1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=.. 15. $SYSTEMTESTTOP/conf.sh 16 17DIGOPTS="-p ${PORT}" 18RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" 19 20status=0 21n=0 22 23dotests() { 24 n=`expr $n + 1` 25 echo_i "test with RT, single zone (+rec) ($n)" 26 ret=0 27 $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 28 if [ $ret -eq 1 ] ; then 29 echo_i "failed"; status=$((status+1)) 30 fi 31 32 n=`expr $n + 1` 33 echo_i "test with RT, two zones (+rec) ($n)" 34 ret=0 35 $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 36 if [ $ret -eq 1 ] ; then 37 echo_i "failed"; status=$((status+1)) 38 fi 39 40 n=`expr $n + 1` 41 echo_i "test with NAPTR, single zone (+rec) ($n)" 42 ret=0 43 $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 44 if [ $ret -eq 1 ] ; then 45 echo_i "failed"; status=$((status+1)) 46 fi 47 48 n=`expr $n + 1` 49 echo_i "test with NAPTR, two zones (+rec) ($n)" 50 ret=0 51 $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 52 if [ $ret -eq 1 ] ; then 53 echo_i "failed"; status=$((status+1)) 54 fi 55 56 n=`expr $n + 1` 57 echo_i "test with LP (+rec) ($n)" 58 ret=0 59 $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 60 case $minimal in 61 no) 62 grep -w "NS" dig.out.$n > /dev/null || ret=1 63 grep -w "L64" dig.out.$n > /dev/null || ret=1 64 grep -w "L32" dig.out.$n > /dev/null || ret=1 65 ;; 66 yes) 67 grep -w "NS" dig.out.$n > /dev/null && ret=1 68 grep -w "L64" dig.out.$n > /dev/null && ret=1 69 grep -w "L32" dig.out.$n > /dev/null && ret=1 70 ;; 71 no-auth) 72 grep -w "NS" dig.out.$n > /dev/null && ret=1 73 grep -w "L64" dig.out.$n > /dev/null || ret=1 74 grep -w "L32" dig.out.$n > /dev/null || ret=1 75 ;; 76 no-auth-recursive) 77 grep -w "NS" dig.out.$n > /dev/null && ret=1 78 grep -w "L64" dig.out.$n > /dev/null || ret=1 79 grep -w "L32" dig.out.$n > /dev/null || ret=1 80 ;; 81 esac 82 if [ $ret -eq 1 ] ; then 83 echo_i "failed"; status=$((status+1)) 84 fi 85 86 n=`expr $n + 1` 87 echo_i "test with NID (+rec) ($n)" 88 ret=0 89 $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 90 if [ $minimal = no ] ; then 91 # change && to || when we support NID additional processing 92 grep -w "L64" dig.out.$n > /dev/null && ret=1 93 grep -w "L32" dig.out.$n > /dev/null && ret=1 94 else 95 grep -w "L64" dig.out.$n > /dev/null && ret=1 96 grep -w "L32" dig.out.$n > /dev/null && ret=1 97 fi 98 if [ $ret -eq 1 ] ; then 99 echo_i "failed"; status=$((status+1)) 100 fi 101 102 n=`expr $n + 1` 103 echo_i "test with NID + LP (+rec) ($n)" 104 ret=0 105 $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 106 if [ $minimal = no ] ; then 107 # change && to || when we support NID additional processing 108 grep -w "LP" dig.out.$n > /dev/null && ret=1 109 grep -w "L64" dig.out.$n > /dev/null && ret=1 110 grep -w "L32" dig.out.$n > /dev/null && ret=1 111 else 112 grep -w "LP" dig.out.$n > /dev/null && ret=1 113 grep -w "L64" dig.out.$n > /dev/null && ret=1 114 grep -w "L32" dig.out.$n > /dev/null && ret=1 115 fi 116 if [ $ret -eq 1 ] ; then 117 echo_i "failed"; status=$((status+1)) 118 fi 119 120 n=`expr $n + 1` 121 echo_i "test with RT, single zone (+norec) ($n)" 122 ret=0 123 $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 124 if [ $ret -eq 1 ] ; then 125 echo_i "failed"; status=$((status+1)) 126 fi 127 128 n=`expr $n + 1` 129 echo_i "test with RT, two zones (+norec) ($n)" 130 ret=0 131 $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 132 if [ $ret -eq 1 ] ; then 133 echo_i "failed"; status=$((status+1)) 134 fi 135 136 n=`expr $n + 1` 137 echo_i "test with NAPTR, single zone (+norec) ($n)" 138 ret=0 139 $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 140 if [ $ret -eq 1 ] ; then 141 echo_i "failed"; status=$((status+1)) 142 fi 143 144 n=`expr $n + 1` 145 echo_i "test with NAPTR, two zones (+norec) ($n)" 146 ret=0 147 $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 148 if [ $ret -eq 1 ] ; then 149 echo_i "failed"; status=$((status+1)) 150 fi 151 152 n=`expr $n + 1` 153 echo_i "test with LP (+norec) ($n)" 154 ret=0 155 $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 156 case $minimal in 157 no) 158 grep -w "NS" dig.out.$n > /dev/null || ret=1 159 grep -w "L64" dig.out.$n > /dev/null || ret=1 160 grep -w "L32" dig.out.$n > /dev/null || ret=1 161 ;; 162 yes) 163 grep -w "NS" dig.out.$n > /dev/null && ret=1 164 grep -w "L64" dig.out.$n > /dev/null && ret=1 165 grep -w "L32" dig.out.$n > /dev/null && ret=1 166 ;; 167 no-auth) 168 grep -w "NS" dig.out.$n > /dev/null && ret=1 169 grep -w "L64" dig.out.$n > /dev/null || ret=1 170 grep -w "L32" dig.out.$n > /dev/null || ret=1 171 ;; 172 no-auth-recursive) 173 grep -w "NS" dig.out.$n > /dev/null || ret=1 174 grep -w "L64" dig.out.$n > /dev/null || ret=1 175 grep -w "L32" dig.out.$n > /dev/null || ret=1 176 ;; 177 esac 178 if [ $ret -eq 1 ] ; then 179 echo_i "failed"; status=$((status+1)) 180 fi 181 182 n=`expr $n + 1` 183 echo_i "test with NID (+norec) ($n)" 184 ret=0 185 $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 186 if [ $minimal = no ] ; then 187 # change && to || when we support NID additional processing 188 grep -w "L64" dig.out.$n > /dev/null && ret=1 189 grep -w "L32" dig.out.$n > /dev/null && ret=1 190 else 191 grep -w "L64" dig.out.$n > /dev/null && ret=1 192 grep -w "L32" dig.out.$n > /dev/null && ret=1 193 fi 194 if [ $ret -eq 1 ] ; then 195 echo_i "failed"; status=$((status+1)) 196 fi 197 198 n=`expr $n + 1` 199 echo_i "test with NID + LP (+norec) ($n)" 200 ret=0 201 $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 202 if [ $minimal = no ] ; then 203 # change && to || when we support NID additional processing 204 grep -w "LP" dig.out.$n > /dev/null && ret=1 205 grep -w "L64" dig.out.$n > /dev/null && ret=1 206 grep -w "L32" dig.out.$n > /dev/null && ret=1 207 else 208 grep -w "LP" dig.out.$n > /dev/null && ret=1 209 grep -w "L64" dig.out.$n > /dev/null && ret=1 210 grep -w "L32" dig.out.$n > /dev/null && ret=1 211 fi 212 if [ $ret -eq 1 ] ; then 213 echo_i "failed"; status=$((status+1)) 214 fi 215 216 n=`expr $n + 1` 217 echo_i "test with NS, root zone ($n)" 218 ret=0 219 $DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1 220 # Always expect glue for root priming queries, regardless $minimal 221 grep 'ADDITIONAL: 3' dig.out.$n > /dev/null || ret=1 222 if [ $ret -eq 1 ] ; then 223 echo_i "failed"; status=$((status+1)) 224 fi 225 226 n=`expr $n + 1` 227 echo_i "test with NS, non-root zone ($n)" 228 ret=0 229 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1 230 case $minimal in 231 yes) 232 grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1 233 ;; 234 no) 235 grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1 236 ;; 237 no-auth) 238 grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1 239 ;; 240 no-auth-recursive) 241 grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1 242 ;; 243 esac 244 if [ $ret -eq 1 ] ; then 245 echo_i "failed"; status=$((status+1)) 246 fi 247} 248 249echo_i "testing with 'minimal-responses yes;'" 250minimal=yes 251dotests 252 253echo_i "reconfiguring server: minimal-responses no" 254copy_setports ns1/named2.conf.in ns1/named.conf 255rndc_reconfig ns1 10.53.0.1 256 257echo_i "testing with 'minimal-responses no;'" 258minimal=no 259dotests 260 261n=`expr $n + 1` 262echo_i "testing with 'minimal-any no;' ($n)" 263ret=0 264$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1 265grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2" dig.out.$n > /dev/null || ret=1 266if [ $ret -eq 1 ] ; then 267 echo_i "failed"; status=$((status+1)) 268fi 269 270echo_i "reconfiguring server: minimal-any yes" 271copy_setports ns1/named3.conf.in ns1/named.conf 272rndc_reconfig ns1 10.53.0.1 273 274n=`expr $n + 1` 275echo_i "testing with 'minimal-any yes;' over UDP ($n)" 276ret=0 277$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 278grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 279if [ $ret -eq 1 ] ; then 280 echo_i "failed"; status=$((status+1)) 281fi 282n=`expr $n + 1` 283 284echo_i "testing with 'minimal-any yes;' over TCP ($n)" 285ret=0 286$DIG $DIGOPTS -t ANY +tcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 287grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 288if [ $ret -eq 1 ] ; then 289 echo_i "failed"; status=$((status+1)) 290fi 291 292n=`expr $n + 1` 293echo_i "testing with 'minimal-any yes;' over UDP ($n)" 294ret=0 295$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 296grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 297if [ $ret -eq 1 ] ; then 298 echo_i "failed"; status=$((status+1)) 299fi 300 301echo_i "testing with 'minimal-responses no-auth;'" 302minimal=no-auth 303dotests 304 305echo_i "reconfiguring server: minimal-responses no-auth-recursive" 306copy_setports ns1/named4.conf.in ns1/named.conf 307rndc_reconfig ns1 10.53.0.1 308 309echo_i "testing with 'minimal-responses no-auth-recursive;'" 310minimal=no-auth-recursive 311dotests 312 313n=`expr $n + 1` 314echo_i "testing returning TLSA records with MX query ($n)" 315ret=0 316$DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1 317grep "mx\.example\..*MX.0 mail\.mx\.example" dig.out.$n > /dev/null || ret=1 318grep "mail\.mx\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1 319grep "_25\._tcp\.mail\.mx\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1 320if [ $ret -eq 1 ] ; then 321 echo_i "failed"; status=$((status+1)) 322fi 323 324n=`expr $n + 1` 325echo_i "testing returning TLSA records with SRV query ($n)" 326ret=0 327$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1 328grep "_xmpp-client\._tcp\.srv\.example\..*SRV.1 0 5222 server\.srv\.example" dig.out.$n > /dev/null || ret=1 329grep "server\.srv\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1 330grep "_5222\._tcp\.server\.srv\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1 331if [ $ret -eq 1 ] ; then 332 echo_i "failed"; status=$((status+1)) 333fi 334 335echo_i "reconfiguring server: minimal-responses no" 336copy_setports ns1/named2.conf.in ns1/named.conf 337rndc_reconfig ns1 10.53.0.1 338 339n=`expr $n + 1` 340echo_i "testing NS handling in ANY responses (authoritative) ($n)" 341ret=0 342$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1 343grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1 344grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1 345if [ $ret -eq 1 ] ; then 346 echo_i "failed"; status=$((status+1)) 347fi 348 349n=`expr $n + 1` 350echo_i "testing NS handling in ANY responses (recursive) ($n)" 351ret=0 352$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1 353grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1 354grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1 355if [ $ret -eq 1 ] ; then 356 echo_i "failed"; status=$((status+1)) 357fi 358 359n=`expr $n + 1` 360echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)" 361ret=0 362$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1 363grep "ADDITIONAL: 2" dig.out.$n > /dev/null || ret=1 364if [ $ret -eq 1 ] ; then 365 echo_i "failed"; status=$((status+1)) 366fi 367 368n=`expr $n + 1` 369echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)" 370ret=0 371$DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1 372grep "ADDITIONAL: 3" dig.out.$n > /dev/null || ret=1 373if [ $ret -eq 1 ] ; then 374 echo_i "failed"; status=$((status+1)) 375fi 376 377echo_i "exit status: $status" 378[ $status -eq 0 ] || exit 1 379