1#!/bin/sh -x 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16# shellcheck source=conf.sh 17SYSTEMTESTTOP=.. 18. "$SYSTEMTESTTOP/conf.sh" 19 20dig_with_opts() { 21 "$DIG" -p "${PORT}" "$@" 22} 23 24rndccmd() ( 25 "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" 26) 27 28_wait_for_message() ( 29 nextpartpeek "$1" > wait_for_message.$n 30 grep -F "$2" wait_for_message.$n >/dev/null 31) 32 33wait_for_message() ( 34 retry_quiet 20 _wait_for_message "$@" 35) 36 37_wait_for_rcode() ( 38 rcode="$1" 39 qtype="$2" 40 ns="$3" 41 qname="$4" 42 file="$5" 43 shift 5 44 dig_with_opts "$ns" "$qtype" "$qname" "$@" >"$file" || return 1 45 grep "status: $rcode" "$file" >/dev/null 46) 47 48wait_for_rcode() ( 49 retry_quiet 10 _wait_for_rcode "$@" 50) 51 52wait_for_soa() ( 53 wait_for_rcode NOERROR SOA "$@" 54) 55 56wait_for_a() ( 57 wait_for_rcode NOERROR A "$@" 58) 59 60wait_for_no_soa() { 61 wait_for_rcode REFUSED SOA "$@" 62} 63 64_wait_for_zonefile() ( 65 # shellcheck disable=SC2234 66 [ -f "$1" ] 67) 68 69wait_for_zonefile() ( 70 retry_quiet 10 _wait_for_zonefile "$@" 71) 72 73_wait_for_no_zonefile() ( 74 # shellcheck disable=SC2234 75 [ ! -f "$1" ] 76) 77 78wait_for_no_zonefile() ( 79 retry_quiet 10 _wait_for_no_zonefile "$@" 80) 81 82status=0 83n=0 84########################################################################## 85echo_i "Testing adding/removing of domain in catalog zone" 86n=$((n+1)) 87echo_i "checking that dom1.example. is not served by primary ($n)" 88ret=0 89wait_for_no_soa @10.53.0.1 dom1.example. dig.out.test$n || ret=1 90if [ $ret -ne 0 ]; then echo_i "failed"; fi 91status=$((status+ret)) 92 93n=$((n+1)) 94echo_i "Adding a domain dom1.example. to primary via RNDC ($n)" 95ret=0 96# enough initial content for IXFR response when TXT record is added below 97echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom1.example.db 98echo "@ 3600 IN NS invalid." >> ns1/dom1.example.db 99echo "foo 3600 IN TXT some content here" >> ns1/dom1.example.db 100echo "bar 3600 IN TXT some content here" >> ns1/dom1.example.db 101echo "xxx 3600 IN TXT some content here" >> ns1/dom1.example.db 102echo "yyy 3600 IN TXT some content here" >> ns1/dom1.example.db 103rndccmd 10.53.0.1 addzone dom1.example. '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1 104if [ $ret -ne 0 ]; then echo_i "failed"; fi 105status=$((status+ret)) 106 107n=$((n+1)) 108echo_i "checking that dom1.example. is now served by primary ($n)" 109ret=0 110wait_for_soa @10.53.0.1 dom1.example. dig.out.test$n || ret=1 111if [ $ret -ne 0 ]; then echo_i "failed"; fi 112status=$((status+ret)) 113 114nextpart ns2/named.run >/dev/null 115 116n=$((n+1)) 117echo_i "Adding domain dom1.example. to catalog1 zone ($n)" 118ret=0 119$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 120 server 10.53.0.1 ${PORT} 121 update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN PTR dom1.example. 122 send 123END 124if [ $ret -ne 0 ]; then echo_i "failed"; fi 125status=$((status+ret)) 126 127n=$((n+1)) 128echo_i "waiting for secondary to sync up ($n)" 129ret=0 130wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" && 131wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 132if [ $ret -ne 0 ]; then echo_i "failed"; fi 133status=$((status+ret)) 134 135n=$((n+1)) 136echo_i "checking that dom1.example. is served by secondary ($n)" 137ret=0 138wait_for_soa @10.53.0.2 dom1.example. dig.out.test$n || ret=1 139if [ $ret -ne 0 ]; then echo_i "failed"; fi 140status=$((status+ret)) 141 142n=$((n+1)) 143echo_i "checking that zone-directory is populated ($n)" 144ret=0 145wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 146if [ $ret -ne 0 ]; then echo_i "failed"; fi 147status=$((status+ret)) 148 149n=$((n+1)) 150echo_i "update dom1.example. ($n)" 151ret=0 152$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 153 server 10.53.0.1 ${PORT} 154 update add dom1.example 0 IN TXT added record 155 send 156END 157if [ $ret -ne 0 ]; then echo_i "failed"; fi 158status=$((status+ret)) 159 160n=$((n+1)) 161echo_i "wait for secondary to be updated ($n)" 162ret=0 163wait_for_txt() { 164 dig_with_opts @10.53.0.2 TXT dom1.example. > dig.out.test$n || return 1 165 grep "ANSWER: 1," dig.out.test$n > /dev/null || return 1 166 grep "status: NOERROR" dig.out.test$n > /dev/null || return 1 167 grep "IN.TXT." dig.out.test$n > /dev/null || return 1 168} 169retry_quiet 10 wait_for_txt || ret=1 170if [ $ret -ne 0 ]; then echo_i "failed"; fi 171status=$((status+ret)) 172 173n=$((n+1)) 174echo_i "check that journal was created for cleanup test ($n)" 175ret=0 176test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret=1 177if [ $ret -ne 0 ]; then echo_i "failed"; fi 178status=$((status+ret)) 179 180n=$((n+1)) 181echo_i "update catalog zone serial ($n)" 182ret=0 183# default minimum update rate is once / 5 seconds 184sleep 5 185$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 186 server 10.53.0.1 ${PORT} 187 update add catalog1.example 3600 SOA . . 20 86400 3600 86400 3600 188 send 189END 190if [ $ret -ne 0 ]; then echo_i "failed"; fi 191status=$((status+ret)) 192 193n=$((n+1)) 194echo_i "wait for catalog zone to transfer ($n)" 195ret=0 196wait_for_soa_equal_20() { 197 dig_with_opts @10.53.0.2 SOA catalog1.example. > dig.out.test$n || return 1 198 grep "ANSWER: 1," dig.out.test$n > /dev/null || return 1 199 grep "status: NOERROR" dig.out.test$n > /dev/null || return 1 200 grep 'IN.SOA.\. \. 20 ' dig.out.test$n > /dev/null || return 1 201} 202retry_quiet 10 wait_for_soa_equal_20 || ret=1 203if [ $ret -ne 0 ]; then echo_i "failed"; fi 204status=$((status+ret)) 205 206n=$((n+1)) 207echo_i "update dom1.example. again ($n)" 208ret=0 209$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 210 server 10.53.0.1 ${PORT} 211 update add foo.dom1.example 0 IN TXT added record 212 send 213END 214if [ $ret -ne 0 ]; then echo_i "failed"; fi 215status=$((status+ret)) 216 217n=$((n+1)) 218echo_i "wait for secondary to be updated again ($n)" 219ret=0 220wait_for_txt() { 221 dig_with_opts @10.53.0.2 TXT foo.dom1.example. > dig.out.test$n || return 1 222 grep "ANSWER: 2," dig.out.test$n > /dev/null || return 1 223 grep "status: NOERROR" dig.out.test$n > /dev/null || return 1 224 grep "IN.TXT." dig.out.test$n > /dev/null || return 1 225} 226retry_quiet 10 wait_for_txt || ret=1 227if [ $ret -ne 0 ]; then echo_i "failed"; fi 228status=$((status+ret)) 229 230n=$((n+1)) 231echo_i "removing domain dom1.example. from catalog1 zone ($n)" 232ret=0 233$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 234 server 10.53.0.1 ${PORT} 235 update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example 236 send 237END 238if [ $ret -ne 0 ]; then echo_i "failed"; fi 239status=$((status+ret)) 240 241n=$((n+1)) 242echo_i "waiting for secondary to sync up ($n)" 243ret=0 244wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN: shutting down" || ret=1 245if [ $ret -ne 0 ]; then echo_i "failed"; fi 246status=$((status+ret)) 247 248n=$((n+1)) 249echo_i "checking that dom1.example. is not served by secondary ($n)" 250ret=0 251wait_for_no_soa @10.53.0.2 dom1.example. dig.out.test$n || ret=1 252if [ $ret -ne 0 ]; then echo_i "failed"; fi 253status=$((status+ret)) 254 255n=$((n+1)) 256echo_i "checking that zone-directory is emptied ($n)" 257ret=0 258wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 259wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl" || ret=1 260if [ $ret -ne 0 ]; then echo_i "failed"; fi 261status=$((status+ret)) 262 263########################################################################## 264echo_i "Testing various simple operations on domains, including using multiple catalog zones and garbage in zone" 265n=$((n+1)) 266echo_i "adding domain dom2.example. to primary via RNDC ($n)" 267ret=0 268echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom2.example.db 269echo "@ IN NS invalid." >> ns1/dom2.example.db 270rndccmd 10.53.0.1 addzone dom2.example. '{type primary; file "dom2.example.db";};' || ret=1 271if [ $ret -ne 0 ]; then echo_i "failed"; fi 272status=$((status+ret)) 273 274n=$((n+1)) 275echo_i "adding domain dom4.example. to primary via RNDC ($n)" 276ret=0 277echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom4.example.db 278echo "@ IN NS invalid." >> ns1/dom4.example.db 279rndccmd 10.53.0.1 addzone dom4.example. '{type primary; file "dom4.example.db";};' || ret=1 280if [ $ret -ne 0 ]; then echo_i "failed"; fi 281status=$((status+ret)) 282 283n=$((n+1)) 284echo_i "adding domains dom2.example, dom3.example. and some garbage to catalog1 zone ($n)" 285ret=0 286$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 287 server 10.53.0.1 ${PORT} 288 update add 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. 289 update add b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. 290 update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. 291 update add trash.catalog1.example. 3600 IN A 1.2.3.4 292 update add trash2.foo.catalog1.example. 3600 IN A 1.2.3.4 293 update add trash3.zones.catalog1.example. 3600 IN NS a.dom2.example. 294 update add foobarbaz.b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. 295 update add blahblah.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. 296 update add foobarbaz.b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN APL 1:1.2.3.4/30 297 update add blahblah.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "blah blah" 298 update add version.catalog1.example. 3600 IN A 1.2.3.4 299 send 300 301END 302if [ $ret -ne 0 ]; then echo_i "failed"; fi 303status=$((status+ret)) 304 305n=$((n+1)) 306echo_i "adding domain dom4.example. to catalog2 zone ($n)" 307ret=0 308$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 309 server 10.53.0.3 ${PORT} 310 update add de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4.example. 311 send 312END 313if [ $ret -ne 0 ]; then echo_i "failed"; fi 314status=$((status+ret)) 315 316 317n=$((n+1)) 318echo_i "waiting for secondary to sync up ($n)" 319ret=0 320wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" && 321wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 322if [ $ret -ne 0 ]; then echo_i "failed"; fi 323status=$((status+ret)) 324 325n=$((n+1)) 326echo_i "checking that dom4.example. is served by secondary ($n)" 327ret=0 328wait_for_soa @10.53.0.2 dom4.example. dig.out.test$n || ret=1 329if [ $ret -ne 0 ]; then echo_i "failed"; fi 330status=$((status+ret)) 331 332 333n=$((n+1)) 334echo_i "checking that dom3.example. is not served by primary ($n)" 335ret=0 336wait_for_no_soa @10.53.0.1 dom3.example. dig.out.test$n || ret=1 337if [ $ret -ne 0 ]; then echo_i "failed"; fi 338status=$((status+ret)) 339 340n=$((n+1)) 341echo_i "adding a domain dom3.example. to primary via RNDC ($n)" 342ret=0 343echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom3.example.db 344echo "@ IN NS invalid." >> ns1/dom3.example.db 345rndccmd 10.53.0.1 addzone dom3.example. '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 346if [ $ret -ne 0 ]; then echo_i "failed"; fi 347status=$((status+ret)) 348 349n=$((n+1)) 350echo_i "checking that dom3.example. is served by primary ($n)" 351ret=0 352wait_for_soa @10.53.0.1 dom3.example. dig.out.test$n || ret=1 353if [ $ret -ne 0 ]; then echo_i "failed"; fi 354status=$((status+ret)) 355 356n=$((n+1)) 357echo_i "waiting for secondary to sync up ($n)" 358ret=0 359wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && 360wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && 361wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && 362wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 363if [ $ret -ne 0 ]; then echo_i "failed"; fi 364status=$((status+ret)) 365 366n=$((n+1)) 367echo_i "checking that dom3.example. is served by secondary ($n)" 368ret=0 369wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1 370if [ $ret -ne 0 ]; then echo_i "failed"; fi 371status=$((status+ret)) 372 373n=$((n+1)) 374echo_i "reconfiguring secondary - checking if catz survives a certain class of failed reconfiguration attempts ($n)" 375ret=0 376sed -e "s/^#T3//" < ns2/named1.conf.in > ns2/named.conf.tmp 377copy_setports ns2/named.conf.tmp ns2/named.conf 378$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1 379if [ $ret -ne 0 ]; then echo_i "failed"; fi 380status=$((status+ret)) 381 382n=$((n+1)) 383echo_i "checking again that dom3.example. is served by secondary ($n)" 384ret=0 385wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1 386if [ $ret -ne 0 ]; then echo_i "failed"; fi 387status=$((status+ret)) 388 389n=$((n+1)) 390echo_i "reconfiguring secondary - reverting the bad configuration ($n)" 391ret=0 392copy_setports ns2/named1.conf.in ns2/named.conf 393rndccmd 10.53.0.2 reconfig || ret=1 394if [ $ret -ne 0 ]; then echo_i "failed"; fi 395status=$((status+ret)) 396 397n=$((n+1)) 398echo_i "removing all records from catalog1 zone ($n)" 399ret=0 400$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 401 server 10.53.0.1 ${PORT} 402 update delete 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. 403 update delete b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. 404 update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. 405 update delete trash.catalog1.example. 3600 IN A 1.2.3.4 406 update delete trash2.foo.catalog1.example. 3600 IN A 1.2.3.4 407 update delete trash3.zones.catalog1.example. 3600 IN NS a.dom2.example. 408 update delete foobarbaz.b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. 409 update delete blahblah.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. 410 update delete foobarbaz.b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN APL 1:1.2.3.4/30 411 update delete blahblah.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "blah blah" 412 update delete version.catalog1.example. 3600 IN A 1.2.3.4 413 send 414 415END 416if [ $ret -ne 0 ]; then echo_i "failed"; fi 417status=$((status+ret)) 418 419n=$((n+1)) 420echo_i "removing all records from catalog2 zone ($n)" 421ret=0 422$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 423 server 10.53.0.3 ${PORT} 424 update delete de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4.example. 425 send 426END 427if [ $ret -ne 0 ]; then echo_i "failed"; fi 428status=$((status+ret)) 429 430########################################################################## 431echo_i "Testing masters suboption and random labels" 432n=$((n+1)) 433echo_i "adding dom5.example. with a valid masters suboption (IP without TSIG) and a random label ($n)" 434ret=0 435$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 436 server 10.53.0.1 ${PORT} 437 update add somerandomlabel.zones.catalog1.example. 3600 IN PTR dom5.example. 438 update add masters.somerandomlabel.zones.catalog1.example. 3600 IN A 10.53.0.3 439 send 440END 441if [ $ret -ne 0 ]; then echo_i "failed"; fi 442status=$((status+ret)) 443 444n=$((n+1)) 445echo_i "waiting for secondary to sync up ($n)" 446ret=0 447wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" && 448wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 449if [ $ret -ne 0 ]; then echo_i "failed"; fi 450status=$((status+ret)) 451 452n=$((n+1)) 453echo_i "checking that dom5.example. is served by secondary ($n)" 454ret=0 455wait_for_soa @10.53.0.2 dom5.example. dig.out.test$n || ret=1 456if [ $ret -ne 0 ]; then echo_i "failed"; fi 457status=$((status+ret)) 458 459n=$((n+1)) 460echo_i "removing dom5.example. ($n)" 461ret=0 462$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 463 server 10.53.0.1 ${PORT} 464 update delete somerandomlabel.zones.catalog1.example. 3600 IN PTR dom5.example. 465 update delete masters.somerandomlabel.zones.catalog1.example. 3600 IN A 10.53.0.3 466 send 467END 468if [ $ret -ne 0 ]; then echo_i "failed"; fi 469status=$((status+ret)) 470 471n=$((n+1)) 472echo_i "waiting for secondary to sync up ($n)" 473ret=0 474wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1 475if [ $ret -ne 0 ]; then echo_i "failed"; fi 476status=$((status+ret)) 477 478n=$((n+1)) 479echo_i "checking that dom5.example. is no longer served by secondary ($n)" 480ret=0 481wait_for_no_soa @10.53.0.2 dom5.example. dig.out.test$n || ret=1 482if [ $ret -ne 0 ]; then echo_i "failed"; fi 483status=$((status+ret)) 484 485 486########################################################################## 487echo_i "Testing masters global option" 488n=$((n+1)) 489echo_i "adding dom6.example. and a valid global masters option (IP without TSIG) ($n)" 490ret=0 491$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 492 server 10.53.0.1 ${PORT} 493 update add masters.catalog1.example. 3600 IN A 10.53.0.3 494 update add masters.catalog1.example. 3600 IN AAAA fd92:7065:b8e:ffff::3 495 update add 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. 496 send 497END 498if [ $ret -ne 0 ]; then echo_i "failed"; fi 499status=$((status+ret)) 500 501n=$((n+1)) 502echo_i "waiting for secondary to sync up ($n)" 503ret=0 504wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" && 505wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " > /dev/null || ret=1 506if [ $ret -ne 0 ]; then echo_i "failed"; fi 507status=$((status+ret)) 508 509n=$((n+1)) 510echo_i "checking that dom6.example. is served by secondary ($n)" 511ret=0 512wait_for_soa @10.53.0.2 dom6.example. dig.out.test$n || ret=1 513if [ $ret -ne 0 ]; then echo_i "failed"; fi 514status=$((status+ret)) 515 516n=$((n+1)) 517echo_i "removing dom6.example. ($n)" 518ret=0 519$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 520 server 10.53.0.1 ${PORT} 521 update delete masters.catalog1.example. 3600 IN A 10.53.0.3 522 update delete masters.catalog1.example. 3600 IN AAAA fd92:7065:b8e:ffff::3 523 update delete 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. 524 send 525END 526if [ $ret -ne 0 ]; then echo_i "failed"; fi 527status=$((status+ret)) 528 529n=$((n+1)) 530echo_i "waiting for secondary to sync up ($n)" 531ret=0 532wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1 533if [ $ret -ne 0 ]; then echo_i "failed"; fi 534status=$((status+ret)) 535 536n=$((n+1)) 537echo_i "checking that dom6.example. is no longer served by secondary ($n)" 538ret=0 539wait_for_no_soa @10.53.0.2 dom6.example. dig.out.test$n || ret=1 540if [ $ret -ne 0 ]; then echo_i "failed"; fi 541status=$((status+ret)) 542 543nextpart ns2/named.run >/dev/null 544 545n=$((n+1)) 546echo_i "adding dom6.example. and an invalid global masters option (TSIG without IP) ($n)" 547ret=0 548$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 549 server 10.53.0.1 ${PORT} 550 update add label1.masters.catalog1.example. 3600 IN TXT "tsig_key" 551 update add 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. 552 send 553END 554if [ $ret -ne 0 ]; then echo_i "failed"; fi 555status=$((status+ret)) 556 557n=$((n+1)) 558echo_i "waiting for secondary to sync up ($n)" 559ret=0 560wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" && 561wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom6.example\"" || ret=1 562if [ $ret -ne 0 ]; then echo_i "failed"; fi 563status=$((status+ret)) 564 565n=$((n+1)) 566echo_i "removing dom6.example. ($n)" 567ret=0 568$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 569 server 10.53.0.1 ${PORT} 570 update delete label1.masters.catalog1.example. 3600 IN TXT "tsig_key" 571 update delete 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example. 572 send 573END 574if [ $ret -ne 0 ]; then echo_i "failed"; fi 575status=$((status+ret)) 576 577n=$((n+1)) 578echo_i "waiting for secondary to sync up ($n)" 579ret=0 580wait_for_message ns2/named.run "catz: deleting zone 'dom6.example' from catalog 'catalog1.example' - success" > /dev/null || ret=1 581if [ $ret -ne 0 ]; then echo_i "failed"; fi 582status=$((status+ret)) 583 584########################################################################## 585n=$((n+1)) 586echo_i "Checking that a missing zone directory forces in-memory ($n)" 587ret=0 588grep "'nonexistent' not found; zone files will not be saved" ns2/named.run > /dev/null || ret=1 589if [ $ret -ne 0 ]; then echo_i "failed"; fi 590status=$((status+ret)) 591 592########################################################################## 593echo_i "Testing allow-query and allow-transfer ACLs" 594n=$((n+1)) 595echo_i "adding domains dom7.example. and dom8.example. to primary via RNDC ($n)" 596ret=0 597echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom7.example.db 598echo "@ IN NS invalid." >> ns1/dom7.example.db 599rndccmd 10.53.0.1 addzone dom7.example. '{type primary; file "dom7.example.db";};' || ret=1 600if [ $ret -ne 0 ]; then echo_i "failed"; fi 601status=$((status+ret)) 602echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom8.example.db 603echo "@ IN NS invalid." >> ns1/dom8.example.db 604rndccmd 10.53.0.1 addzone dom8.example. '{type primary; file "dom8.example.db";};' || ret=1 605if [ $ret -ne 0 ]; then echo_i "failed"; fi 606status=$((status+ret)) 607 608n=$((n+1)) 609echo_i "checking that dom7.example. is now served by primary ($n)" 610ret=0 611wait_for_soa @10.53.0.1 dom7.example. dig.out.test$n || ret=1 612if [ $ret -ne 0 ]; then echo_i "failed"; fi 613status=$((status+ret)) 614 615nextpart ns2/named.run >/dev/null 616 617n=$((n+1)) 618echo_i "adding domain dom7.example. to catalog1 zone with an allow-query statement ($n)" 619ret=0 620$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 621 server 10.53.0.1 ${PORT} 622 update add 78833ec3c0059fd4540fee81c7eaddce088e7cd7.zones.catalog1.example. 3600 IN PTR dom7.example. 623 update add allow-query.78833ec3c0059fd4540fee81c7eaddce088e7cd7.zones.catalog1.example. 3600 IN APL 1:10.53.0.1/32 !1:10.53.0.0/30 1:0.0.0.0/0 624 send 625END 626if [ $ret -ne 0 ]; then echo_i "failed"; fi 627status=$((status+ret)) 628 629n=$((n+1)) 630echo_i "waiting for secondary to sync up ($n)" 631ret=0 632wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" > /dev/null && 633wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 634if [ $ret -ne 0 ]; then echo_i "failed"; fi 635status=$((status+ret)) 636 637n=$((n+1)) 638echo_i "checking that dom7.example. is accessible from 10.53.0.1 ($n)" 639ret=0 640wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.1 || ret=1 641if [ $ret -ne 0 ]; then echo_i "failed"; fi 642status=$((status+ret)) 643 644n=$((n+1)) 645echo_i "checking that dom7.example. is not accessible from 10.53.0.2 ($n)" 646ret=0 647wait_for_no_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.2 || ret=1 648if [ $ret -ne 0 ]; then echo_i "failed"; fi 649status=$((status+ret)) 650 651n=$((n+1)) 652echo_i "checking that dom7.example. is accessible from 10.53.0.5 ($n)" 653ret=0 654wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.5 || ret=1 655if [ $ret -ne 0 ]; then echo_i "failed"; fi 656status=$((status+ret)) 657 658nextpart ns2/named.run >/dev/null 659n=$((n+1)) 660echo_i "adding dom8.example. domain and global allow-query and allow-transfer ACLs ($n)" 661ret=0 662$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 663 server 10.53.0.1 ${PORT} 664 update add cba95222e308baba42417be6021026fdf20827b6.zones.catalog1.example. 3600 IN PTR dom8.example 665 update add allow-query.catalog1.example. 3600 IN APL 1:10.53.0.1/32 666 update add allow-transfer.catalog1.example. 3600 IN APL 1:10.53.0.2/32 667 send 668END 669if [ $ret -ne 0 ]; then echo_i "failed"; fi 670status=$((status+ret)) 671 672n=$((n+1)) 673echo_i "waiting for secondary to sync up ($n)" 674ret=0 675wait_for_message ns2/named.run "catz: update_from_db: new zone merged" && 676wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 677if [ $ret -ne 0 ]; then echo_i "failed"; fi 678status=$((status+ret)) 679 680n=$((n+1)) 681echo_i "checking that dom8.example. is accessible from 10.53.0.1 ($n)" 682ret=0 683wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.1 || ret=1 684if [ $ret -ne 0 ]; then echo_i "failed"; fi 685status=$((status+ret)) 686 687n=$((n+1)) 688echo_i "checking that dom8.example. is not accessible from 10.53.0.2 ($n)" 689ret=0 690wait_for_no_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.2 || ret=1 691if [ $ret -ne 0 ]; then echo_i "failed"; fi 692status=$((status+ret)) 693 694n=$((n+1)) 695echo_i "checking that dom8.example. is not AXFR accessible from 10.53.0.1 ($n)" 696ret=0 697dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n 698grep "Transfer failed." dig.out.test$n > /dev/null || ret=1 699if [ $ret -ne 0 ]; then echo_i "failed"; fi 700status=$((status+ret)) 701 702n=$((n+1)) 703echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)" 704ret=0 705dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n 706grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1 707if [ $ret -ne 0 ]; then echo_i "failed"; fi 708status=$((status+ret)) 709 710nextpart ns2/named.run >/dev/null 711n=$((n+1)) 712echo_i "deleting global allow-query and allow-domain ACLs ($n)" 713ret=0 714$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 715 server 10.53.0.1 ${PORT} 716 update delete allow-query.catalog1.example. 3600 IN APL 1:10.53.0.1/32 717 update delete allow-transfer.catalog1.example. 3600 IN APL 1:10.53.0.2/32 718 send 719END 720if [ $ret -ne 0 ]; then echo_i "failed"; fi 721status=$((status+ret)) 722ret=0 723wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 724if [ $ret -ne 0 ]; then echo_i "failed"; fi 725status=$((status+ret)) 726 727n=$((n+1)) 728echo_i "checking that dom8.example. is accessible from 10.53.0.1 ($n)" 729ret=0 730wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.1 || ret=1 731if [ $ret -ne 0 ]; then echo_i "failed"; fi 732status=$((status+ret)) 733 734n=$((n+1)) 735echo_i "checking that dom8.example. is accessible from 10.53.0.2 ($n)" 736ret=0 737wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.2 || ret=1 738if [ $ret -ne 0 ]; then echo_i "failed"; fi 739status=$((status+ret)) 740 741n=$((n+1)) 742echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.1 ($n)" 743ret=0 744dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n 745grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1 746if [ $ret -ne 0 ]; then echo_i "failed"; fi 747status=$((status+ret)) 748 749n=$((n+1)) 750echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)" 751ret=0 752dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n 753grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1 754if [ $ret -ne 0 ]; then echo_i "failed"; fi 755status=$((status+ret)) 756 757 758########################################################################## 759echo_i "Testing TSIG keys for masters set per-domain" 760n=$((n+1)) 761echo_i "adding a domain dom9.example. to primary via RNDC, with transfers allowed only with TSIG key ($n)" 762ret=0 763echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom9.example.db 764echo "@ IN NS invalid." >> ns1/dom9.example.db 765rndccmd 10.53.0.1 addzone dom9.example. '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1 766if [ $ret -ne 0 ]; then echo_i "failed"; fi 767status=$((status+ret)) 768 769n=$((n+1)) 770echo_i "checking that dom9.example. is now served by primary ($n)" 771ret=0 772wait_for_soa @10.53.0.1 dom9.example. dig.out.test$n || ret=1 773if [ $ret -ne 0 ]; then echo_i "failed"; fi 774status=$((status+ret)) 775 776nextpart ns2/named.run >/dev/null 777 778n=$((n+1)) 779echo_i "adding domain dom9.example. to catalog1 zone with a valid masters suboption (IP with TSIG) ($n)" 780ret=0 781$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 782 server 10.53.0.1 ${PORT} 783 update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. 784 update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 785 update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" 786 send 787END 788if [ $ret -ne 0 ]; then echo_i "failed"; fi 789status=$((status+ret)) 790 791n=$((n+1)) 792echo_i "waiting for secondary to sync up ($n)" 793ret=0 794wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" && 795wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 796if [ $ret -ne 0 ]; then echo_i "failed"; fi 797status=$((status+ret)) 798 799n=$((n+1)) 800echo_i "checking that dom9.example. is accessible on secondary ($n)" 801ret=0 802wait_for_soa @10.53.0.2 dom9.example. dig.out.test$n || ret=1 803if [ $ret -ne 0 ]; then echo_i "failed"; fi 804status=$((status+ret)) 805 806n=$((n+1)) 807echo_i "deleting domain dom9.example. from catalog1 zone ($n)" 808ret=0 809$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 810 server 10.53.0.1 ${PORT} 811 update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. 812 update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1 813 update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" 814 send 815END 816if [ $ret -ne 0 ]; then echo_i "failed"; fi 817status=$((status+ret)) 818 819n=$((n+1)) 820echo_i "waiting for secondary to sync up ($n)" 821ret=0 822wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example' - success" || ret=1 823if [ $ret -ne 0 ]; then echo_i "failed"; fi 824status=$((status+ret)) 825 826n=$((n+1)) 827echo_i "checking that dom9.example. is no longer accessible on secondary ($n)" 828ret=0 829wait_for_no_soa @10.53.0.2 dom9.example. dig.out.test$n || ret=1 830if [ $ret -ne 0 ]; then echo_i "failed"; fi 831status=$((status+ret)) 832 833nextpart ns2/named.run >/dev/null 834 835n=$((n+1)) 836echo_i "adding domain dom9.example. to catalog1 zone with an invalid masters suboption (TSIG without IP) ($n)" 837ret=0 838$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 839 server 10.53.0.1 ${PORT} 840 update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. 841 update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" 842 send 843END 844if [ $ret -ne 0 ]; then echo_i "failed"; fi 845status=$((status+ret)) 846 847n=$((n+1)) 848echo_i "waiting for secondary to sync up ($n)" 849ret=0 850wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" && 851wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom9.example\"" || ret=1 852if [ $ret -ne 0 ]; then echo_i "failed"; fi 853status=$((status+ret)) 854 855n=$((n+1)) 856echo_i "deleting domain dom9.example. from catalog1 zone ($n)" 857ret=0 858$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 859 server 10.53.0.1 ${PORT} 860 update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example. 861 update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key" 862 send 863END 864if [ $ret -ne 0 ]; then echo_i "failed"; fi 865status=$((status+ret)) 866 867n=$((n+1)) 868echo_i "waiting for secondary to sync up ($n)" 869ret=0 870wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example'" || ret=1 871if [ $ret -ne 0 ]; then echo_i "failed"; fi 872status=$((status+ret)) 873 874########################################################################## 875echo_i "Testing catalog entries that can't be represented as filenames" 876# note: we need 4 backslashes in the shell to get 2 backslashes in DNS 877# presentation format, which is 1 backslash on the wire. 878for special in \ 879 this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example \ 880 this.zone/domain.has.a.slash.dom10.example \ 881 this.zone\\\\domain.has.backslash.dom10.example \ 882 this.zone:domain.has.a.colon.dom.10.example 883do 884 # hashes below are generated by: 885 # python ${TOP}/contrib/scripts/catzhash.py "${special}" 886 887 case "$special" in 888 this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example) 889 hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858 890 db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db 891 ;; 892 this.zone/domain.has.a.slash.dom10.example) 893 hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa 894 db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db 895 ;; 896 this.zone\\\\domain.has.backslash.dom10.example) 897 hash=91e27e02153d38cf656a9b376d7747fbcd19f985 898 db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db 899 ;; 900 this.zone:domain.has.a.colon.dom.10.example) 901 hash=8b7238bf4c34045834c573ba4116557ebb24d33c 902 db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db 903 ;; 904 esac 905 906 n=$((n+1)) 907 echo_i "checking that ${special}. is not served by primary ($n)" 908 ret=0 909 wait_for_no_soa @10.53.0.1 "${special}" dig.out.test$n || ret=1 910 if [ $ret -ne 0 ]; then echo_i "failed"; fi 911 status=$((status+ret)) 912 913 n=$((n+1)) 914 echo_i "Adding a domain ${special}. to primary via RNDC ($n)" 915 ret=0 916 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom10.example.db 917 echo "@ IN NS invalid." >> ns1/dom10.example.db 918 rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1 919 if [ $ret -ne 0 ]; then echo_i "failed"; fi 920 status=$((status+ret)) 921 922 n=$((n+1)) 923 echo_i "checking that ${special}. is now served by primary ($n)" 924 ret=0 925 wait_for_soa @10.53.0.1 "${special}." dig.out.test$n || ret=1 926 if [ $ret -ne 0 ]; then echo_i "failed"; fi 927 status=$((status+ret)) 928 929 nextpart ns2/named.run >/dev/null 930 931 n=$((n+1)) 932 echo_i "Adding domain ${special}. to catalog1 zone ($n)" 933 ret=0 934 $NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 935 server 10.53.0.1 ${PORT} 936 update add ${hash}.zones.catalog1.example 3600 IN PTR ${special}. 937 send 938END 939 if [ $ret -ne 0 ]; then echo_i "failed"; fi 940 status=$((status+ret)) 941 942 n=$((n+1)) 943 echo_i "waiting for secondary to sync up ($n)" 944 ret=0 945 wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" && 946 wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 947 if [ $ret -ne 0 ]; then echo_i "failed"; fi 948 status=$((status+ret)) 949 950 n=$((n+1)) 951 echo_i "checking that ${special}. is served by secondary ($n)" 952 ret=0 953 wait_for_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1 954 if [ $ret -ne 0 ]; then echo_i "failed"; fi 955 status=$((status+ret)) 956 957 n=$((n+1)) 958 echo_i "checking that zone-directory is populated with a hashed filename ($n)" 959 ret=0 960 wait_for_zonefile "ns2/zonedir/$db" || ret=1 961 if [ $ret -ne 0 ]; then echo_i "failed"; fi 962 status=$((status+ret)) 963 964 n=$((n+1)) 965 echo_i "removing domain ${special}. from catalog1 zone ($n)" 966 ret=0 967 $NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 968 server 10.53.0.1 ${PORT} 969 update delete ${hash}.zones.catalog1.example 970 send 971END 972 if [ $ret -ne 0 ]; then echo_i "failed"; fi 973 status=$((status+ret)) 974 975 n=$((n+1)) 976 echo_i "waiting for secondary to sync up ($n)" 977 ret=0 978 wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1 979 if [ $ret -ne 0 ]; then echo_i "failed"; fi 980 status=$((status+ret)) 981 982 n=$((n+1)) 983 echo_i "checking that ${special}. is not served by secondary ($n)" 984 ret=0 985 wait_for_no_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1 986 if [ $ret -ne 0 ]; then echo_i "failed"; fi 987 status=$((status+ret)) 988 989 n=$((n+1)) 990 echo_i "checking that zone-directory is emptied ($n)" 991 ret=0 992 wait_for_no_zonefile "ns2/zonedir/$db" || ret=1 993 wait_for_no_zonefile "ns2/zonedir/$db.jnl" || ret=1 994 if [ $ret -ne 0 ]; then echo_i "failed"; fi 995 status=$((status+ret)) 996done 997 998########################################################################## 999echo_i "Testing adding a domain and a subdomain of it" 1000n=$((n+1)) 1001echo_i "checking that dom11.example. is not served by primary ($n)" 1002ret=0 1003wait_for_no_soa @10.53.0.1 dom11.example. dig.out.test$n || ret=1 1004if [ $ret -ne 0 ]; then echo_i "failed"; fi 1005status=$((status+ret)) 1006 1007n=$((n+1)) 1008echo_i "Adding a domain dom11.example. to primary via RNDC ($n)" 1009ret=0 1010echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom11.example.db 1011echo "@ IN NS invalid." >> ns1/dom11.example.db 1012rndccmd 10.53.0.1 addzone dom11.example. '{type primary; file "dom11.example.db";};' || ret=1 1013if [ $ret -ne 0 ]; then echo_i "failed"; fi 1014status=$((status+ret)) 1015 1016n=$((n+1)) 1017echo_i "checking that dom11.example. is now served by primary ($n)" 1018ret=0 1019wait_for_soa @10.53.0.1 dom11.example. dig.out.test$n || ret=1 1020if [ $ret -ne 0 ]; then echo_i "failed"; fi 1021status=$((status+ret)) 1022 1023nextpart ns2/named.run >/dev/null 1024 1025n=$((n+1)) 1026echo_i "Adding domain dom11.example. to catalog1 zone ($n)" 1027ret=0 1028$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1029 server 10.53.0.1 ${PORT} 1030 update add 0580d70e769c86c8b951a488d8b776627f427d7a.zones.catalog1.example. 3600 IN PTR dom11.example. 1031 send 1032END 1033if [ $ret -ne 0 ]; then echo_i "failed"; fi 1034status=$((status+ret)) 1035 1036n=$((n+1)) 1037echo_i "waiting for secondary to sync up ($n)" 1038ret=0 1039wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" && 1040wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1041if [ $ret -ne 0 ]; then echo_i "failed"; fi 1042status=$((status+ret)) 1043 1044n=$((n+1)) 1045echo_i "checking that dom11.example. is served by secondary ($n)" 1046ret=0 1047wait_for_soa @10.53.0.2 dom11.example. dig.out.test$n || ret=1 1048if [ $ret -ne 0 ]; then echo_i "failed"; fi 1049status=$((status+ret)) 1050 1051n=$((n+1)) 1052echo_i "checking that subdomain.of.dom11.example. is not served by primary ($n)" 1053ret=0 1054wait_for_rcode NXDOMAIN SOA @10.53.0.1 subdomain.of.dom11.example. dig.out.test$n || ret=1 1055if [ $ret -ne 0 ]; then echo_i "failed"; fi 1056status=$((status+ret)) 1057 1058n=$((n+1)) 1059echo_i "Adding a domain subdomain.of.dom11.example. to primary via RNDC ($n)" 1060ret=0 1061echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/subdomain.of.dom11.example.db 1062echo "@ IN NS invalid." >> ns1/subdomain.of.dom11.example.db 1063rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1 1064if [ $ret -ne 0 ]; then echo_i "failed"; fi 1065status=$((status+ret)) 1066 1067n=$((n+1)) 1068echo_i "checking that subdomain.of.dom11.example. is now served by primary ($n)" 1069ret=0 1070wait_for_soa @10.53.0.1 subdomain.of.dom11.example. dig.out.test$n || ret=1 1071if [ $ret -ne 0 ]; then echo_i "failed"; fi 1072status=$((status+ret)) 1073 1074nextpart ns2/named.run >/dev/null 1075 1076n=$((n+1)) 1077echo_i "Adding domain subdomain.of.dom11.example. to catalog1 zone ($n)" 1078ret=0 1079$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1080 server 10.53.0.1 ${PORT} 1081 update add 25557e0bdd10cb3710199bb421b776df160f241e.zones.catalog1.example. 3600 IN PTR subdomain.of.dom11.example. 1082 send 1083END 1084if [ $ret -ne 0 ]; then echo_i "failed"; fi 1085status=$((status+ret)) 1086 1087n=$((n+1)) 1088echo_i "waiting for secondary to sync up ($n)" 1089ret=0 1090wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" && 1091wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1092if [ $ret -ne 0 ]; then echo_i "failed"; fi 1093status=$((status+ret)) 1094 1095n=$((n+1)) 1096echo_i "checking that subdomain.of.dom11.example. is served by secondary ($n)" 1097ret=0 1098wait_for_soa @10.53.0.2 subdomain.of.dom11.example. dig.out.test$n || ret=1 1099if [ $ret -ne 0 ]; then echo_i "failed"; fi 1100status=$((status+ret)) 1101 1102n=$((n+1)) 1103echo_i "removing domain dom11.example. from catalog1 zone ($n)" 1104ret=0 1105$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1106 server 10.53.0.1 ${PORT} 1107 update delete 0580d70e769c86c8b951a488d8b776627f427d7a.zones.catalog1.example 1108 send 1109END 1110if [ $ret -ne 0 ]; then echo_i "failed"; fi 1111status=$((status+ret)) 1112 1113n=$((n+1)) 1114echo_i "waiting for secondary to sync up ($n)" 1115ret=0 1116wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1 1117if [ $ret -ne 0 ]; then echo_i "failed"; fi 1118status=$((status+ret)) 1119 1120n=$((n+1)) 1121echo_i "checking that dom11.example. is not served by secondary ($n)" 1122ret=0 1123wait_for_no_soa @10.53.0.2 dom11.example. dig.out.test$n || ret=1 1124if [ $ret -ne 0 ]; then echo_i "failed"; fi 1125status=$((status+ret)) 1126 1127n=$((n+1)) 1128echo_i "checking that subdomain.of.dom11.example. is still served by secondary ($n)" 1129ret=0 1130wait_for_soa @10.53.0.2 subdomain.of.dom11.example. dig.out.test$n || ret=1 1131if [ $ret -ne 0 ]; then echo_i "failed"; fi 1132status=$((status+ret)) 1133 1134n=$((n+1)) 1135echo_i "removing domain subdomain.of.dom11.example. from catalog1 zone ($n)" 1136ret=0 1137$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1138 server 10.53.0.1 ${PORT} 1139 update delete 25557e0bdd10cb3710199bb421b776df160f241e.zones.catalog1.example 1140 send 1141END 1142if [ $ret -ne 0 ]; then echo_i "failed"; fi 1143status=$((status+ret)) 1144 1145n=$((n+1)) 1146echo_i "waiting for secondary to sync up ($n)" 1147ret=0 1148wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1 1149if [ $ret -ne 0 ]; then echo_i "failed"; fi 1150status=$((status+ret)) 1151 1152n=$((n+1)) 1153echo_i "checking that subdomain.of.dom11.example. is not served by secondary ($n)" 1154ret=0 1155wait_for_no_soa @10.53.0.2 subdomain.of.d11.example. dig.out.test$n || ret=1 1156if [ $ret -ne 0 ]; then echo_i "failed"; fi 1157status=$((status+ret)) 1158 1159########################################################################## 1160echo_i "Testing adding a catalog zone at runtime with rndc reconfig" 1161n=$((n+1)) 1162echo_i "checking that dom12.example. is not served by primary ($n)" 1163ret=0 1164wait_for_no_soa @10.53.0.1 dom12.example. dig.out.test$n || ret=1 1165if [ $ret -ne 0 ]; then echo_i "failed"; fi 1166status=$((status+ret)) 1167 1168n=$((n+1)) 1169echo_i "Adding a domain dom12.example. to primary via RNDC ($n)" 1170ret=0 1171echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom12.example.db 1172echo "@ IN NS invalid." >> ns1/dom12.example.db 1173rndccmd 10.53.0.1 addzone dom12.example. '{type primary; file "dom12.example.db";};' || ret=1 1174if [ $ret -ne 0 ]; then echo_i "failed"; fi 1175status=$((status+ret)) 1176 1177n=$((n+1)) 1178echo_i "checking that dom12.example. is now served by primary ($n)" 1179ret=0 1180wait_for_soa @10.53.0.1 dom12.example. dig.out.test$n || ret=1 1181if [ $ret -ne 0 ]; then echo_i "failed"; fi 1182status=$((status+ret)) 1183 1184nextpart ns2/named.run >/dev/null 1185 1186n=$((n+1)) 1187echo_i "Adding domain dom12.example. to catalog4 zone ($n)" 1188ret=0 1189$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1190 server 10.53.0.1 ${PORT} 1191 update add 871d51e5433543c0f6fb263c40f359fbc152c8ae.zones.catalog4.example. 3600 IN PTR dom12.example. 1192 send 1193END 1194if [ $ret -ne 0 ]; then echo_i "failed"; fi 1195status=$((status+ret)) 1196 1197n=$((n+1)) 1198echo_i "checking that dom12.example. is not served by secondary ($n)" 1199ret=0 1200wait_for_no_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1 1201if [ $ret -ne 0 ]; then echo_i "failed"; fi 1202status=$((status+ret)) 1203 1204 1205n=$((n+1)) 1206echo_i "reconfiguring secondary - adding catalog4 catalog zone ($n)" 1207ret=0 1208sed -e "s/^#T1//g" < ns2/named1.conf.in > ns2/named.conf.tmp 1209copy_setports ns2/named.conf.tmp ns2/named.conf 1210rndccmd 10.53.0.2 reconfig || ret=1 1211if [ $ret -ne 0 ]; then echo_i "failed"; fi 1212status=$((status+ret)) 1213 1214n=$((n+1)) 1215echo_i "waiting for secondary to sync up ($n)" 1216ret=0 1217wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" && 1218wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1219if [ $ret -ne 0 ]; then echo_i "failed"; fi 1220status=$((status+ret)) 1221 1222n=$((n+1)) 1223echo_i "checking that dom7.example. is still served by secondary after reconfiguration ($n)" 1224ret=0 1225wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.1 || ret=1 1226if [ $ret -ne 0 ]; then echo_i "failed"; fi 1227status=$((status+ret)) 1228n=$((n+1)) 1229 1230echo_i "checking that dom12.example. is served by secondary ($n)" 1231ret=0 1232wait_for_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1 1233if [ $ret -ne 0 ]; then echo_i "failed"; fi 1234status=$((status+ret)) 1235 1236n=$((n+1)) 1237echo_i "reconfiguring secondary - removing catalog4 catalog zone, adding non-existent catalog5 catalog zone ($n)" 1238ret=0 1239sed -e "s/^#T2//" < ns2/named1.conf.in > ns2/named.conf.tmp 1240copy_setports ns2/named.conf.tmp ns2/named.conf 1241$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1 1242if [ $ret -ne 0 ]; then echo_i "failed"; fi 1243status=$((status+ret)) 1244 1245n=$((n+1)) 1246echo_i "reconfiguring secondary - removing non-existent catalog5 catalog zone ($n)" 1247ret=0 1248copy_setports ns2/named1.conf.in ns2/named.conf 1249rndccmd 10.53.0.2 reconfig || ret=1 1250if [ $ret -ne 0 ]; then echo_i "failed"; fi 1251status=$((status+ret)) 1252 1253n=$((n+1)) 1254echo_i "checking that dom12.example. is not served by secondary ($n)" 1255ret=0 1256wait_for_no_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1 1257if [ $ret -ne 0 ]; then echo_i "failed"; fi 1258status=$((status+ret)) 1259 1260n=$((n+1)) 1261echo_i "removing domain dom12.example. from catalog4 zone ($n)" 1262ret=0 1263$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1264 server 10.53.0.1 ${PORT} 1265 update delete 871d51e5433543c0f6fb263c40f359fbc152c8ae.zones.catalog4.example. 3600 IN PTR dom12.example. 1266 send 1267END 1268if [ $ret -ne 0 ]; then echo_i "failed"; fi 1269status=$((status+ret)) 1270 1271########################################################################## 1272echo_i "Testing having a zone in two different catalogs" 1273n=$((n+1)) 1274echo_i "checking that dom13.example. is not served by primary ($n)" 1275ret=0 1276wait_for_no_soa @10.53.0.1 dom13.example. dig.out.test$n || ret=1 1277if [ $ret -ne 0 ]; then echo_i "failed"; fi 1278status=$((status+ret)) 1279 1280n=$((n+1)) 1281echo_i "Adding a domain dom13.example. to primary ns1 via RNDC ($n)" 1282ret=0 1283echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom13.example.db 1284echo "@ IN NS invalid." >> ns1/dom13.example.db 1285echo "@ IN A 192.0.2.1" >> ns1/dom13.example.db 1286rndccmd 10.53.0.1 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1 1287if [ $ret -ne 0 ]; then echo_i "failed"; fi 1288status=$((status+ret)) 1289 1290n=$((n+1)) 1291echo_i "checking that dom13.example. is now served by primary ns1 ($n)" 1292ret=0 1293wait_for_soa @10.53.0.1 dom13.example. dig.out.test$n || ret=1 1294if [ $ret -ne 0 ]; then echo_i "failed"; fi 1295status=$((status+ret)) 1296 1297n=$((n+1)) 1298echo_i "Adding a domain dom13.example. to primary ns3 via RNDC ($n)" 1299ret=0 1300echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns3/dom13.example.db 1301echo "@ IN NS invalid." >> ns3/dom13.example.db 1302echo "@ IN A 192.0.2.2" >> ns3/dom13.example.db 1303rndccmd 10.53.0.3 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1 1304if [ $ret -ne 0 ]; then echo_i "failed"; fi 1305status=$((status+ret)) 1306 1307n=$((n+1)) 1308echo_i "checking that dom13.example. is now served by primary ns3 ($n)" 1309ret=0 1310wait_for_soa @10.53.0.3 dom13.example. dig.out.test$n || ret=1 1311if [ $ret -ne 0 ]; then echo_i "failed"; fi 1312status=$((status+ret)) 1313 1314 1315nextpart ns2/named.run >/dev/null 1316 1317n=$((n+1)) 1318echo_i "Adding domain dom13.example. to catalog1 zone with ns1 as primary ($n)" 1319ret=0 1320$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1321 server 10.53.0.1 ${PORT} 1322 update add 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN PTR dom13.example. 1323 update add masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN A 10.53.0.1 1324 send 1325END 1326if [ $ret -ne 0 ]; then echo_i "failed"; fi 1327status=$((status+ret)) 1328 1329n=$((n+1)) 1330echo_i "waiting for secondary to sync up ($n)" 1331ret=0 1332wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" && 1333wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1334if [ $ret -ne 0 ]; then echo_i "failed"; fi 1335status=$((status+ret)) 1336 1337nextpart ns2/named.run >/dev/null 1338 1339n=$((n+1)) 1340echo_i "checking that dom13.example. is served by secondary and that it's the one from ns1 ($n)" 1341ret=0 1342wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1 1343grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1344if [ $ret -ne 0 ]; then echo_i "failed"; fi 1345status=$((status+ret)) 1346 1347n=$((n+1)) 1348echo_i "Adding domain dom13.example. to catalog2 zone with ns3 as primary ($n)" 1349ret=0 1350$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1351 server 10.53.0.3 ${PORT} 1352 update add 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN PTR dom13.example. 1353 update add masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN A 10.53.0.3 1354 send 1355END 1356if [ $ret -ne 0 ]; then echo_i "failed"; fi 1357status=$((status+ret)) 1358 1359n=$((n+1)) 1360echo_i "waiting for secondary to sync up ($n)" 1361ret=0 1362wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1363if [ $ret -ne 0 ]; then echo_i "failed"; fi 1364status=$((status+ret)) 1365 1366n=$((n+1)) 1367echo_i "checking that dom13.example. is served by secondary and that it's still the one from ns1 ($n)" 1368ret=0 1369wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1 1370grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1371if [ $ret -ne 0 ]; then echo_i "failed"; fi 1372status=$((status+ret)) 1373 1374nextpart ns2/named.run >/dev/null 1375 1376n=$((n+1)) 1377echo_i "Deleting domain dom13.example. from catalog2 ($n)" 1378ret=0 1379$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1380 server 10.53.0.3 ${PORT} 1381 update delete 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN PTR dom13.example. 1382 update delete masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN A 10.53.0.3 1383 send 1384END 1385if [ $ret -ne 0 ]; then echo_i "failed"; fi 1386status=$((status+ret)) 1387 1388n=$((n+1)) 1389echo_i "waiting for secondary to sync up ($n)" 1390ret=0 1391wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1392if [ $ret -ne 0 ]; then echo_i "failed"; fi 1393status=$((status+ret)) 1394 1395n=$((n+1)) 1396echo_i "checking that dom13.example. is served by secondary and that it's still the one from ns1 ($n)" 1397ret=0 1398wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1 1399grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1400if [ $ret -ne 0 ]; then echo_i "failed"; fi 1401status=$((status+ret)) 1402 1403n=$((n+1)) 1404echo_i "Deleting domain dom13.example. from catalog1 ($n)" 1405ret=0 1406$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1407 server 10.53.0.1 ${PORT} 1408 update delete 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN PTR dom13.example. 1409 update delete masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN A 10.53.0.2 1410 send 1411END 1412if [ $ret -ne 0 ]; then echo_i "failed"; fi 1413status=$((status+ret)) 1414 1415n=$((n+1)) 1416echo_i "waiting for secondary to sync up ($n)" 1417ret=0 1418wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1419if [ $ret -ne 0 ]; then echo_i "failed"; fi 1420status=$((status+ret)) 1421 1422n=$((n+1)) 1423echo_i "checking that dom13.example. is no longer served by secondary ($n)" 1424ret=0 1425wait_for_no_soa @10.53.0.2 dom13.example. dig.out.test$n || ret=1 1426if [ $ret -ne 0 ]; then echo_i "failed"; fi 1427status=$((status+ret)) 1428 1429########################################################################## 1430echo_i "Testing having a regular zone and a zone in catalog zone of the same name" 1431n=$((n+1)) 1432echo_i "checking that dom14.example. is not served by primary ($n)" 1433ret=0 1434wait_for_no_soa @10.53.0.1 dom14.example. dig.out.test$n || ret=1 1435if [ $ret -ne 0 ]; then echo_i "failed"; fi 1436status=$((status+ret)) 1437 1438n=$((n+1)) 1439echo_i "Adding a domain dom14.example. to primary ns1 via RNDC ($n)" 1440ret=0 1441echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom14.example.db 1442echo "@ IN NS invalid." >> ns1/dom14.example.db 1443echo "@ IN A 192.0.2.1" >> ns1/dom14.example.db 1444rndccmd 10.53.0.1 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1 1445if [ $ret -ne 0 ]; then echo_i "failed"; fi 1446status=$((status+ret)) 1447 1448n=$((n+1)) 1449echo_i "checking that dom14.example. is now served by primary ns1 ($n)" 1450ret=0 1451wait_for_soa @10.53.0.1 dom14.example. dig.out.test$n || ret=1 1452if [ $ret -ne 0 ]; then echo_i "failed"; fi 1453status=$((status+ret)) 1454 1455n=$((n+1)) 1456echo_i "Adding a domain dom14.example. to primary ns3 via RNDC ($n)" 1457ret=0 1458echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns3/dom14.example.db 1459echo "@ IN NS invalid." >> ns3/dom14.example.db 1460echo "@ IN A 192.0.2.2" >> ns3/dom14.example.db 1461rndccmd 10.53.0.3 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1 1462if [ $ret -ne 0 ]; then echo_i "failed"; fi 1463status=$((status+ret)) 1464 1465n=$((n+1)) 1466echo_i "checking that dom14.example. is now served by primary ns3 ($n)" 1467ret=0 1468wait_for_soa @10.53.0.3 dom14.example. dig.out.test$n || ret=1 1469if [ $ret -ne 0 ]; then echo_i "failed"; fi 1470status=$((status+ret)) 1471 1472nextpart ns2/named.run >/dev/null 1473 1474n=$((n+1)) 1475echo_i "Adding domain dom14.example. with rndc with ns1 as primary ($n)" 1476ret=0 1477rndccmd 10.53.0.2 addzone dom14.example. '{type secondary; primaries {10.53.0.1;};};' || ret=1 1478if [ $ret -ne 0 ]; then echo_i "failed"; fi 1479status=$((status+ret)) 1480 1481n=$((n+1)) 1482echo_i "waiting for secondary to sync up ($n)" 1483ret=0 1484wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1485if [ $ret -ne 0 ]; then echo_i "failed"; fi 1486status=$((status+ret)) 1487 1488nextpart ns2/named.run >/dev/null 1489 1490n=$((n+1)) 1491echo_i "checking that dom14.example. is served by secondary and that it's the one from ns1 ($n)" 1492ret=0 1493wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1 1494grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1495if [ $ret -ne 0 ]; then echo_i "failed"; fi 1496status=$((status+ret)) 1497 1498n=$((n+1)) 1499echo_i "Adding domain dom14.example. to catalog2 zone with ns3 as primary ($n)" 1500ret=0 1501$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1502 server 10.53.0.3 ${PORT} 1503 update add 45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN PTR dom14.example. 1504 update add masters.45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN A 10.53.0.3 1505 send 1506END 1507if [ $ret -ne 0 ]; then echo_i "failed"; fi 1508status=$((status+ret)) 1509 1510n=$((n+1)) 1511echo_i "waiting for secondary to sync up ($n)" 1512ret=0 1513wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1514if [ $ret -ne 0 ]; then echo_i "failed"; fi 1515status=$((status+ret)) 1516 1517n=$((n+1)) 1518echo_i "checking that dom14.example. is served by secondary and that it's still the one from ns1 ($n)" 1519ret=0 1520wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1 1521grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1522if [ $ret -ne 0 ]; then echo_i "failed"; fi 1523status=$((status+ret)) 1524 1525nextpart ns2/named.run >/dev/null 1526 1527n=$((n+1)) 1528echo_i "Deleting domain dom14.example. from catalog2 ($n)" 1529ret=0 1530$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1531 server 10.53.0.3 ${PORT} 1532 update delete 45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN PTR dom14.example. 1533 update delete masters.45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN A 10.53.0.3 1534 send 1535END 1536if [ $ret -ne 0 ]; then echo_i "failed"; fi 1537status=$((status+ret)) 1538 1539n=$((n+1)) 1540echo_i "waiting for secondary to sync up ($n)" 1541ret=0 1542wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1543if [ $ret -ne 0 ]; then echo_i "failed"; fi 1544status=$((status+ret)) 1545 1546n=$((n+1)) 1547echo_i "checking that dom14.example. is served by secondary and that it's still the one from ns1 ($n)" 1548ret=0 1549wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1 1550grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1551if [ $ret -ne 0 ]; then echo_i "failed"; fi 1552status=$((status+ret)) 1553 1554########################################################################## 1555echo_i "Testing changing label for a member zone" 1556n=$((n+1)) 1557echo_i "checking that dom15.example. is not served by primary ($n)" 1558ret=0 1559wait_for_no_soa @10.53.0.1 dom15.example. dig.out.test$n || ret=1 1560if [ $ret -ne 0 ]; then echo_i "failed"; fi 1561status=$((status+ret)) 1562 1563n=$((n+1)) 1564echo_i "Adding a domain dom15.example. to primary ns1 via RNDC ($n)" 1565ret=0 1566echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom15.example.db 1567echo "@ IN NS invalid." >> ns1/dom15.example.db 1568rndccmd 10.53.0.1 addzone dom15.example. '{type primary; file "dom15.example.db";};' || ret=1 1569if [ $ret -ne 0 ]; then echo_i "failed"; fi 1570status=$((status+ret)) 1571 1572n=$((n+1)) 1573echo_i "checking that dom15.example. is now served by primary ns1 ($n)" 1574ret=0 1575wait_for_soa @10.53.0.1 dom15.example. dig.out.test$n || ret=1 1576if [ $ret -ne 0 ]; then echo_i "failed"; fi 1577status=$((status+ret)) 1578 1579nextpart ns2/named.run >/dev/null 1580 1581echo_i "Adding domain dom15.example. to catalog1 zone with 'dom15label1' label ($n)" 1582ret=0 1583$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1584 server 10.53.0.1 ${PORT} 1585 update add dom15label1.zones.catalog1.example. 3600 IN PTR dom15.example. 1586 send 1587END 1588if [ $ret -ne 0 ]; then echo_i "failed"; fi 1589status=$((status+ret)) 1590 1591n=$((n+1)) 1592echo_i "waiting for secondary to sync up ($n)" 1593ret=0 1594wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1595if [ $ret -ne 0 ]; then echo_i "failed"; fi 1596status=$((status+ret)) 1597 1598sleep 3 1599 1600n=$((n+1)) 1601echo_i "checking that dom15.example. is served by secondary ($n)" 1602ret=0 1603wait_for_soa @10.53.0.2 dom15.example. dig.out.test$n || ret=1 1604if [ $ret -ne 0 ]; then echo_i "failed"; fi 1605status=$((status+ret)) 1606 1607nextpart ns2/named.run >/dev/null 1608 1609n=$((n+1)) 1610echo_i "Changing label of domain dom15.example. from 'dom15label1' to 'dom15label2' ($n)" 1611ret=0 1612$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1613 server 10.53.0.1 ${PORT} 1614 update delete dom15label1.zones.catalog1.example. 3600 IN PTR dom15.example. 1615 update add dom15label2.zones.catalog1.example. 3600 IN PTR dom15.example. 1616 send 1617END 1618if [ $ret -ne 0 ]; then echo_i "failed"; fi 1619status=$((status+ret)) 1620 1621n=$((n+1)) 1622echo_i "waiting for secondary to sync up ($n)" 1623ret=0 1624wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1625if [ $ret -ne 0 ]; then echo_i "failed"; fi 1626status=$((status+ret)) 1627 1628n=$((n+1)) 1629echo_i "checking that dom15.example. is served by secondary ($n)" 1630ret=0 1631wait_for_soa @10.53.0.2 dom15.example. dig.out.test$n || ret=1 1632if [ $ret -ne 0 ]; then echo_i "failed"; fi 1633status=$((status+ret)) 1634 1635########################################################################## 1636echo_i "Testing recreation of a manually deleted zone after a reload" 1637n=$((n+1)) 1638echo_i "checking that dom16.example. is not served by primary ($n)" 1639ret=0 1640wait_for_no_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1 1641if [ $ret -ne 0 ]; then echo_i "failed"; fi 1642status=$((status+ret)) 1643 1644n=$((n+1)) 1645echo_i "Adding a domain dom16.example. to primary ns1 via RNDC ($n)" 1646ret=0 1647echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db 1648echo "@ IN NS invalid." >> ns1/dom16.example.db 1649echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db 1650rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1 1651if [ $ret -ne 0 ]; then echo_i "failed"; fi 1652status=$((status+ret)) 1653 1654n=$((n+1)) 1655echo_i "checking that dom16.example. is now served by primary ns1 ($n)" 1656ret=0 1657wait_for_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1 1658if [ $ret -ne 0 ]; then echo_i "failed"; fi 1659status=$((status+ret)) 1660 1661nextpart ns2/named.run >/dev/null 1662 1663n=$((n+1)) 1664echo_i "Adding domain dom16.example. to catalog1 zone with ns1 as primary ($n)" 1665ret=0 1666$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1667 server 10.53.0.1 ${PORT} 1668 update add efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example. 1669 update add masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1 1670 send 1671END 1672if [ $ret -ne 0 ]; then echo_i "failed"; fi 1673status=$((status+ret)) 1674 1675n=$((n+1)) 1676echo_i "waiting for secondary to sync up ($n)" 1677ret=0 1678wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" && 1679wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 1680if [ $ret -ne 0 ]; then echo_i "failed"; fi 1681status=$((status+ret)) 1682 1683nextpart ns2/named.run >/dev/null 1684 1685n=$((n+1)) 1686echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)" 1687ret=0 1688wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1 1689grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1690if [ $ret -ne 0 ]; then echo_i "failed"; fi 1691status=$((status+ret)) 1692 1693nextpart ns2/named.run >/dev/null 1694 1695echo_i "Deleting dom16.example. from secondary ns2 via RNDC ($n)" 1696ret=0 1697rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1 1698if [ $ret -ne 0 ]; then echo_i "failed"; fi 1699status=$((status+ret)) 1700 1701n=$((n+1)) 1702echo_i "checking that dom16.example. is no longer served by secondary ($n)" 1703ret=0 1704wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1 1705if [ $ret -ne 0 ]; then echo_i "failed"; fi 1706status=$((status+ret)) 1707 1708nextpart ns2/named.run >/dev/null 1709 1710echo_i "Reloading secondary ns2 via RNDC ($n)" 1711ret=0 1712rndccmd 10.53.0.2 reload >/dev/null 2>&1 || ret=1 1713if [ $ret -ne 0 ]; then echo_i "failed"; fi 1714status=$((status+ret)) 1715 1716n=$((n+1)) 1717echo_i "waiting for secondary to sync up ($n)" 1718ret=0 1719wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1720if [ $ret -ne 0 ]; then echo_i "failed"; fi 1721status=$((status+ret)) 1722 1723n=$((n+1)) 1724echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)" 1725ret=0 1726wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1 1727grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1 1728if [ $ret -ne 0 ]; then echo_i "failed"; fi 1729status=$((status+ret)) 1730 1731nextpart ns2/named.run >/dev/null 1732 1733n=$((n+1)) 1734echo_i "Deleting domain dom16.example. from catalog1 ($n)" 1735ret=0 1736$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1 1737 server 10.53.0.1 ${PORT} 1738 update delete efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example. 1739 update delete masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1 1740 send 1741END 1742if [ $ret -ne 0 ]; then echo_i "failed"; fi 1743status=$((status+ret)) 1744 1745n=$((n+1)) 1746echo_i "waiting for secondary to sync up ($n)" 1747ret=0 1748wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1 1749if [ $ret -ne 0 ]; then echo_i "failed"; fi 1750status=$((status+ret)) 1751 1752n=$((n+1)) 1753echo_i "checking that dom16.example. is no longer served by secondary ($n)" 1754ret=0 1755wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1 1756if [ $ret -ne 0 ]; then echo_i "failed"; fi 1757status=$((status+ret)) 1758 1759n=$((n+1)) 1760echo_i "checking that reconfig can delete and restore catalog zone configuration ($n)" 1761ret=0 1762copy_setports ns2/named2.conf.in ns2/named.conf 1763rndccmd 10.53.0.2 reconfig || ret=1 1764copy_setports ns2/named1.conf.in ns2/named.conf 1765rndccmd 10.53.0.2 reconfig || ret=1 1766if [ $ret -ne 0 ]; then echo_i "failed"; fi 1767status=$((status+ret)) 1768 1769echo_i "exit status: $status" 1770[ $status -eq 0 ] || exit 1 1771