diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2014-02-11 08:59:45 -0700 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2014-02-11 08:59:45 -0700 |
| commit | 892b23e1710e6770b12c3aa952eb2cdc9ab4bc1b (patch) | |
| tree | 3acd1d7a8f4a84143c133a21b60053ef06b85991 /bin/tests/system | |
| parent | c52b164320c899310b370875e150acdba3d286c0 (diff) | |
| download | bind9-892b23e1710e6770b12c3aa952eb2cdc9ab4bc1b.tar.gz | |
9.9.5b1
Diffstat (limited to 'bin/tests/system')
55 files changed, 674 insertions, 130 deletions
diff --git a/bin/tests/system/acl/ns2/named5.conf b/bin/tests/system/acl/ns2/named5.conf index d17e1cf7..d2c5278a 100644 --- a/bin/tests/system/acl/ns2/named5.conf +++ b/bin/tests/system/acl/ns2/named5.conf @@ -36,13 +36,13 @@ options { include "../../common/controls.conf"; key one { - algorithm hmac-md5; - secret "1234abcd8765"; + algorithm hmac-md5; + secret "1234abcd8765"; }; key two { - algorithm hmac-md5; - secret "1234abcd8765"; + algorithm hmac-md5; + secret "1234abcd8765"; }; zone "." { @@ -58,5 +58,5 @@ zone "example" { zone "tsigzone" { type master; file "tsigzone.db"; - allow-transfer { !key one; any; }; + allow-transfer { !key one; any; }; }; diff --git a/bin/tests/system/additional/ns1/named1.conf b/bin/tests/system/additional/ns1/named1.conf index 037f4818..b5f47db7 100644 --- a/bin/tests/system/additional/ns1/named1.conf +++ b/bin/tests/system/additional/ns1/named1.conf @@ -33,7 +33,7 @@ options { include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; zone "rt.example" { diff --git a/bin/tests/system/additional/ns1/named2.conf b/bin/tests/system/additional/ns1/named2.conf index c3adf9b3..cb165e8b 100644 --- a/bin/tests/system/additional/ns1/named2.conf +++ b/bin/tests/system/additional/ns1/named2.conf @@ -27,13 +27,13 @@ options { listen-on { 10.53.0.1; }; listen-on-v6 { none; }; notify no; - minimal-responses no; + minimal-responses no; }; include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; zone "rt.example" { diff --git a/bin/tests/system/addzone/ns1/named.conf b/bin/tests/system/addzone/ns1/named.conf index 42388d5d..8ba62078 100644 --- a/bin/tests/system/addzone/ns1/named.conf +++ b/bin/tests/system/addzone/ns1/named.conf @@ -23,8 +23,8 @@ options { pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; - allow-query { any; }; - recursion no; + allow-query { any; }; + recursion no; }; zone "." { diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh index 45a57124..9d19589e 100755 --- a/bin/tests/system/addzone/tests.sh +++ b/bin/tests/system/addzone/tests.sh @@ -84,6 +84,14 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:verifying no comments in nzf file ($n)" +ret=0 +hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` +[ $hcount -eq 0 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:deleting previously added zone ($n)" ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /' @@ -94,6 +102,14 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking nzf file now has comment ($n)" +ret=0 +hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` +[ $hcount -eq 1 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:deleting newly added zone ($n)" ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone added.example 2>&1 | sed 's/^/I:ns2 /' @@ -191,6 +207,15 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking new nzf file has comment ($n)" +ret=0 +hcount=`grep "^# New zone file for view: external" ns2/3c4623849a49a539.nzf | wc -l` +[ $hcount -eq 1 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + + echo "I:deleting newly added zone ($n)" ret=0 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' diff --git a/bin/tests/system/allow_query/ns2/named57.conf b/bin/tests/system/allow_query/ns2/named57.conf index c3d9e9f8..881e6a71 100644 --- a/bin/tests/system/allow_query/ns2/named57.conf +++ b/bin/tests/system/allow_query/ns2/named57.conf @@ -21,7 +21,7 @@ options { pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; - recursion no; + recursion no; }; include "../../common/controls.conf"; diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh index 9c7ed97e..42e6c59b 100644 --- a/bin/tests/system/cacheclean/tests.sh +++ b/bin/tests/system/cacheclean/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -85,10 +85,15 @@ in_cache () { } echo "I:check correctness of routine cache cleaning" -$DIG $DIGOPTS -f dig.batch > dig.out.ns2 || status=1 +$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1 grep ";" dig.out.ns2 -$PERL ../digcomp.pl dig.out.ns2 knowngood.dig.out || status=1 +$PERL ../digcomp.pl --lc dig.out.ns2 knowngood.dig.out || status=1 + +echo "I:only one tcp socket was used" +tcpclients=`grep "client 10.53.0.7#[0-9]*:" ns2/named.run | awk '{print $4}' | sort | uniq -c | wc -l` + +test $tcpclients -eq 1 || { status=1; echo "I:failed"; } echo "I:reset and check that records are correctly cached initially" ret=0 diff --git a/bin/tests/system/case/clean.sh b/bin/tests/system/case/clean.sh new file mode 100644 index 00000000..40fc4029 --- /dev/null +++ b/bin/tests/system/case/clean.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +rm -f dig.n1.test1 diff --git a/bin/tests/system/case/ns1/example.db b/bin/tests/system/case/ns1/example.db new file mode 100644 index 00000000..961315ea --- /dev/null +++ b/bin/tests/system/case/ns1/example.db @@ -0,0 +1,27 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns1 +ns1 A 10.53.0.1 +@ MX 0 mail.eXaMpLe. +mAiL A 10.53.0.1 diff --git a/bin/tests/system/case/ns1/named.conf b/bin/tests/system/case/ns1/named.conf new file mode 100644 index 00000000..2fcc608d --- /dev/null +++ b/bin/tests/system/case/ns1/named.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + ixfr-from-differences yes; + check-integrity no; +}; + +zone "example" { + type master; + file "example.db"; +}; diff --git a/bin/tests/system/case/tests.sh b/bin/tests/system/case/tests.sh new file mode 100644 index 00000000..d9c159bf --- /dev/null +++ b/bin/tests/system/case/tests.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd" + +status=0 +n=0 + +n=`expr $n + 1` +echo "I:testing case sensitive responses ($n)" +ret=0 +$DIG $DIGOPTS mx example. @10.53.0.1 -p 5300 > dig.n1.test$n +grep "0.mail.eXaMpLe" dig.n1.test$n > /dev/null || ret=1 +grep "mAiL.example" dig.n1.test$n > /dev/null || ret=1 +test $ret -eq 0 || echo "I:failed" +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/checkconf/bad-dnssec.conf b/bin/tests/system/checkconf/bad-dnssec.conf index de888c80..c4486238 100644 --- a/bin/tests/system/checkconf/bad-dnssec.conf +++ b/bin/tests/system/checkconf/bad-dnssec.conf @@ -17,20 +17,20 @@ /* $Id$ */ zone not-inline { - type slave; - masters { 127.0.0.1; }; - inline-signing no; - dnssec-dnskey-kskonly yes; - update-check-ksk yes; - dnssec-loadkeys-interval 10; + type slave; + masters { 127.0.0.1; }; + inline-signing no; + dnssec-dnskey-kskonly yes; + update-check-ksk yes; + dnssec-loadkeys-interval 10; }; zone inline { - type slave; - masters { 127.0.0.1; }; - inline-signing yes; - dnssec-dnskey-kskonly yes; - update-check-ksk yes; - dnssec-loadkeys-interval 10; + type slave; + masters { 127.0.0.1; }; + inline-signing yes; + dnssec-dnskey-kskonly yes; + update-check-ksk yes; + dnssec-loadkeys-interval 10; }; diff --git a/bin/tests/system/checkconf/bad-inline-slave.conf b/bin/tests/system/checkconf/bad-inline-slave.conf index 5979f628..b16a93d7 100644 --- a/bin/tests/system/checkconf/bad-inline-slave.conf +++ b/bin/tests/system/checkconf/bad-inline-slave.conf @@ -17,9 +17,9 @@ /* * An inline-signing slave should be forced to have a file option */ - + zone "." { - type slave; - inline-signing yes; - masters { 10.53.0.1; }; + type slave; + inline-signing yes; + masters { 10.53.0.1; }; };
\ No newline at end of file diff --git a/bin/tests/system/checkconf/hint-nofile.conf b/bin/tests/system/checkconf/hint-nofile.conf new file mode 100644 index 00000000..57c07e70 --- /dev/null +++ b/bin/tests/system/checkconf/hint-nofile.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +zone "." { + type hint; + file "nonexistent.db"; +}; diff --git a/bin/tests/system/checkconf/inline-bad.conf b/bin/tests/system/checkconf/inline-bad.conf index de9c4a2e..49f4726b 100644 --- a/bin/tests/system/checkconf/inline-bad.conf +++ b/bin/tests/system/checkconf/inline-bad.conf @@ -18,13 +18,13 @@ acl "transferees" {}; masters "stealthMasters" {127.0.0.1;}; masters "publicSlaves" {127.0.0.1;}; zone "example.net" { - type slave; - key-directory "/var/lib/bind/example.net"; - auto-dnssec maintain; - inline-signing yes; - masters { stealthMasters; }; - notify explicit; - also-notify { publicSlaves; }; - allow-transfer { localhost; transferees; }; + type slave; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing yes; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; }; diff --git a/bin/tests/system/checkconf/inline-good.conf b/bin/tests/system/checkconf/inline-good.conf index 84a6a840..21a7eb0e 100644 --- a/bin/tests/system/checkconf/inline-good.conf +++ b/bin/tests/system/checkconf/inline-good.conf @@ -18,14 +18,14 @@ acl "transferees" {}; masters "stealthMasters" {127.0.0.1;}; masters "publicSlaves" {127.0.0.1;}; zone "example.net" { - type slave; - file "/var/cache/bind/example.net.db"; - key-directory "/var/lib/bind/example.net"; - auto-dnssec maintain; - inline-signing yes; - masters { stealthMasters; }; - notify explicit; - also-notify { publicSlaves; }; - allow-transfer { localhost; transferees; }; + type slave; + file "/var/cache/bind/example.net.db"; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing yes; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; }; diff --git a/bin/tests/system/checkconf/inline-no.conf b/bin/tests/system/checkconf/inline-no.conf index 2027b943..1702ce08 100644 --- a/bin/tests/system/checkconf/inline-no.conf +++ b/bin/tests/system/checkconf/inline-no.conf @@ -18,13 +18,13 @@ acl "transferees" {}; masters "stealthMasters" {127.0.0.1;}; masters "publicSlaves" {127.0.0.1;}; zone "example.net" { - type slave; - key-directory "/var/lib/bind/example.net"; - auto-dnssec maintain; - inline-signing no; - masters { stealthMasters; }; - notify explicit; - also-notify { publicSlaves; }; - allow-transfer { localhost; transferees; }; + type slave; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing no; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; }; diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 64563154..2f945bf8 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -43,6 +43,12 @@ do status=`expr $status + $ret` done +echo "I: checking that named-checkconf -z catches missing hint file" +ret=0 +$CHECKCONF -z hint-nofile.conf > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I: checking named-checkconf dnssec warnings" ret=0 $CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 447aaa64..26a79716 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -42,6 +42,7 @@ SIGNER=$TOP/bin/dnssec/dnssec-signzone REVOKE=$TOP/bin/dnssec/dnssec-revoke SETTIME=$TOP/bin/dnssec/dnssec-settime DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey +IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey CHECKDS=$TOP/bin/python/dnssec-checkds COVERAGE=$TOP/bin/python/dnssec-coverage CHECKZONE=$TOP/bin/check/named-checkzone @@ -58,7 +59,7 @@ SAMPLE=$TOP/lib/export/samples/sample # load on the machine to make it unusable to other users. # v6synth SUBDIRS="acl additional allow_query addzone autosign builtin - cacheclean checkconf @CHECKDS@ checknames checkzone @COVERAGE@ + cacheclean case checkconf @CHECKDS@ checknames checkzone @COVERAGE@ database dlv dlvauto dlz dlzexternal dname dns64 dnssec ecdsa formerr forward glue gost ixfr inline limits logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending diff --git a/bin/tests/system/digcomp.pl b/bin/tests/system/digcomp.pl index 28ee067d..980ed440 100644 --- a/bin/tests/system/digcomp.pl +++ b/bin/tests/system/digcomp.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl # -# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -21,6 +21,11 @@ # Ignore "unimportant" differences, like ordering of NS lines, TTL's, # etc... +$lc = 0; +if ($ARGV[0] eq "--lc") { + $lc = 1; + shift; +} $file1 = $ARGV[0]; $file2 = $ARGV[1]; @@ -42,6 +47,10 @@ while (<FILE1>) { $class = $2; $type = $3; $value = $4; + if ($lc) { + $name = lc($name); + $value = lc($value); + } if ($type eq "SOA") { $firstname = $name if ($firstname eq ""); if ($name eq $firstname) { @@ -73,6 +82,10 @@ while (<FILE2>) { $class = $2; $type = $3; $value = $4; + if ($lc) { + $name = lc($name); + $value = lc($value); + } if (($name eq $firstname) && ($type eq "SOA")) { $count--; $name = "$name$count"; diff --git a/bin/tests/system/dns64/ns2/named.conf b/bin/tests/system/dns64/ns2/named.conf index d1f4776c..afd28dfa 100644 --- a/bin/tests/system/dns64/ns2/named.conf +++ b/bin/tests/system/dns64/ns2/named.conf @@ -35,19 +35,19 @@ options { dnssec-enable yes; dnssec-validation yes; - dns64 2001:aaaa::/96 { - clients { 10.53.0.2; }; - mapped { !rfc1918; any; }; - exclude { 2001:eeee::/32; 64:FF9B::/96; ::ffff:0000:0000/96; }; - suffix ::; - }; + dns64 2001:aaaa::/96 { + clients { 10.53.0.2; }; + mapped { !rfc1918; any; }; + exclude { 2001:eeee::/32; 64:FF9B::/96; ::ffff:0000:0000/96; }; + suffix ::; + }; - dns64 64:FF9B::/96 { - clients { 10.53.0.1; }; - mapped { !192.228.79.201; !rfc1918; any; }; - exclude { 64:FF9B::/96; ::ffff:0000:0000/96; }; - suffix ::; - }; + dns64 64:FF9B::/96 { + clients { 10.53.0.1; }; + mapped { !192.228.79.201; !rfc1918; any; }; + exclude { 64:FF9B::/96; ::ffff:0000:0000/96; }; + suffix ::; + }; dns64-server "dns64.example.net."; dns64-contact "hostmaster.example.net."; @@ -59,7 +59,7 @@ options { dns64 2001:96::/96 { clients { 10.53.0.7; }; }; - response-policy { zone "rpz"; }; + response-policy { zone "rpz"; }; }; zone "." { diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 0f333409..d4b5c5f5 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -63,9 +63,13 @@ rm -f signer/nsec3param.out rm -f ns3/ttlpatch.example.db ns3/ttlpatch.example.db.signed rm -f ns3/ttlpatch.example.db.patched rm -f ns3/split-smart.example.db +rm -f ns3/siginterval.example.db rm -f ns3/inline.example.db.signed rm -f ns3/lower.example.db ns3/upper.example.db ns3/upper.example.db.lower rm -f ns6/optout-tld.db rm -f nosign.before rm -f signing.out* rm -f canonical?.* +rm -f ns1/resolve.key +rm -f ns3/siginterval.conf +rm -f ns4/named_dump.db diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf index dc00ef67..9e22504b 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -37,12 +37,12 @@ options { }; key rndc_key { - secret "1234abcd8765"; - algorithm hmac-md5; + secret "1234abcd8765"; + algorithm hmac-md5; }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; }; zone "." { @@ -228,14 +228,14 @@ zone "split-smart.example" { }; zone "nsec3chain-test" { - type slave; - file "nsec3chain-test.bk"; + type slave; + file "nsec3chain-test.bk"; masters { 10.53.0.2; }; }; zone "expiring.example" { type master; - allow-update { any; }; + allow-update { any; }; file "expiring.example.db.signed"; }; @@ -257,10 +257,10 @@ zone "LOWER.EXAMPLE" { }; zone "inline.example" { - type master; - file "inline.example.db"; - inline-signing yes; - auto-dnssec maintain; + type master; + file "inline.example.db"; + inline-signing yes; + auto-dnssec maintain; }; zone "publish-inactive.example" { @@ -270,4 +270,6 @@ zone "publish-inactive.example" { update-policy local; }; +include "siginterval.conf"; + include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns3/siginterval.example.db.in b/bin/tests/system/dnssec/ns3/siginterval.example.db.in new file mode 100644 index 00000000..0e05beb7 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/siginterval.example.db.in @@ -0,0 +1,26 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: upper.example.db.in,v 1.1.2.1 2012/01/17 08:31:00 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2012042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ NS ns +ns A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/siginterval1.conf b/bin/tests/system/dnssec/ns3/siginterval1.conf new file mode 100644 index 00000000..fb0b342f --- /dev/null +++ b/bin/tests/system/dnssec/ns3/siginterval1.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +zone "siginterval.example" { + type master; + allow-update { any; }; + sig-validity-interval 1 23; + auto-dnssec maintain; + file "siginterval.example.db"; +}; diff --git a/bin/tests/system/dnssec/ns3/siginterval2.conf b/bin/tests/system/dnssec/ns3/siginterval2.conf new file mode 100644 index 00000000..03be0d2b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/siginterval2.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +zone "siginterval.example" { + type master; + allow-update { any; }; + sig-validity-interval 35 28; + auto-dnssec maintain; + file "siginterval.example.db"; +}; diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 24b0fed7..d5ec8595 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -451,3 +451,13 @@ kskname=`$KEYGEN -I $now+90s -q -r $RANDFILE -f KSK $zone` zskname=`$KEYGEN -q -r $RANDFILE $zone` cp $infile $zonefile $SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 + +# +# A zone which will change its sig-validity-interval +# +zone=siginterval.example +infile=siginterval.example.db.in +zonefile=siginterval.example.db +kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone` +zskname=`$KEYGEN -q -3 -r $RANDFILE $zone` +cp $infile $zonefile diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh index 42479296..4ac5421d 100644 --- a/bin/tests/system/dnssec/setup.sh +++ b/bin/tests/system/dnssec/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (C) 2004, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -25,6 +25,7 @@ cd ns1 && sh sign.sh echo "a.bogus.example. A 10.0.0.22" >>../ns3/bogus.example.db.signed +cd ../ns3 && cp -f siginterval1.conf siginterval.conf cd ../ns4 && cp -f named1.conf named.conf cd ../ns5 && cp -f trusted.conf.bad trusted.conf diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index bb7452f8..f6499a43 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1366,6 +1366,36 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking dnssec-signzone keeps valid signatures from inactive keys ($n)" +ret=0 +zone=example +( +cd signer +cp -f example.db.in example.db +$SIGNER -SD -o example example.db > /dev/null 2>&1 +echo '$INCLUDE "example.db.signed"' >> example.db +# now retire key2 and resign the zone +$SETTIME -I now $key2 > /dev/null 2>&1 +$SIGNER -SD -o example example.db > /dev/null 2>&1 +) || ret=1 +grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking dnssec-signzone -Q purges signatures from inactive keys ($n)" +ret=0 +( +cd signer +$SIGNER -SDQ -o example example.db > /dev/null 2>&1 +) || ret=1 +grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 && ret=1 +grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking dnssec-signzone retains unexpired signatures ($n)" ret=0 ( @@ -2260,6 +2290,17 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:check KEYDATA records are printed in human readable form in key zone ($n)" +# force the zone to be written out +$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns4 +ret=0 +grep KEYDATA ns4/managed-keys.bind > /dev/null || ret=1 +# restart the server +$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns4 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:check simultaneous inactivation and publishing of dnskeys removes inactive signature ($n)" ret=0 cnt=0 @@ -2280,5 +2321,20 @@ test $sigs -eq 2 || ret=1 if test $ret != 0 ; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:check that increasing the sig-validity-interval resigning triggers re-signing" +ret=0 +before=`$DIG axfr siginterval.example -p 5300 @10.53.0.3 | grep RRSIG.SOA` +cp ns3/siginterval2.conf ns3/siginterval.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' +for i in 1 2 3 4 5 6 7 8 9 0 +do +after=`$DIG axfr siginterval.example -p 5300 @10.53.0.3 | grep RRSIG.SOA` +test "$before" != "$after" && break +sleep 1 +done +n=`expr $n + 1` +if test "$before" = "$after" ; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/ecdsa/tests.sh b/bin/tests/system/ecdsa/tests.sh index e933e8da..0942618a 100644 --- a/bin/tests/system/ecdsa/tests.sh +++ b/bin/tests/system/ecdsa/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -28,7 +28,7 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" # Check the example. domain -echo "I:checking that positive validation works works ($n)" +echo "I:checking that positive validation works ($n)" ret=0 $DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh index 8177093d..1e90e019 100644 --- a/bin/tests/system/genzone.sh +++ b/bin/tests/system/genzone.sh @@ -294,4 +294,8 @@ eui64 EUI64 01-23-45-67-89-ab-cd-ef uri01 URI 10 20 "https://www.isc.org/" uri02 URI 30 40 "https://www.isc.org/HolyCowThisSureIsAVeryLongURIRecordIDontEvenKnowWhatSomeoneWouldEverWantWithSuchAThingButTheSpecificationRequiresThatWesupportItSoHereWeGoTestingItLaLaLaLaLaLaLaSeriouslyThoughWhyWouldYouEvenConsiderUsingAURIThisLongItSeemsLikeASillyIdeaButEnhWhatAreYouGonnaDo/" +keydata TYPE65533 \# 0 +keydata TYPE65533 \# 6 010203040506 +keydata TYPE65533 \# 18 010203040506010203040506010203040506 + EOF diff --git a/bin/tests/system/glue/tests.sh b/bin/tests/system/glue/tests.sh index 32181ec9..e9d465fd 100644 --- a/bin/tests/system/glue/tests.sh +++ b/bin/tests/system/glue/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001, 2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -28,7 +28,7 @@ status=0 echo "I:testing that a ccTLD referral gets a full glue set from the root zone" $DIG +norec @10.53.0.1 -p 5300 foo.bar.fi. A >dig.out || status=1 -$PERL ../digcomp.pl fi.good dig.out || status=1 +$PERL ../digcomp.pl --lc fi.good dig.out || status=1 echo "I:testing that we find glue A RRs we are authoritative for" $DIG +norec @10.53.0.1 -p 5300 foo.bar.xx. a >dig.out || status=1 diff --git a/bin/tests/system/gost/tests.sh b/bin/tests/system/gost/tests.sh index 6fa0612a..80093ca0 100644 --- a/bin/tests/system/gost/tests.sh +++ b/bin/tests/system/gost/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -28,7 +28,7 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" # Check the example. domain -echo "I:checking that positive validation works works ($n)" +echo "I:checking that positive validation works ($n)" ret=0 $DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 diff --git a/bin/tests/system/inline/checkdsa.sh.in b/bin/tests/system/inline/checkdsa.sh.in new file mode 100644 index 00000000..f9bdcd4f --- /dev/null +++ b/bin/tests/system/inline/checkdsa.sh.in @@ -0,0 +1,20 @@ +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +if test "@CHECK_DSA@" -eq 1 +then + exit 0 +else + exit 1 +fi diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index ad17c452..462bf02c 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id$ +# $Id: clean.sh,v 1.13 2012/02/23 06:53:15 marka Exp $ rm -f */named.memstats rm -f */named.run @@ -60,6 +60,13 @@ rm -f ns3/retransfer.bk rm -f ns3/retransfer.bk.jnl rm -f ns3/retransfer.bk.signed rm -f ns3/retransfer.bk.signed.jnl +rm -f ns3/retransfer3.bk +rm -f ns3/retransfer3.bk.jnl +rm -f ns3/retransfer3.bk.signed +rm -f ns3/retransfer3.bk.signed.jnl +rm -f ns3/externalkey.db +rm -f ns3/externalkey.db.signed +rm -f ns3/externalkey.db.signed.jnl rm -f ns4/K* rm -f ns4/noixfr.db rm -f ns4/noixfr.db.jnl @@ -79,3 +86,4 @@ rm -f */*.nzf rm -f ns3/test-?.bk rm -f ns3/test-?.bk.signed rm -f ns3/test-?.bk.signed.jnl +rm -f import.key Kimport* diff --git a/bin/tests/system/inline/ns1/root.db.in b/bin/tests/system/inline/ns1/root.db.in index 24299023..e319b37e 100644 --- a/bin/tests/system/inline/ns1/root.db.in +++ b/bin/tests/system/inline/ns1/root.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id$ +; $Id: root.db.in,v 1.8 2012/02/23 06:53:15 marka Exp $ $TTL 300 . IN SOA gson.nominum.com. a.root.servers.nil. ( @@ -50,3 +50,9 @@ ns3.retransfer. A 10.53.0.3 nsec3. NS ns3.nsec3. ns3.nsec3. A 10.53.0.3 + +externalkey. NS ns3.externalkey. +ns3.externalkey. A 10.53.0.3 + +retransfer3. NS ns3.retransfer. +ns3.retransfer3. A 10.53.0.3 diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index 422cfa05..26fcf908 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id$ +# $Id: sign.sh,v 1.5 2012/02/23 07:09:28 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/inline/ns2/named.conf b/bin/tests/system/inline/ns2/named.conf index 9168a6b1..c7e8d47b 100644 --- a/bin/tests/system/inline/ns2/named.conf +++ b/bin/tests/system/inline/ns2/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ +/* $Id: named.conf,v 1.4 2012/02/23 07:09:28 tbox Exp $ */ // NS2 @@ -48,3 +48,10 @@ zone "retransfer" { allow-update { any; }; notify no; }; + +zone "retransfer3" { + type master; + file "retransfer.db"; + allow-update { any; }; + notify no; +}; diff --git a/bin/tests/system/inline/ns3/master3.db.in b/bin/tests/system/inline/ns3/master3.db.in index 760520c1..7d9ee1a9 100644 --- a/bin/tests/system/inline/ns3/master3.db.in +++ b/bin/tests/system/inline/ns3/master3.db.in @@ -1,4 +1,4 @@ -; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") ; ; Permission to use, copy, modify, and/or distribute this software for any ; purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id$ +; $Id: master3.db.in,v 1.3 2012/01/31 23:47:32 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA ns3 . ( diff --git a/bin/tests/system/inline/ns3/named.conf b/bin/tests/system/inline/ns3/named.conf index acde7ba2..60635696 100644 --- a/bin/tests/system/inline/ns3/named.conf +++ b/bin/tests/system/inline/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ +/* $Id: named.conf,v 1.8 2012/02/23 06:53:15 marka Exp $ */ // NS3 @@ -103,3 +103,19 @@ zone "nsec3" { allow-update { any; }; file "nsec3.db"; }; + +zone "externalkey" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "externalkey.db"; +}; + +zone "retransfer3" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer3.bk"; +}; diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh index 04e61f34..7e9260ba 100644..100755 --- a/bin/tests/system/inline/ns3/sign.sh +++ b/bin/tests/system/inline/ns3/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id$ +# $Id: sign.sh,v 1.8 2012/02/23 06:53:15 marka Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -80,6 +80,13 @@ rm -f K${zone}.+*+*.private keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +zone=retransfer3 +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + for s in a c d h k l m q z do zone=test-$s @@ -92,3 +99,45 @@ do keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` done + +zone=externalkey +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private + +for alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA ECCGOST +do + +if test $alg = DSA +then + sh ../checkdsa.sh 2> /dev/null || continue +fi +if test $alg = ECCGOST +then + sh ../../gost/prereq.sh 2> /dev/null || continue +fi +if test $alg = ECDSAP256SHA256 +then + sh ../../ecdsa/prereq.sh 2> /dev/null || continue + sh ../checkdsa.sh 2> /dev/null || continue +fi + +test $alg = DSA -a ! -r /dev/random -a ! -r /dev/urandom && continue + +k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` +k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` +k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` +k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +rm -f ${k3}.* ${k4}.* + +# +# Convert k1 and k2 in to External Keys. +rm -f $k1.private +mv $k1.key a-file +$IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 +rm -f $k2.private +mv $k2.key a-file +$IMPORTKEY -f a-file $zone > /dev/null 2>&1 +done diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh index 3ac82f50..adee4ffb 100644 --- a/bin/tests/system/inline/setup.sh +++ b/bin/tests/system/inline/setup.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id$ +# $Id: setup.sh,v 1.11 2012/02/23 06:53:15 marka Exp $ sh clean.sh @@ -29,6 +29,7 @@ cp ns3/master.db.in ns3/dynamic.db cp ns3/master.db.in ns3/updated.db cp ns3/master.db.in ns3/expired.db cp ns3/master.db.in ns3/nsec3.db +cp ns3/master.db.in ns3/externalkey.db touch ns4/trusted.conf cp ns4/noixfr.db.in ns4/noixfr.db diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 27a1329a..c8719f72 100644..100755 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id$ +# $Id: tests.sh,v 1.18 2012/02/23 06:53:15 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -25,7 +25,7 @@ RANDFILE=random.data status=0 n=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - nsec3 +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 for i in 1 2 3 4 5 6 7 8 9 0 do @@ -34,6 +34,21 @@ do sleep 1 done +# Loop until retransfer3 has been transferred. +for i in 1 2 3 4 5 6 7 8 9 0 +do + ans=0 + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - retransfer3 > /dev/null 2>&1 || ans=1 + [ $ans = 0 ] && break +done + +for i in 1 2 3 4 5 6 7 8 9 0 +do + nsec3param=`$DIG +short @10.53.0.3 -p 5300 nsec3param retransfer3.` + test -n "$nsec3param" && break + sleep 1 +done + n=`expr $n + 1` echo "I:checking that rrsigs are replaced with ksk only" ret=0 @@ -761,6 +776,32 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:check rndc retransfer of a inline nsec3 slave retains nsec3 ($n)" +ret=0 +for i in 0 1 2 3 4 5 6 7 8 9 +do + ans=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 nonexist.retransfer3 A > dig.out.ns3.pre.test$n + grep "status: NXDOMAIN" dig.out.ns3.pre.test$n > /dev/null || ans=1 + grep "NSEC3" dig.out.ns3.pre.test$n > /dev/null || ans=1 + [ $ans = 0 ] && break + sleep 1 +done +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 retransfer retransfer3 2>&1 || ret=1 +for i in 0 1 2 3 4 5 6 7 8 9 +do + ans=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 nonexist.retransfer3 A > dig.out.ns3.post.test$n + grep "status: NXDOMAIN" dig.out.ns3.post.test$n > /dev/null || ans=1 + grep "NSEC3" dig.out.ns3.post.test$n > /dev/null || ans=1 + [ $ans = 0 ] && break + sleep 1 +done +[ $ans = 1 ] && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + n=`expr $n + 1` echo "I:stop bump in the wire signer server ($n)" ret=0 @@ -809,6 +850,56 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone test-$zone \ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone test-$zone done +n=`expr $n + 1` +echo "I:testing adding external keys to a inline zone ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.3 -p 5300 dnskey externalkey > dig.out.ns3.test$n +for alg in 3 7 12 13 +do + if test $alg = 3 + then + sh checkdsa.sh 2>/dev/null || continue; + fi + if test $alg = 12 + then + sh ../gost/prereq.sh 2>/dev/null || continue; + fi + if test $alg = 13 + then + sh ../ecdsa/prereq.sh 2>/dev/null || continue; + # dsa and ecdsa both require a source of randomness when + # generating signatures + sh checkdsa.sh 2>/dev/null || continue; + fi + test $alg = 3 -a ! -r /dev/random -a ! -r /dev/urandom && continue + + case $alg in + 3) echo "I: checking DSA";; + 7) echo "I: checking NSEC3RSASHA1";; + 12) echo "I: checking GOST";; + 13) echo "I: checking ECDSAP256SHA256";; + *) echo "I: checking $alg";; + esac + + dnskeys=`grep "IN.DNSKEY.25[67] [0-9]* $alg " dig.out.ns3.test$n | wc -l` + rrsigs=`grep "RRSIG.DNSKEY $alg " dig.out.ns3.test$n | wc -l` + test ${dnskeys:-0} -eq 3 || { echo "I: failed $alg (dnskeys ${dnskeys:-0})"; ret=1; } + test ${rrsigs:-0} -eq 2 || { echo "I: failed $alg (rrsigs ${rrsigs:-0})"; ret=1; } +done +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:testing imported key won't overwrite a private key ($n)" +ret=0 +key=`$KEYGEN -r $RANDFILE -q import.example` +cp ${key}.key import.key +# import should fail +$IMPORTKEY -f import.key import.example > /dev/null 2>&1 && ret=1 +rm -f ${key}.private +# private key removed; import should now succeed +$IMPORTKEY -f import.key import.example > /dev/null 2>&1 || ret=1 +# now that it's an external key, re-import should succeed +$IMPORTKEY -f import.key import.example > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf index 3492b4cf..d762b2b6 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf +++ b/bin/tests/system/nsupdate/ns1/named.conf @@ -42,8 +42,8 @@ controls { }; key altkey { - algorithm hmac-md5; - secret "1234abcd8765"; + algorithm hmac-md5; + secret "1234abcd8765"; }; include "ddns.key"; @@ -68,8 +68,8 @@ zone "other.nil" { }; masters othermasters { - 10.53.0.2 port 5300; - 10.53.0.2 port 5300 key altkey; + 10.53.0.2 port 5300; + 10.53.0.2 port 5300 key altkey; }; zone "update.nil" { @@ -98,14 +98,14 @@ include "sha384.key"; include "sha512.key"; zone "keytests.nil" { - type master; - file "keytests.db"; - update-policy { - grant md5-key name md5.keytests.nil. ANY; - grant sha1-key name sha1.keytests.nil. ANY; - grant sha224-key name sha224.keytests.nil. ANY; - grant sha256-key name sha256.keytests.nil. ANY; - grant sha384-key name sha384.keytests.nil. ANY; - grant sha512-key name sha512.keytests.nil. ANY; - }; + type master; + file "keytests.db"; + update-policy { + grant md5-key name md5.keytests.nil. ANY; + grant sha1-key name sha1.keytests.nil. ANY; + grant sha224-key name sha224.keytests.nil. ANY; + grant sha256-key name sha256.keytests.nil. ANY; + grant sha384-key name sha384.keytests.nil. ANY; + grant sha512-key name sha512.keytests.nil. ANY; + }; }; diff --git a/bin/tests/system/redirect/ns2/named.conf b/bin/tests/system/redirect/ns2/named.conf index 6f626445..0e2fed17 100644 --- a/bin/tests/system/redirect/ns2/named.conf +++ b/bin/tests/system/redirect/ns2/named.conf @@ -38,12 +38,12 @@ options { }; key rndc_key { - secret "1234abcd8765"; - algorithm hmac-sha256; + secret "1234abcd8765"; + algorithm hmac-sha256; }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/resolver/ns1/named.conf b/bin/tests/system/resolver/ns1/named.conf index 65068655..a6eb09d0 100644 --- a/bin/tests/system/resolver/ns1/named.conf +++ b/bin/tests/system/resolver/ns1/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -34,6 +34,7 @@ options { deny-answer-aliases { "example.org"; } except-from { "goodcname.example.net"; "gooddname.example.net"; }; + allow-query {!10.53.0.8; any; }; }; zone "." { diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 9323f255..9323f255 100644..100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh diff --git a/bin/tests/system/rndc/ns3/named.conf b/bin/tests/system/rndc/ns3/named.conf index 9feefac7..0b2db3be 100644 --- a/bin/tests/system/rndc/ns3/named.conf +++ b/bin/tests/system/rndc/ns3/named.conf @@ -23,7 +23,7 @@ options { pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; - recursion no; + recursion no; }; key rndc_key { diff --git a/bin/tests/system/rpz/ns2/named.conf b/bin/tests/system/rpz/ns2/named.conf index 2b3d65a7..65013bc3 100644 --- a/bin/tests/system/rpz/ns2/named.conf +++ b/bin/tests/system/rpz/ns2/named.conf @@ -33,11 +33,11 @@ options { }; key rndc_key { - secret "1234abcd8765"; - algorithm hmac-sha256; + secret "1234abcd8765"; + algorithm hmac-sha256; }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; }; include "../trusted.conf"; diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 34365949..1d3ae6af 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -507,5 +507,10 @@ if test -n "$EMSGS"; then egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' -e 's/^/I: /' fi +echo "I:checking that ttl values are not zeroed when qtype is '*'" +$DIG +noall +answer -p 5300 @$ns3 any a3-2.tld2 > dig.out.any +ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any` +if test ${ttl:=0} -eq 0; then setret I:failed; fi + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl index 1f4e94d5..d2030d53 100644 --- a/bin/tests/system/start.pl +++ b/bin/tests/system/start.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # -# Copyright (C) 2004-2008, 2010-2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008, 2010-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -161,7 +161,7 @@ sub start_server { if (-e "$testdir/$server/named.nosoa"); $command .= "-T noaa " if (-e "$testdir/$server/named.noaa"); - $command .= "-c named.conf -d 99 -g -U 4 "; + $command .= "-c named.conf -d 99 -g -U 4"; } if ($restart) { $command .= " >>named.run 2>&1 &"; diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in index 50600b78..185c8fcb 100644 --- a/bin/tests/system/tkey/ns1/named.conf.in +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -35,12 +35,12 @@ options { }; key rndc_key { - secret "1234abcd8765"; - algorithm hmac-md5; + secret "1234abcd8765"; + algorithm hmac-md5; }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; key "tkeytest." { @@ -49,7 +49,7 @@ key "tkeytest." { }; zone example { - type master; - file "example.db"; - allow-query { key tkeytest.; none; }; + type master; + file "example.db"; + allow-query { key tkeytest.; none; }; }; diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good index adfd6656..b10153ea 100644 --- a/bin/tests/system/xfer/dig1.good +++ b/bin/tests/system/xfer/dig1.good @@ -29,6 +29,9 @@ isdn02.example. 3600 IN ISDN "isdn-address" "subaddress" isdn03.example. 3600 IN ISDN "isdn-address" isdn04.example. 3600 IN ISDN "isdn-address" "subaddress" dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= +keydata.example. 3600 IN TYPE65533 \# 0 +keydata.example. 3600 IN TYPE65533 \# 6 010203040506 +keydata.example. 3600 IN TYPE65533 \# 18 010203040506010203040506010203040506 kx01.example. 3600 IN KX 10 kdc.example. kx02.example. 3600 IN KX 10 . loc01.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good index 977720e5..8b638169 100644 --- a/bin/tests/system/xfer/dig2.good +++ b/bin/tests/system/xfer/dig2.good @@ -29,6 +29,9 @@ isdn04.example. 3600 IN ISDN "isdn-address" "subaddress" hip1.example. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D hip2.example. 3600 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs.example.com. dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= +keydata.example. 3600 IN TYPE65533 \# 0 +keydata.example. 3600 IN TYPE65533 \# 6 010203040506 +keydata.example. 3600 IN TYPE65533 \# 18 010203040506010203040506010203040506 kx01.example. 3600 IN KX 10 kdc.example. kx02.example. 3600 IN KX 10 . loc01.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m diff --git a/bin/tests/system/xfer/ns2/named.conf b/bin/tests/system/xfer/ns2/named.conf index 523672d2..03b06c2c 100644 --- a/bin/tests/system/xfer/ns2/named.conf +++ b/bin/tests/system/xfer/ns2/named.conf @@ -64,5 +64,5 @@ zone "slave" { type slave; file "slave.db"; masters { 10.53.0.1; }; - masterfile-format text; + masterfile-format text; }; |