1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=.. 15. $SYSTEMTESTTOP/conf.sh 16 17# replace_data dname RR old_data new_data 18replace_data() 19{ 20 if [ $# -ne 4 ]; then 21 echo_i "unexpected input for replace_data" 22 return 1 23 fi 24 25 _dname=$1 26 _rr=$2 27 _olddata=$3 28 _newdata=$4 29 30 _ret=0 31 $NSUPDATE -d <<END >> nsupdate.out.test 2>&1 || _ret=1 32server 10.53.0.2 ${PORT} 33update delete ${_dname} 30 ${_rr} ${_olddata} 34update add ${_dname} 30 ${_rr} ${_newdata} 35send 36END 37 38 if [ $_ret != 0 ]; then 39 echo_i "failed to update the test data" 40 return 1 41 fi 42 43 return 0 44} 45 46status=0 47n=0 48 49DIGOPTS="+short +tcp -p ${PORT}" 50DIGOPTS_CD="$DIGOPTS +cd" 51 52echo_i "Priming cache." 53ret=0 54expect="10 mail.example." 55ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1 56test "$ans" = "$expect" || ret=1 57test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 58status=`expr $status + $ret` 59 60echo_i "Checking that bogus additional is not returned with +CD." 61ret=0 62expect="10.0.0.2" 63ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1 64test "$ans" = "$expect" || ret=1 65test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 66status=`expr $status + $ret` 67 68# 69# Prime cache with pending additional records. These should not be promoted 70# to answer. 71# 72echo_i "Priming cache (pending additional A and AAAA)" 73ret=0 74expect="10 mail.example.com." 75ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1 76test "$ans" = "$expect" || ret=1 77test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 78status=`expr $status + $ret` 79 80echo_i "Replacing pending A" 81ret=0 82replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1 83status=`expr $status + $ret` 84 85echo_i "Replacing pending AAAA" 86ret=0 87replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1 88status=`expr $status + $ret` 89 90echo_i "Checking updated data to be returned (without CD)" 91ret=0 92expect="192.0.2.3" 93ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1 94test "$ans" = "$expect" || ret=1 95test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 96status=`expr $status + $ret` 97 98echo_i "Checking updated data to be returned (with CD)" 99ret=0 100expect="2001:db8::3" 101ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1 102test "$ans" = "$expect" || ret=1 103test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 104status=`expr $status + $ret` 105 106# 107# Prime cache with a pending answer record. It can be returned (without 108# validation) with +CD. 109# 110echo_i "Priming cache (pending answer)" 111ret=0 112expect="192.0.2.2" 113ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 114test "$ans" = "$expect" || ret=1 115test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 116status=`expr $status + $ret` 117 118echo_i "Replacing pending data" 119ret=0 120replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1 121status=`expr $status + $ret` 122 123echo_i "Confirming cached pending data to be returned with CD" 124ret=0 125expect="192.0.2.2" 126ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 127test "$ans" = "$expect" || ret=1 128test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 129status=`expr $status + $ret` 130 131# 132# Prime cache with a pending answer record. It should not be returned 133# to no-DNSSEC clients. 134# 135echo_i "Priming cache (pending answer)" 136ret=0 137expect="192.0.2.102" 138ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1 139test "$ans" = "$expect" || ret=1 140test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 141status=`expr $status + $ret` 142 143echo_i "Replacing pending data" 144ret=0 145replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1 146status=`expr $status + $ret` 147 148echo_i "Confirming updated data returned, not the cached one, without CD" 149ret=0 150expect="192.0.2.103" 151ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1 152test "$ans" = "$expect" || ret=1 153test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 154status=`expr $status + $ret` 155 156# 157# Try to fool the resolver with an out-of-bailiwick CNAME 158# 159echo_i "Trying to Prime out-of-bailiwick pending answer with CD" 160ret=0 161expect="10.10.10.10" 162ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1 163ans=`echo $ans | awk '{print $NF}'` 164test "$ans" = "$expect" || ret=1 165test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 166status=`expr $status + $ret` 167 168echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD" 169ret=0 170expect="10.10.10.10" 171ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1 172ans=`echo $ans | awk '{print $NF}'` 173test "$ans" = "$expect" || ret=1 174test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 175status=`expr $status + $ret` 176 177# 178# Make sure the resolver doesn't cache bogus NXDOMAIN 179# 180echo_i "Trying to Prime bogus NXDOMAIN" 181ret=0 182expect="SERVFAIL" 183ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 184ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` 185test "$ans" = "$expect" || ret=1 186test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 187status=`expr $status + $ret` 188 189echo_i "Confirming the bogus NXDOMAIN was not cached" 190ret=0 191expect="SERVFAIL" 192ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 193ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` 194test "$ans" = "$expect" || ret=1 195test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" 196status=`expr $status + $ret` 197 198echo_i "exit status: $status" 199[ $status -eq 0 ] || exit 1 200