESTNAME=$1 66 LINE=$2 67 68 NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1` 69 t=`expr $t + 1` 70 echo "I:testing $NAME recurses (${t})" 71 run_query $TESTNAME $LINE && { 72 echo "I:test ${t} failed" 73 status=1 74 } 75} 76 77t=`expr $t + 1` 78echo "I:testing that l1.l0 exists without RPZ (${t})" 79$DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p 5300 > dig.out.${t} 80grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { 81 echo "I:test ${t} failed" 82 status=1 83} 84 85t=`expr $t + 1` 86echo "I:testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})" 87$DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p 5300 > dig.out.${t} 88grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 || { 89 echo "I:test ${t} failed" 90 status=1 91} 92 93# Group 1 94run_server 1a 95expect_norecurse 1a 1 96run_server 1b 97expect_norecurse 1b 1 98expect_recurse 1b 2 99run_server 1c 100expect_norecurse 1c 1 101 102# Group 2 103run_server 2a 104for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 105do 106 expect_norecurse 2a $n 107done 108expect_recurse 2a 33 109 110# Group 3 111run_server 3a 112expect_recurse 3a 1 113run_server 3b 114expect_recurse 3b 1 115run_server 3c 116expect_recurse 3c 1 117run_server 3d 118expect_norecurse 3d 1 119expect_recurse 3d 2 120run_server 3e 121expect_norecurse 3e 1 122expect_recurse 3e 2 123run_server 3f 124expect_norecurse 3f 1 125expect_recurse 3f 2 126 127# Group 4 128testlist="aa ap bf" 129values="1 16 32" 130# Uncomment the following to test every skip value instead of 131# only a sample of values 132# 133#testlist="aa ab ac ad ae af ag ah ai aj ak al am an ao ap \ 134# aq ar as at au av aw ax ay az ba bb bc bd be bf" 135#values="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 \ 136# 21 22 23 24 25 26 27 28 29 30 31 32" 137set -- $values 138for n in $testlist; do 139 run_server 4$n 140 ni=$1 141 t=`expr $t + 1` 142 echo "I:testing that ${ni} of 33 queries skip recursion (${t})" 143 c=0 144 for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \ 145 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 146 do 147 run_query 4$n $i 148 c=`expr $c + $?` 149 done 150 skipped=`expr 33 - $c` 151 if [ $skipped != $ni ]; then 152 echo "I:test $t failed (actual=$skipped, expected=$ni)" 153 status=1 154 fi 155 shift 156done 157 158# Group 5 159run_server 5a 160expect_norecurse 5a 1 161expect_norecurse 5a 2 162expect_recurse 5a 3 163expect_recurse 5a 4 164expect_recurse 5a 5 165expect_recurse 5a 6 166 167# Group 6 168echo "I:check recursive behavior consistency during policy update races" 169run_server 6a 170sleep 1 171t=`expr $t + 1` 172echo "I:running dig to cache CNAME record (${t})" 173$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org CNAME > dig.out.${t} 174sleep 1 175echo "I:suspending authority server" 176kill -TSTP `cat ns1/named.pid` 177echo "I:adding an NSDNAME policy" 178cp ns2/db.6a.00.policy.local ns2/saved.policy.local 179cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local 180$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' 181sleep 1 182t=`expr $t + 1` 183echo "I:running dig to follow CNAME (blocks, so runs in the background) (${t})" 184$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org A > dig.out.${t} & 185sleep 1 186echo "I:removing the NSDNAME policy" 187cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local 188$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' 189sleep 1 190echo "I:resuming authority server" 191kill -CONT `cat ns1/named.pid` 192for n in 1 2 3 4 5 6 7 8 9; do 193 sleep 1 194 [ -s dig.out.${t} ] || continue 195 grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { 196 echo "I:test ${t} failed" 197 status=1 198 } 199done 200 201echo "I:check recursive behavior consistency during policy removal races" 202cp ns2/saved.policy.local ns2/db.6a.00.policy.local 203run_server 6a 204sleep 1 205t=`expr $t + 1` 206echo "I:running dig to cache CNAME record (${t})" 207$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org CNAME > dig.out.${t} 208sleep 1 209echo "I:suspending authority server" 210kill -TSTP `cat ns1/named.pid` 211echo "I:adding an NSDNAME policy" 212cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local 213$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' 214sleep 1 215t=`expr $t + 1` 216echo "I:running dig to follow CNAME (blocks, so runs in the background) (${t})" 217$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org A > dig.out.${t} & 218sleep 1 219echo "I:removing the policy zone" 220cp ns2/named.default.conf ns2/db.6a.00.policy.local 221$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /' 222sleep 1 223echo "I:resuming authority server" 224kill -CONT `cat ns1/named.pid` 225for n in 1 2 3 4 5 6 7 8 9; do 226 sleep 1 227 [ -s dig.out.${t} ] || continue 228 grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { 229 echo "I:test ${t} failed" 230 status=1 231 } 232done 233 234# Check CLIENT-IP behavior 235t=`expr $t + 1` 236echo "I:testing CLIENT-IP behavior (${t})" 237run_server clientip 238$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p 5300 -b 10.53.0.4 > dig.out.${t} 239grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { 240 echo "I:test $t failed: query failed" 241 status=1 242} 243grep "^l2.l1.l0.[[:space:]]*[0-9]*[[:space:]]*IN[[:space:]]*A[[:space:]]*10.53.0.2" dig.out.${t} > /dev/null 2>&1 || { 244 echo "I:test $t failed: didn't get expected answer" 245 status=1 246} 247 248exit $status 249