1#!/bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12SYSTEMTESTTOP=.. 13. $SYSTEMTESTTOP/conf.sh 14 15DIGOPTS="-p ${PORT}" 16 17status=0 18n=0 19 20ns3_reset() { 21 copy_setports $1 ns3/named.conf 22 $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/I:ns3 /' 23 $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush | sed 's/^/I:ns3 /' 24} 25 26ns3_sends_aaaa_queries() { 27 if grep "started AAAA fetch" ns3/named.run >/dev/null; then 28 return 0 29 else 30 return 1 31 fi 32} 33 34# Check whether the number of queries ans2 received from ns3 (this value is 35# read from dig output stored in file $1) is as expected. The expected query 36# count is variable: 37# - if ns3 sends AAAA queries, the query count should equal $2, 38# - if ns3 does not send AAAA queries, the query count should equal $3. 39check_query_count() { 40 count1=`sed 's/[^0-9]//g;' $1` 41 count2=`sed 's/[^0-9]//g;' $2` 42 count=`expr $count1 + $count2` 43 #echo_i "count1=$count1 count2=$count2 count=$count" 44 expected_count_with_aaaa=$3 45 expected_count_without_aaaa=$4 46 47 if ns3_sends_aaaa_queries; then 48 expected_count=$expected_count_with_aaaa 49 else 50 expected_count=$expected_count_without_aaaa 51 fi 52 53 if [ $count -ne $expected_count ]; then 54 echo_i "count $count (actual) != $expected_count (expected)" 55 ret=1 56 fi 57} 58 59echo_i "set max-recursion-depth=12" 60 61n=`expr $n + 1` 62echo_i "attempt excessive-depth lookup ($n)" 63ret=0 64echo "1000" > ans2/ans.limit 65echo "1000" > ans4/ans.limit 66$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 67$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 68$DIG $DIGOPTS @10.53.0.3 indirect1.example.org > dig.out.1.test$n || ret=1 69grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 70$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 71$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 72check_query_count dig.out.2.test$n dig.out.4.test$n 27 14 73if [ $ret != 0 ]; then echo_i "failed"; fi 74status=`expr $status + $ret` 75 76n=`expr $n + 1` 77echo_i "attempt permissible lookup ($n)" 78ret=0 79echo "12" > ans2/ans.limit 80echo "12" > ans4/ans.limit 81ns3_reset ns3/named1.conf.in 82$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 83$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 84$DIG $DIGOPTS @10.53.0.3 indirect2.example.org > dig.out.1.test$n || ret=1 85grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 86$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 87$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 88check_query_count dig.out.2.test$n dig.out.4.test$n 50 26 89if [ $ret != 0 ]; then echo_i "failed"; fi 90status=`expr $status + $ret` 91 92echo_i "set max-recursion-depth=5" 93 94n=`expr $n + 1` 95echo_i "attempt excessive-depth lookup ($n)" 96ret=0 97echo "12" > ans2/ans.limit 98ns3_reset ns3/named2.conf.in 99$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 100$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 101$DIG $DIGOPTS @10.53.0.3 indirect3.example.org > dig.out.1.test$n || ret=1 102grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 103$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 104$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 105check_query_count dig.out.2.test$n dig.out.4.test$n 13 7 106if [ $ret != 0 ]; then echo_i "failed"; fi 107status=`expr $status + $ret` 108 109n=`expr $n + 1` 110echo_i "attempt permissible lookup ($n)" 111ret=0 112echo "5" > ans2/ans.limit 113echo "5" > ans4/ans.limit 114ns3_reset ns3/named2.conf.in 115$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 116$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 117$DIG $DIGOPTS @10.53.0.3 indirect4.example.org > dig.out.1.test$n || ret=1 118grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 119$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 120$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 121check_query_count dig.out.2.test$n dig.out.4.test$n 22 12 122if [ $ret != 0 ]; then echo_i "failed"; fi 123status=`expr $status + $ret` 124 125echo_i "set max-recursion-depth=100, max-recursion-queries=50" 126 127n=`expr $n + 1` 128echo_i "attempt excessive-queries lookup ($n)" 129ret=0 130echo "13" > ans2/ans.limit 131echo "13" > ans4/ans.limit 132ns3_reset ns3/named3.conf.in 133$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 134$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 135$DIG $DIGOPTS @10.53.0.3 indirect5.example.org > dig.out.1.test$n || ret=1 136if ns3_sends_aaaa_queries; then 137 grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 138fi 139$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 140$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 141eval count=`cat dig.out.2.test$n` 142[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } 143if [ $ret != 0 ]; then echo_i "failed"; fi 144status=`expr $status + $ret` 145 146n=`expr $n + 1` 147echo_i "attempt permissible lookup ($n)" 148ret=0 149echo "12" > ans2/ans.limit 150ns3_reset ns3/named3.conf.in 151$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 152$DIG $DIGOPTS @10.53.0.3 indirect6.example.org > dig.out.1.test$n || ret=1 153grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 154$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 155eval count=`cat dig.out.2.test$n` 156[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } 157if [ $ret != 0 ]; then echo_i "failed"; fi 158status=`expr $status + $ret` 159 160echo_i "set max-recursion-depth=100, max-recursion-queries=40" 161 162n=`expr $n + 1` 163echo_i "attempt excessive-queries lookup ($n)" 164ret=0 165echo "11" > ans2/ans.limit 166ns3_reset ns3/named4.conf.in 167$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 168$DIG $DIGOPTS @10.53.0.3 indirect7.example.org > dig.out.1.test$n || ret=1 169if ns3_sends_aaaa_queries; then 170 grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 171fi 172$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 173eval count=`cat dig.out.2.test$n` 174[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } 175if [ $ret != 0 ]; then echo_i "failed"; fi 176status=`expr $status + $ret` 177 178n=`expr $n + 1` 179echo_i "attempt permissible lookup ($n)" 180ret=0 181echo "9" > ans2/ans.limit 182ns3_reset ns3/named4.conf.in 183$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 184$DIG $DIGOPTS @10.53.0.3 indirect8.example.org > dig.out.1.test$n || ret=1 185grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 186$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 187eval count=`cat dig.out.2.test$n` 188[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } 189if [ $ret != 0 ]; then echo_i "failed"; fi 190status=`expr $status + $ret` 191 192n=`expr $n + 1` 193echo_i "attempting NS explosion ($n)" 194ret=0 195ns3_reset ns3/named4.conf.in 196$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 197$DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net > dig.out.1.test$n || ret=1 198$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 199eval count=`cat dig.out.2.test$n` 200[ $count -lt 50 ] || ret=1 201$DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1 202eval count=`cat dig.out.3.test$n` 203[ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } 204if [ $ret != 0 ]; then echo_i "failed"; fi 205status=`expr $status + $ret` 206 207#grep "duplicate query" ns3/named.run 208echo_i "exit status: $status" 209[ $status -eq 0 ] || exit 1 210