1#!/bin/sh
2#
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# This Source Code Form is subject to the terms of the Mozilla Public
6# License, v. 2.0. If a copy of the MPL was not distributed with this
7# file, you can obtain one at https://mozilla.org/MPL/2.0/.
8#
9# See the COPYRIGHT file distributed with this work for additional
10# information regarding copyright ownership.
11
12SYSTEMTESTTOP=..
13. $SYSTEMTESTTOP/conf.sh
14
15DIGOPTS="-p ${PORT}"
16
17status=0
18n=0
19
20ns3_reset() {
21	copy_setports $1 ns3/named.conf
22	$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/I:ns3 /'
23	$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush | sed 's/^/I:ns3 /'
24}
25
26ns3_sends_aaaa_queries() {
27	if grep "started AAAA fetch" ns3/named.run >/dev/null; then
28		return 0
29	else
30		return 1
31	fi
32}
33
34# Check whether the number of queries ans2 received from ns3 (this value is
35# read from dig output stored in file $1) is as expected.  The expected query
36# count is variable:
37#   - if ns3 sends AAAA queries, the query count should equal $2,
38#   - if ns3 does not send AAAA queries, the query count should equal $3.
39check_query_count() {
40	count1=`sed 's/[^0-9]//g;' $1`
41	count2=`sed 's/[^0-9]//g;' $2`
42	count=`expr $count1 + $count2`
43	#echo_i "count1=$count1 count2=$count2 count=$count"
44	expected_count_with_aaaa=$3
45	expected_count_without_aaaa=$4
46
47	if ns3_sends_aaaa_queries; then
48		expected_count=$expected_count_with_aaaa
49	else
50		expected_count=$expected_count_without_aaaa
51	fi
52
53	if [ $count -ne $expected_count ]; then
54		echo_i "count $count (actual) != $expected_count (expected)"
55		ret=1
56	fi
57}
58
59echo_i "set max-recursion-depth=12"
60
61n=`expr $n + 1`
62echo_i "attempt excessive-depth lookup ($n)"
63ret=0
64echo "1000" > ans2/ans.limit
65echo "1000" > ans4/ans.limit
66$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
67$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1
68$DIG $DIGOPTS @10.53.0.3 indirect1.example.org > dig.out.1.test$n || ret=1
69grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
70$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
71$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
72check_query_count dig.out.2.test$n dig.out.4.test$n 27 14
73if [ $ret != 0 ]; then echo_i "failed"; fi
74status=`expr $status + $ret`
75
76n=`expr $n + 1`
77echo_i "attempt permissible lookup ($n)"
78ret=0
79echo "12" > ans2/ans.limit
80echo "12" > ans4/ans.limit
81ns3_reset ns3/named1.conf.in
82$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
83$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1
84$DIG $DIGOPTS @10.53.0.3 indirect2.example.org > dig.out.1.test$n || ret=1
85grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
86$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
87$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
88check_query_count dig.out.2.test$n dig.out.4.test$n 50 26
89if [ $ret != 0 ]; then echo_i "failed"; fi
90status=`expr $status + $ret`
91
92echo_i "set max-recursion-depth=5"
93
94n=`expr $n + 1`
95echo_i "attempt excessive-depth lookup ($n)"
96ret=0
97echo "12" > ans2/ans.limit
98ns3_reset ns3/named2.conf.in
99$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
100$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1
101$DIG $DIGOPTS @10.53.0.3 indirect3.example.org > dig.out.1.test$n || ret=1
102grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
103$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
104$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
105check_query_count dig.out.2.test$n dig.out.4.test$n 13 7
106if [ $ret != 0 ]; then echo_i "failed"; fi
107status=`expr $status + $ret`
108
109n=`expr $n + 1`
110echo_i "attempt permissible lookup ($n)"
111ret=0
112echo "5" > ans2/ans.limit
113echo "5" > ans4/ans.limit
114ns3_reset ns3/named2.conf.in
115$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
116$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1
117$DIG $DIGOPTS @10.53.0.3 indirect4.example.org > dig.out.1.test$n || ret=1
118grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
119$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
120$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
121check_query_count dig.out.2.test$n dig.out.4.test$n 22 12
122if [ $ret != 0 ]; then echo_i "failed"; fi
123status=`expr $status + $ret`
124
125echo_i "set max-recursion-depth=100, max-recursion-queries=50"
126
127n=`expr $n + 1`
128echo_i "attempt excessive-queries lookup ($n)"
129ret=0
130echo "13" > ans2/ans.limit
131echo "13" > ans4/ans.limit
132ns3_reset ns3/named3.conf.in
133$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
134$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1
135$DIG $DIGOPTS @10.53.0.3 indirect5.example.org > dig.out.1.test$n || ret=1
136if ns3_sends_aaaa_queries; then
137  grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
138fi
139$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
140$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
141eval count=`cat dig.out.2.test$n`
142[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
143if [ $ret != 0 ]; then echo_i "failed"; fi
144status=`expr $status + $ret`
145
146n=`expr $n + 1`
147echo_i "attempt permissible lookup ($n)"
148ret=0
149echo "12" > ans2/ans.limit
150ns3_reset ns3/named3.conf.in
151$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
152$DIG $DIGOPTS @10.53.0.3 indirect6.example.org > dig.out.1.test$n || ret=1
153grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
154$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
155eval count=`cat dig.out.2.test$n`
156[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
157if [ $ret != 0 ]; then echo_i "failed"; fi
158status=`expr $status + $ret`
159
160echo_i "set max-recursion-depth=100, max-recursion-queries=40"
161
162n=`expr $n + 1`
163echo_i "attempt excessive-queries lookup ($n)"
164ret=0
165echo "11" > ans2/ans.limit
166ns3_reset ns3/named4.conf.in
167$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
168$DIG $DIGOPTS @10.53.0.3 indirect7.example.org > dig.out.1.test$n || ret=1
169if ns3_sends_aaaa_queries; then
170  grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
171fi
172$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
173eval count=`cat dig.out.2.test$n`
174[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
175if [ $ret != 0 ]; then echo_i "failed"; fi
176status=`expr $status + $ret`
177
178n=`expr $n + 1`
179echo_i "attempt permissible lookup ($n)"
180ret=0
181echo "9" > ans2/ans.limit
182ns3_reset ns3/named4.conf.in
183$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
184$DIG $DIGOPTS @10.53.0.3 indirect8.example.org > dig.out.1.test$n || ret=1
185grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
186$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
187eval count=`cat dig.out.2.test$n`
188[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
189if [ $ret != 0 ]; then echo_i "failed"; fi
190status=`expr $status + $ret`
191
192n=`expr $n + 1`
193echo_i "attempting NS explosion ($n)"
194ret=0
195ns3_reset ns3/named4.conf.in
196$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1
197$DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net > dig.out.1.test$n || ret=1
198$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
199eval count=`cat dig.out.2.test$n`
200[ $count -lt 50 ] || ret=1
201$DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1
202eval count=`cat dig.out.3.test$n`
203[ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50";  }
204if [ $ret != 0 ]; then echo_i "failed"; fi
205status=`expr $status + $ret`
206
207#grep "duplicate query" ns3/named.run
208echo_i "exit status: $status"
209[ $status -eq 0 ] || exit 1
210