1#!/bin/sh 2# 3# Copyright (C) 2010-2013 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id: tests.sh,v 1.5 2011/01/11 23:47:12 tbox Exp 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23n=0 24 25for conf in conf/good*.conf 26do 27 n=`expr $n + 1` 28 echo "I:checking that $conf is accepted ($n)" 29 ret=0 30 $CHECKCONF "$conf" || ret=1 31 if [ $ret != 0 ]; then echo "I:failed"; fi 32 status=`expr $status + $ret` 33done 34 35for conf in conf/bad*.conf 36do 37 n=`expr $n + 1` 38 echo "I:checking that $conf is rejected ($n)" 39 ret=0 40 $CHECKCONF "$conf" >/dev/null && ret=1 41 if [ $ret != 0 ]; then echo "I:failed"; fi 42 status=`expr $status + $ret` 43done 44 45n=`expr $n + 1` 46echo "I:trying an axfr that should be denied (NOTAUTH) ($n)" 47ret=0 48$DIG +tcp data.example. @10.53.0.2 axfr -p 5300 > dig.out.ns2.test$n || ret=1 49grep "; Transfer failed." dig.out.ns2.test$n > /dev/null || ret=1 50if [ $ret != 0 ]; then echo "I:failed"; fi 51status=`expr $status + $ret` 52 53n=`expr $n + 1` 54echo "I:non recursive query for a static-stub zone with server name should be rejected ($n)" 55ret=0 56 $DIG +tcp +norec data.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n \ 57 || ret=1 58grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 59if [ $ret != 0 ]; then echo "I:failed"; fi 60status=`expr $status + $ret` 61 62n=`expr $n + 1` 63echo "I:non recursive query for a static-stub zone with server name should be rejected ($n)" 64ret=0 65$DIG +tcp +norec data.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n \ 66 || ret=1 67grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 68if [ $ret != 0 ]; then echo "I:failed"; fi 69status=`expr $status + $ret` 70 71n=`expr $n + 1` 72echo "I:allow-query ACL ($n)" 73ret=0 74$DIG +tcp +norec data.example. @10.53.0.2 txt -b 10.53.0.7 -p 5300 \ 75 > dig.out.ns2.test$n || ret=1 76grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 77if [ $ret != 0 ]; then echo "I:failed"; fi 78status=`expr $status + $ret` 79 80n=`expr $n + 1` 81echo "I:look for static-stub zone data with recursion (should be found) ($n)" 82ret=0 83$DIG +tcp +noauth data.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 84$PERL ../digcomp.pl knowngood.dig.out.rec dig.out.ns2.test$n || ret=1 85if [ $ret != 0 ]; then echo "I:failed"; fi 86status=`expr $status + $ret` 87 88n=`expr $n + 1` 89echo "I:checking authoritative NS is ignored for delegation ($n)" 90ret=0 91# the auth server returns a different (and incorrect) NS for .example. 92$DIG +tcp example. @10.53.0.2 ns -p 5300 > dig.out.ns2.test1.$n || ret=1 93grep "ns4.example." dig.out.ns2.test1.$n > /dev/null || ret=1 94# but static-stub configuration should still be used 95$DIG +tcp data2.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test2.$n || ret=1 96grep "2nd test data" dig.out.ns2.test2.$n > /dev/null || ret=1 97if [ $ret != 0 ]; then echo "I:failed"; fi 98status=`expr $status + $ret` 99 100n=`expr $n + 1` 101echo "I:checking queries for a child zone of the static-stub zone ($n)" 102ret=0 103# prime the delegation to a child zone of the static-stub zone 104$DIG +tcp data1.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test1.$n || ret=1 105grep "1st sub test data" dig.out.ns2.test1.$n > /dev/null || ret=1 106# temporarily disable the the parent zone 107sed 's/EXAMPLE_ZONE_PLACEHOLDER//' ns3/named.conf.in > ns3/named.conf 108$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /' 109# query the child zone again. this should directly go to the child and 110# succeed. 111for i in 0 1 2 3 4 5 6 7 8 9 112do 113 $DIG +tcp data2.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test2.$n || ret=1 114 grep "2nd sub test data" dig.out.ns2.test2.$n > /dev/null && break 115 sleep 1 116done 117grep "2nd sub test data" dig.out.ns2.test2.$n > /dev/null || ret=1 118# re-enable the parent 119sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type master; file "example.db.signed"; };/' ns3/named.conf.in > ns3/named.conf 120$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /' 121if [ $ret != 0 ]; then echo "I:failed"; fi 122status=`expr $status + $ret` 123 124n=`expr $n + 1` 125echo "I:checking authoritative NS addresses are ignored for delegation ($n)" 126ret=0 127# the auth server returns a different (and incorrect) A/AAA RR for .example. 128$DIG +tcp example. @10.53.0.2 a -p 5300 > dig.out.ns2.test1.$n || ret=1 129grep "10.53.0.4" dig.out.ns2.test1.$n > /dev/null || ret=1 130$DIG +tcp example. @10.53.0.2 aaaa -p 5300 > dig.out.ns2.test2.$n || ret=1 131grep "::1" dig.out.ns2.test2.$n > /dev/null || ret=1 132# reload the server. this will flush the ADB. 133$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 134# ask another RR that would require delegation. static-stub configuration 135# should still be used instead of the authoritative A/AAAA cached above. 136$DIG +tcp data3.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test3.$n || ret=1 137grep "3rd test data" dig.out.ns2.test3.$n > /dev/null || ret=1 138if [ $ret != 0 ]; then echo "I:failed"; fi 139status=`expr $status + $ret` 140 141# the authoritative server of the query domain (example.com) is the apex 142# name of the static-stub zone (example). in this case the static-stub 143# configuration must be ignored and cached information must be used. 144n=`expr $n + 1` 145echo "I:checking NS of static-stub is ignored when referenced from other domain ($n)" 146ret=0 147$DIG +tcp data.example.com. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 148grep "example com data" dig.out.ns2.test$n > /dev/null || ret=1 149if [ $ret != 0 ]; then echo "I:failed"; fi 150status=`expr $status + $ret` 151 152# check server-names 153n=`expr $n + 1` 154echo "I:checking static-stub with a server-name ($n)" 155ret=0 156$DIG +tcp data.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 157grep "example org data" dig.out.ns2.test$n > /dev/null || ret=1 158if [ $ret != 0 ]; then echo "I:failed"; fi 159status=`expr $status + $ret` 160 161n=`expr $n + 1` 162# Note: for a short term workaround we use ::1, assuming it's configured and 163# usable for our tests. We should eventually use the test ULA and available 164# checks introduced in change 2916. 165if $PERL ../testsock6.pl ::1 2> /dev/null 166then 167 echo "I:checking IPv6 static-stub address ($n)" 168 ret=0 169 $DIG +tcp data.example.info. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 170 grep "example info data" dig.out.ns2.test$n > /dev/null || ret=1 171 if [ $ret != 0 ]; then echo "I:failed"; fi 172 status=`expr $status + $ret` 173else 174 echo "I:SKIPPED: checking IPv6 static-stub address ($n)" 175fi 176 177n=`expr $n + 1` 178echo "I:look for static-stub zone data with DNSSEC validation ($n)" 179ret=0 180$DIG +tcp +dnssec data4.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 181grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1 182grep "4th test data" dig.out.ns2.test$n > /dev/null || ret=1 183if [ $ret != 0 ]; then echo "I:failed"; fi 184status=`expr $status + $ret` 185 186n=`expr $n + 1` 187echo "I:look for a child of static-stub zone data with DNSSEC validation ($n)" 188ret=0 189$DIG +tcp +dnssec data3.sub.example. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 190grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1 191grep "3rd sub test data" dig.out.ns2.test$n > /dev/null || ret=1 192if [ $ret != 0 ]; then echo "I:failed"; fi 193status=`expr $status + $ret` 194 195# reload with a different name server: exisitng zone shouldn't be reused. 196n=`expr $n + 1` 197echo "I:checking server reload with a different static-stub config ($n)" 198ret=0 199sed 's/SERVER_CONFIG_PLACEHOLDER/server-addresses { 10.53.0.4; };/' ns2/named.conf.in > ns2/named.conf 200$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 201$DIG +tcp data2.example.org. @10.53.0.2 txt -p 5300 > dig.out.ns2.test$n || ret=1 202grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1 203if [ $ret != 0 ]; then echo "I:failed"; fi 204status=`expr $status + $ret` 205 206echo "I:exit status: $status" 207exit $status 208