1#!/bin/sh
2#
3# Copyright (C) 2010-2013  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# Id: tests.sh,v 1.5 2011/01/11 23:47:12 tbox Exp
18
19SYSTEMTESTTOP=..
20. $SYSTEMTESTTOP/conf.sh
21
22status=0
23n=0
24
25for conf in conf/good*.conf
26do
27	n=`expr $n + 1`
28	echo "I:checking that $conf is accepted ($n)"
29	ret=0
30	$CHECKCONF "$conf" || ret=1
31	if [ $ret != 0 ]; then echo "I:failed"; fi
32	status=`expr $status + $ret`
33done
34
35for conf in conf/bad*.conf
36do
37	n=`expr $n + 1`
38	echo "I:checking that $conf is rejected ($n)"
39	ret=0
40	$CHECKCONF "$conf" >/dev/null && ret=1
41	if [ $ret != 0 ]; then echo "I:failed"; fi
42	status=`expr $status + $ret`
43done
44
45n=`expr $n + 1`
46echo "I:trying an axfr that should be denied (NOTAUTH) ($n)"
47ret=0
48$DIG +tcp data.example. @10.53.0.2 axfr -p 5300 > dig.out.ns2.test$n || ret=1
49grep "; Transfer failed." dig.out.ns2.test$n > /dev/null || ret=1
50if [ $ret != 0 ]; then echo "I:failed"; fi
51status=`expr $status + $ret`
52
53n=`expr $n + 1`
54echo "I:non recursive query for a static-stub zone with server name should be rejected ($n)"
55ret=0
56 $DIG +tcp +norec data.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n \
57 	|| ret=1
58grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
59if [ $ret != 0 ]; then echo "I:failed"; fi
60status=`expr $status + $ret`
61
62n=`expr $n + 1`
63echo "I:non recursive query for a static-stub zone with server name should be rejected ($n)"
64ret=0
65$DIG +tcp +norec data.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n \
66	|| ret=1
67grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
68if [ $ret != 0 ]; then echo "I:failed"; fi
69status=`expr $status + $ret`
70
71n=`expr $n + 1`
72echo "I:allow-query ACL ($n)"
73ret=0
74$DIG +tcp +norec data.example. @10.53.0.2 txt -b 10.53.0.7 -p 5300 \
75	> dig.out.ns2.test$n || ret=1
76grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
77if [ $ret != 0 ]; then echo "I:failed"; fi
78status=`expr $status + $ret`
79
80n=`expr $n + 1`
81echo "I:look for static-stub zone data with recursion (should be found) ($n)"
82ret=0
83$DIG +tcp +noauth data.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
84$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns2.test$n || ret=1
85if [ $ret != 0 ]; then echo "I:failed"; fi
86status=`expr $status + $ret`
87
88n=`expr $n + 1`
89echo "I:checking authoritative NS is ignored for delegation ($n)"
90ret=0
91# the auth server returns a different (and incorrect) NS for .example.
92$DIG +tcp example. @10.53.0.2 ns -p 5300 > dig.out.ns2.test1.$n || ret=1
93grep "ns4.example." dig.out.ns2.test1.$n > /dev/null || ret=1
94# but static-stub configuration should still be used
95$DIG +tcp data2.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test2.$n || ret=1
96grep "2nd test data" dig.out.ns2.test2.$n > /dev/null || ret=1
97if [ $ret != 0 ]; then echo "I:failed"; fi
98status=`expr $status + $ret`
99
100n=`expr $n + 1`
101echo "I:checking queries for a child zone of the static-stub zone ($n)"
102ret=0
103# prime the delegation to a child zone of the static-stub zone
104$DIG +tcp data1.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test1.$n || ret=1
105grep "1st sub test data" dig.out.ns2.test1.$n > /dev/null || ret=1
106# temporarily disable the the parent zone
107sed 's/EXAMPLE_ZONE_PLACEHOLDER//' ns3/named.conf.in > ns3/named.conf
108$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /'
109# query the child zone again.  this should directly go to the child and
110# succeed.
111for i in 0 1 2 3 4 5 6 7 8 9
112do
113	$DIG +tcp data2.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test2.$n || ret=1
114	grep "2nd sub test data" dig.out.ns2.test2.$n > /dev/null && break
115	sleep 1
116done
117grep "2nd sub test data" dig.out.ns2.test2.$n > /dev/null || ret=1
118# re-enable the parent
119sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type master; file "example.db.signed"; };/' ns3/named.conf.in > ns3/named.conf
120$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /'
121if [ $ret != 0 ]; then echo "I:failed"; fi
122status=`expr $status + $ret`
123
124n=`expr $n + 1`
125echo "I:checking authoritative NS addresses are ignored for delegation ($n)"
126ret=0
127# the auth server returns a different (and incorrect) A/AAA RR for .example.
128$DIG +tcp example. @10.53.0.2 a -p 5300 > dig.out.ns2.test1.$n || ret=1
129grep "10.53.0.4" dig.out.ns2.test1.$n > /dev/null || ret=1
130$DIG +tcp example. @10.53.0.2 aaaa -p 5300 > dig.out.ns2.test2.$n || ret=1
131grep "::1" dig.out.ns2.test2.$n > /dev/null || ret=1
132# reload the server.  this will flush the ADB.
133$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
134# ask another RR that would require delegation.  static-stub configuration
135# should still be used instead of the authoritative A/AAAA cached above.
136$DIG +tcp data3.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test3.$n || ret=1
137grep "3rd test data" dig.out.ns2.test3.$n > /dev/null || ret=1
138if [ $ret != 0 ]; then echo "I:failed"; fi
139status=`expr $status + $ret`
140
141# the authoritative server of the query domain (example.com) is the apex
142# name of the static-stub zone (example).  in this case the static-stub
143# configuration must be ignored and cached information must be used.
144n=`expr $n + 1`
145echo "I:checking NS of static-stub is ignored when referenced from other domain ($n)"
146ret=0
147$DIG +tcp data.example.com. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
148grep "example com data" dig.out.ns2.test$n > /dev/null || ret=1
149if [ $ret != 0 ]; then echo "I:failed"; fi
150status=`expr $status + $ret`
151
152# check server-names
153n=`expr $n + 1`
154echo "I:checking static-stub with a server-name ($n)"
155ret=0
156$DIG +tcp data.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
157grep "example org data" dig.out.ns2.test$n > /dev/null || ret=1
158if [ $ret != 0 ]; then echo "I:failed"; fi
159status=`expr $status + $ret`
160
161n=`expr $n + 1`
162# Note: for a short term workaround we use ::1, assuming it's configured and
163# usable for our tests.  We should eventually use the test ULA and available
164# checks introduced in change 2916.
165if $PERL ../testsock6.pl ::1 2> /dev/null
166then
167    echo "I:checking IPv6 static-stub address ($n)"
168    ret=0
169    $DIG +tcp data.example.info. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
170    grep "example info data" dig.out.ns2.test$n > /dev/null || ret=1
171    if [ $ret != 0 ]; then echo "I:failed"; fi
172    status=`expr $status + $ret`
173else
174    echo "I:SKIPPED: checking IPv6 static-stub address ($n)"
175fi
176
177n=`expr $n + 1`
178echo "I:look for static-stub zone data with DNSSEC validation ($n)"
179ret=0
180$DIG +tcp +dnssec data4.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
181grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
182grep "4th test data" dig.out.ns2.test$n > /dev/null || ret=1
183if [ $ret != 0 ]; then echo "I:failed"; fi
184status=`expr $status + $ret`
185
186n=`expr $n + 1`
187echo "I:look for a child of static-stub zone data with DNSSEC validation ($n)"
188ret=0
189$DIG +tcp +dnssec data3.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
190grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
191grep "3rd sub test data" dig.out.ns2.test$n > /dev/null || ret=1
192if [ $ret != 0 ]; then echo "I:failed"; fi
193status=`expr $status + $ret`
194
195# reload with a different name server: exisitng zone shouldn't be reused.
196n=`expr $n + 1`
197echo "I:checking server reload with a different static-stub config ($n)"
198ret=0
199sed 's/SERVER_CONFIG_PLACEHOLDER/server-addresses { 10.53.0.4; };/' ns2/named.conf.in > ns2/named.conf
200$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
201$DIG +tcp data2.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1
202grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1
203if [ $ret != 0 ]; then echo "I:failed"; fi
204status=`expr $status + $ret`
205
206echo "I:exit status: $status"
207exit $status
208