diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:44:50 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:44:50 -0600 |
| commit | 15c17fb71db9b8f876da1be5e6ddbba25ce61aba (patch) | |
| tree | 8f808bcda25300ee1b2bbb66f7fb49ab3a01027a /bin/tests | |
| parent | 0985d8a79623e77e4d2c801a661d1b1180f41285 (diff) | |
| download | bind9-15c17fb71db9b8f876da1be5e6ddbba25ce61aba.tar.gz | |
9.9.0a2
Diffstat (limited to 'bin/tests')
43 files changed, 1858 insertions, 122 deletions
diff --git a/bin/tests/adb_test.c b/bin/tests/adb_test.c index dc1f16ac..1bbe02a3 100644 --- a/bin/tests/adb_test.c +++ b/bin/tests/adb_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb_test.c,v 1.70 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: adb_test.c,v 1.73 2011-08-30 23:46:51 tbox Exp $ */ /*! \file */ @@ -264,9 +264,8 @@ lookup(const char *target) { result = dns_adb_createfind(adb, t2, lookup_callback, client, &client->name, dns_rootname, 0, options, now, NULL, view->dstport, &client->find); -#if 0 - check_result(result, "dns_adb_createfind()"); -#endif + if (result != ISC_R_SUCCESS) + printf("DNS_ADB_CREATEFIND -> %s\n", dns_result_totext(result)); dns_adb_dumpfind(client->find, stderr); if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) { @@ -414,7 +413,9 @@ main(int argc, char **argv) { dns_view_detach(&view); adb = NULL; + fprintf(stderr, "Destroying socket manager\n"); isc_socketmgr_destroy(&socketmgr); + fprintf(stderr, "Destroying timer manager\n"); isc_timermgr_destroy(&timermgr); fprintf(stderr, "Destroying task manager\n"); diff --git a/bin/tests/cfg_test.c b/bin/tests/cfg_test.c index 9fb74cf3..461b80ab 100644 --- a/bin/tests/cfg_test.c +++ b/bin/tests/cfg_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cfg_test.c,v 1.23 2010-01-11 23:48:37 tbox Exp $ */ +/* $Id: cfg_test.c,v 1.25 2011-09-05 23:46:54 tbox Exp $ */ /*! \file */ @@ -49,7 +49,7 @@ check_result(isc_result_t result, const char *format, ...) { static void output(void *closure, const char *text, int textlen) { UNUSED(closure); - (void) isc_util_fwrite(text, 1, textlen, stdout); + (void) fwrite(text, 1, textlen, stdout); } static void diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index d2e81cfb..c742ae9f 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db_test.c,v 1.68 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: db_test.c,v 1.70 2011-08-29 23:46:44 tbox Exp $ */ /*! \file * \author @@ -70,14 +70,10 @@ static isc_boolean_t ascending = ISC_TRUE; static void print_result(const char *message, isc_result_t result) { - size_t len; - if (message == NULL) { - len = 0; + if (message == NULL) message = ""; - } - len = strlen(message); - printf("%s%sresult %08x: %s\n", message, (len == 0U) ? "" : " ", + printf("%s%sresult %08x: %s\n", message, (*message == '\0') ? "" : " ", result, isc_result_totext(result)); } @@ -449,6 +445,7 @@ main(int argc, char *argv[]) { argc -= isc_commandline_index; argv += isc_commandline_index; + POST(argv); if (argc != 0) printf("ignoring trailing arguments\n"); diff --git a/bin/tests/dst/gsstest.c b/bin/tests/dst/gsstest.c index 505d471b..b9aee2ce 100755 --- a/bin/tests/dst/gsstest.c +++ b/bin/tests/dst/gsstest.c @@ -14,12 +14,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gsstest.c,v 1.16 2011-03-28 05:14:51 marka Exp $ */ +/* $Id: gsstest.c,v 1.18 2011-09-05 17:39:37 each Exp $ */ #include <config.h> #include <stdlib.h> #include <string.h> +#include <time.h> #include <isc/app.h> #include <isc/base64.h> @@ -146,14 +147,14 @@ recvresponse(isc_task_t *task, isc_event_t *event) { REQUIRE(reqev != NULL); + query = reqev->ev_arg; + if (reqev->result != ISC_R_SUCCESS) { fprintf(stderr, "I:request event result: %s\n", isc_result_totext(reqev->result)); goto end; } - query = reqev->ev_arg; - response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); @@ -174,7 +175,7 @@ recvresponse(isc_task_t *task, isc_event_t *event) { if (response) dns_message_destroy(&response); -end: + end: if (query) dns_message_destroy(&query); @@ -220,6 +221,8 @@ sendquery(isc_task_t *task, isc_event_t *event) CHECK("dns_name_fromtext", result); result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message); + if (result != ISC_R_SUCCESS) + goto end; message->opcode = dns_opcode_query; message->rdclass = dns_rdataclass_in; @@ -256,13 +259,13 @@ sendquery(isc_task_t *task, isc_event_t *event) return; - end: - if (qname != NULL) - dns_message_puttempname(message, &qname); - if (qrdataset != NULL) - dns_message_puttemprdataset(message, &qrdataset); - if (message != NULL) - dns_message_destroy(&message); + end: + if (qname != NULL) + dns_message_puttempname(message, &qname); + if (qrdataset != NULL) + dns_message_puttemprdataset(message, &qrdataset); + if (message != NULL) + dns_message_destroy(&message); } static void @@ -280,14 +283,14 @@ initctx2(isc_task_t *task, isc_event_t *event) { REQUIRE(reqev != NULL); + query = reqev->ev_arg; + if (reqev->result != ISC_R_SUCCESS) { fprintf(stderr, "I:request event result: %s\n", isc_result_totext(reqev->result)); goto end; } - query = reqev->ev_arg; - response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); @@ -331,7 +334,7 @@ initctx2(isc_task_t *task, isc_event_t *event) { if (response) dns_message_destroy(&response); -end: + end: if (query) dns_message_destroy(&query); @@ -406,7 +409,7 @@ initctx1(isc_task_t *task, isc_event_t *event) { CHECK("dns_request_create", result); return; -end: + end: event = isc_event_allocate(mctx, (void *)1, 1, console, NULL, sizeof(*event)); isc_task_send(task, &event);return; diff --git a/bin/tests/log_test.c b/bin/tests/log_test.c index 25aaa949..b6735b3c 100644 --- a/bin/tests/log_test.c +++ b/bin/tests/log_test.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log_test.c,v 1.28 2011-01-14 00:51:43 tbox Exp $ */ +/* $Id: log_test.c,v 1.29 2011-08-28 23:46:51 marka Exp $ */ /* Principal Authors: DCL */ @@ -27,6 +27,7 @@ #include <isc/commandline.h> #include <isc/mem.h> #include <isc/string.h> +#include <isc/util.h> #include <dns/log.h> @@ -94,6 +95,7 @@ main(int argc, char **argv) { argc -= isc_commandline_index; argv += isc_commandline_index; + POST(argv); if (argc > 0) { fprintf(stderr, usage, progname); diff --git a/bin/tests/nsecify.c b/bin/tests/nsecify.c index b4b43c55..243cc724 100644 --- a/bin/tests/nsecify.c +++ b/bin/tests/nsecify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsecify.c,v 1.10 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: nsecify.c,v 1.12 2011-08-29 23:46:44 tbox Exp $ */ #include <config.h> @@ -157,6 +157,7 @@ nsecify(char *filename) { result = dns_db_createiterator(db, 0, &dbiter); check_result(result, "dns_db_createiterator()"); result = dns_dbiterator_first(dbiter); + check_result(result, "dns_dbiterator_first()"); node = NULL; result = next_active(db, wversion, dbiter, name, &node); while (result == ISC_R_SUCCESS) { diff --git a/bin/tests/printmsg.c b/bin/tests/printmsg.c index e12f3ab6..b0279ee7 100644 --- a/bin/tests/printmsg.c +++ b/bin/tests/printmsg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: printmsg.c,v 1.29 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: printmsg.c,v 1.31 2011-08-25 23:46:42 tbox Exp $ */ #include <config.h> @@ -77,7 +77,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid, isc_region_t r; dns_name_t empty_name; char t[65536]; +#ifdef USEINITALWS isc_boolean_t first; +#endif isc_boolean_t no_rdata; if (sectionid == DNS_SECTION_QUESTION) @@ -100,7 +102,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid, dns_message_currentname(msg, sectionid, &name); isc_buffer_init(&target, t, sizeof(t)); +#ifdef USEINITALWS first = ISC_TRUE; +#endif print_name = name; for (rdataset = ISC_LIST_HEAD(name->list); @@ -159,7 +163,6 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner, isc_result_t printmessage(dns_message_t *msg) { - isc_boolean_t did_flag = ISC_FALSE; isc_result_t result; dns_rdataset_t *opt, *tsig; dns_name_t *tsigname; @@ -169,35 +172,21 @@ printmessage(dns_message_t *msg) { printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n", opcodetext[msg->opcode], rcodetext[msg->rcode], msg->id); - printf(";; flags: "); - if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) { - printf("qr"); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) { - printf("%saa", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) { - printf("%stc", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) { - printf("%srd", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) { - printf("%sra", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) { - printf("%sad", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } - if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) { - printf("%scd", did_flag ? " " : ""); - did_flag = ISC_TRUE; - } + printf(";; flags:"); + if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) + printf(" qr"); + if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) + printf(" aa"); + if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) + printf(" tc"); + if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) + printf(" rd"); + if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) + printf(" ra"); + if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) + printf(" ad"); + if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) + printf(" cd"); printf("; QUERY: %u, ANSWER: %u, AUTHORITY: %u, ADDITIONAL: %u\n", msg->counts[DNS_SECTION_QUESTION], msg->counts[DNS_SECTION_ANSWER], diff --git a/bin/tests/rbt_test.c b/bin/tests/rbt_test.c index 1324a811..35fe3f0f 100644 --- a/bin/tests/rbt_test.c +++ b/bin/tests/rbt_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt_test.c,v 1.50 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: rbt_test.c,v 1.52 2011-08-28 23:46:41 tbox Exp $ */ #include <config.h> @@ -88,7 +88,7 @@ delete_name(void *data, void *arg) { UNUSED(arg); name = data; - isc_mem_put(mctx, data, sizeof(dns_name_t) + DNSNAMELEN); + isc_mem_put(mctx, name, sizeof(*name) + DNSNAMELEN); } static void @@ -280,6 +280,7 @@ main(int argc, char **argv) { argc -= isc_commandline_index; argv += isc_commandline_index; + POST(argv); if (argc > 1) { printf("Usage: %s [-m]\n", progname); diff --git a/bin/tests/rdata_test.c b/bin/tests/rdata_test.c index bb28484d..937a38d7 100644 --- a/bin/tests/rdata_test.c +++ b/bin/tests/rdata_test.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata_test.c,v 1.51 2011-08-16 03:00:02 marka Exp $ */ +/* $Id: rdata_test.c,v 1.52 2011-08-28 09:10:41 marka Exp $ */ #include <config.h> @@ -988,6 +988,15 @@ main(int argc, char *argv[]) { type = token.value.as_ulong; isc_buffer_init(&tbuf, outbuf, sizeof(outbuf)); result = dns_rdatatype_totext(type, &tbuf); + if (result != ISC_R_SUCCESS) { + fprintf(stdout, + "dns_rdatatype_totext " + "returned %s(%d)\n", + dns_result_totext(result), result); + fflush(stdout); + need_eol = 1; + continue; + } fprintf(stdout, "type = %.*s(%d)\n", (int)tbuf.used, (char*)tbuf.base, type); } else if (token.type == isc_tokentype_string) { @@ -1020,6 +1029,14 @@ main(int argc, char *argv[]) { class = token.value.as_ulong; isc_buffer_init(&tbuf, outbuf, sizeof(outbuf)); result = dns_rdatatype_totext(class, &tbuf); + if (result != ISC_R_SUCCESS) { + fprintf(stdout, "dns_rdatatype_totext " + "returned %s(%d)\n", + dns_result_totext(result), result); + fflush(stdout); + need_eol = 1; + continue; + } fprintf(stdout, "class = %.*s(%d)\n", (int)tbuf.used, (char*)tbuf.base, class); } else if (token.type == isc_tokentype_string) { diff --git a/bin/tests/shutdown_test.c b/bin/tests/shutdown_test.c index 9e10723d..0264f7ef 100644 --- a/bin/tests/shutdown_test.c +++ b/bin/tests/shutdown_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: shutdown_test.c,v 1.23 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: shutdown_test.c,v 1.25 2011-08-28 23:46:41 tbox Exp $ */ #include <config.h> @@ -168,7 +168,7 @@ new_task(isc_mem_t *mctx, const char *name) { int main(int argc, char *argv[]) { unsigned int workers; - t_info *t1, *t2, *t3; + t_info *t1, *t2; isc_task_t *task; isc_mem_t *mctx, *mctx2; @@ -197,7 +197,7 @@ main(int argc, char *argv[]) { /* * Test run-triggered shutdown. */ - t3 = new_task(mctx2, "foo"); + (void)new_task(mctx2, "foo"); /* * Test implicit shutdown. diff --git a/bin/tests/startperf/README b/bin/tests/startperf/README index 0f350c2e..0b8185b9 100644 --- a/bin/tests/startperf/README +++ b/bin/tests/startperf/README @@ -1,9 +1,17 @@ These scripts generate a named.conf file with an arbitrary number of small zones, for testing startup performance. -To generate a test server with 1000 zones, run: +To generate a test server with 1000 zones each of which contains 5 A +records, run: - $ sh setup.sh 1000 > named.conf + $ sh setup.sh 1000 5 > named.conf -Zones are generated with random names, and all of them load from the same -file: smallzone.db. +Zones are generated with random names, and the zone files are created +in the subdirectory "zones". + +Or, to generate a test server with 100 zones which all load from the same +generic file (smallzone.db): + + $ sh setup.sh -s 100 > named.conf + +The "number of records" argument is ignored if -s is used. diff --git a/bin/tests/startperf/clean.sh b/bin/tests/startperf/clean.sh new file mode 100644 index 00000000..507f7779 --- /dev/null +++ b/bin/tests/startperf/clean.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.3 2011-09-02 23:46:31 tbox Exp $ + +rm -rf zones +rm -f named.conf diff --git a/bin/tests/startperf/makenames.pl b/bin/tests/startperf/makenames.pl index abc1124f..149bc938 100644 --- a/bin/tests/startperf/makenames.pl +++ b/bin/tests/startperf/makenames.pl @@ -14,17 +14,19 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: makenames.pl,v 1.2 2011-07-06 05:05:51 each Exp $ +# $Id: makenames.pl,v 1.3 2011-09-02 21:15:35 each Exp $ use strict; -die "Usage: makenames.pl <num>" if (@ARGV == 0); +die "Usage: makenames.pl <num> [<len>]" if (@ARGV == 0 || @ARGV > 2); +my $len = 10; +$len = @ARGV[1] if (@ARGV == 2); my @chars = split("", "abcdefghijklmnopqrstuvwxyz123456789"); srand; for (my $i = 0; $i < @ARGV[0]; $i++) { my $name = ""; - for (my $j = 0; $j < 10; $j++) { + for (my $j = 0; $j < $len; $j++) { my $r = rand 35; $name .= $chars[$r]; } diff --git a/bin/tests/startperf/mkzonefile.pl b/bin/tests/startperf/mkzonefile.pl new file mode 100644 index 00000000..8c4b8f2a --- /dev/null +++ b/bin/tests/startperf/mkzonefile.pl @@ -0,0 +1,51 @@ +#!/usr/bin/perl +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: mkzonefile.pl,v 1.2 2011-09-02 21:15:35 each Exp $ +use strict; + +die "Usage: makenames.pl zonename num_records" if (@ARGV != 2); +my $zname = @ARGV[0]; +my $nrecords = @ARGV[1]; + +my @chars = split("", "abcdefghijklmnopqrstuvwxyz"); + +print"\$TTL 300 ; 5 minutes +\$ORIGIN $zname. +@ IN SOA mname1. . ( + 2011080201 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3\n"; + +srand; +for (my $i = 0; $i < $nrecords; $i++) { + my $name = ""; + for (my $j = 0; $j < 8; $j++) { + my $r = rand 25; + $name .= $chars[$r]; + } + print "$name" . "\tIN\tA\t"; + my $x = int rand 254; + my $y = int rand 254; + my $z = int rand 254; + print "10.$x.$y.$z\n"; +} + diff --git a/bin/tests/startperf/setup.sh b/bin/tests/startperf/setup.sh index c5fade97..c3f500be 100644 --- a/bin/tests/startperf/setup.sh +++ b/bin/tests/startperf/setup.sh @@ -14,13 +14,30 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3 2011-07-07 23:47:49 tbox Exp $ +# $Id: setup.sh,v 1.4 2011-09-02 21:15:35 each Exp $ -if [ "$#" -ne 1 ]; then - echo "Usage: $0 <number of zones>" +usage () { + echo "Usage: $0 [-s] <number of zones> [<records per zone>]" + echo " -s: use the same zone file all zones" exit 1 +} + +if [ "$#" -lt 1 -o "$#" -gt 3 ]; then + usage +fi + +single_file="" +if [ $1 = "-s" ]; then + single_file=yes + shift fi +nzones=$1 +shift + +nrecords=5 +[ "$#" -eq 1 ] && nrecords=$1 + . ../system/conf.sh cat << EOF @@ -59,6 +76,12 @@ logging { EOF -$PERL makenames.pl $1 | while read zonename; do +$PERL makenames.pl $nzones | while read zonename; do + if [ $single_file ]; then echo "zone $zonename { type master; file \"smallzone.db\"; };" + else + [ -d zones ] || mkdir zones + $PERL mkzonefile.pl $zonename $nrecords > zones/$zonename.db + echo "zone $zonename { type master; file \"zones/$zonename.db\"; };" + fi done diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh index d5802a02..744377b9 100644 --- a/bin/tests/system/cacheclean/tests.sh +++ b/bin/tests/system/cacheclean/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.8 2011-08-23 00:59:23 each Exp $ +# $Id: tests.sh,v 1.10 2011-09-01 05:28:14 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -32,22 +32,24 @@ load_cache () { $RNDC $RNDCOPTS flush # load the positive cache entries - $DIG $DIGOPTS txt top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second1.top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third1.second1.top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third2.second1.top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second2.top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second3.top1.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second1.top2.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second2.top2.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second3.top2.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second1.top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third1.second1.top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third2.second1.top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third1.second2.top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt third2.second2.top3.flushtest.example > /dev/null 2>1 - $DIG $DIGOPTS txt second3.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS -f - << EOF > /dev/null 2>1 +txt top1.flushtest.example +txt second1.top1.flushtest.example +txt third1.second1.top1.flushtest.example +txt third2.second1.top1.flushtest.example +txt second2.top1.flushtest.example +txt second3.top1.flushtest.example +txt second1.top2.flushtest.example +txt second2.top2.flushtest.example +txt second3.top2.flushtest.example +txt top3.flushtest.example +txt second1.top3.flushtest.example +txt third1.second1.top3.flushtest.example +txt third2.second1.top3.flushtest.example +txt third1.second2.top3.flushtest.example +txt third2.second2.top3.flushtest.example +txt second3.top3.flushtest.example +EOF # load the negative cache entries # nxrrset: @@ -57,8 +59,8 @@ load_cache () { # empty nonterminal: $DIG $DIGOPTS txt second2.top3.flushtest.example > /dev/null - # sleep one second ensure the TTLs will be lower on cached data - sleep 1 + # sleep 2 seconds ensure the TTLs will be lower on cached data + sleep 2 } dump_cache () { @@ -75,10 +77,10 @@ in_cache () { ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'` [ -z "$ttl" ] && { ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'` - [ "$ttl" -eq 3600 ] && return 1 + [ "$ttl" -ge 3599 ] && return 1 return 0 } - [ "$ttl" -eq 3600 ] && return 1 + [ "$ttl" -ge 3599 ] && return 1 return 0 } @@ -106,7 +108,7 @@ nrecords=`grep flushtest.example ns2/named_dump.db | grep -v '^;' | wc -l` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:check flushing of individual nodes" +echo "I:check flushing of individual nodes (interior node)" ret=0 clear_cache load_cache @@ -114,12 +116,20 @@ load_cache in_cache txt top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname top1.flushtest.example in_cache txt top1.flushtest.example && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +echo "I:check flushing of individual nodes (leaf node, under the interior node)" +ret=0 # leaf node, under the interior node (should still exist) in_cache txt third2.second1.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example in_cache txt third2.second1.top1.flushtest.example && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +echo "I:check flushing of individual nodes (another leaf node, with both positive and negative cache entries)" +ret=0 # another leaf node, with both positive and negative cache entries in_cache a third1.second1.top1.flushtest.example || ret=1 in_cache txt third1.second1.top1.flushtest.example || ret=1 diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index f2bb61b4..2aa3239b 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: conf.sh.in,v 1.68 2011-08-09 02:24:28 marka Exp $ +# $Id: conf.sh.in,v 1.69 2011-08-30 05:16:11 marka Exp $ # # Common configuration data for system tests, to be sourced into @@ -54,7 +54,7 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint # v6synth SUBDIRS="acl allow_query addzone autosign builtin cacheclean checkconf checknames checkzone database dlv dlvauto dlz dlzexternal - dname dns64 dnssec forward glue gost ixfr limits + dname dns64 dnssec forward glue gost ixfr inline limits logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder sortlist smartsign staticstub stub tkey tsig tsiggss unknown diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 895dac0a..9ddd5184 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.92 2011-07-08 01:43:26 each Exp $ +# $Id: tests.sh,v 1.93 2011-09-02 21:55:16 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -1082,6 +1082,9 @@ $DIG $DIGOPTS normalthenrrsig.secure.example. @10.53.0.4 a > /dev/null || ret=1 ans=`$DIG $DIGOPTS +short normalthenrrsig.secure.example. @10.53.0.4 rrsig` || ret=1 expect=`$DIG $DIGOPTS +short normalthenrrsig.secure.example. @10.53.0.3 rrsig | grep '^A' ` || ret=1 test "$ans" = "$expect" || ret=1 +# also check that RA is set +$DIG $DIGOPTS normalthenrrsig.secure.example. @10.53.0.4 rrsig > dig.out.ns4.test$n || ret=1 +grep "flags:.*ra.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -1092,6 +1095,9 @@ echo "I:checking RRSIG query not in cache ($n)" ret=0 ans=`$DIG $DIGOPTS +short rrsigonly.secure.example. @10.53.0.4 rrsig` || ret=1 test -z "$ans" || ret=1 +# also check that RA is cleared +$DIG $DIGOPTS rrsigonly.secure.example. @10.53.0.4 rrsig > dig.out.ns4.test$n || ret=1 +grep "flags:.*ra.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh new file mode 100644 index 00000000..f36b1d12 --- /dev/null +++ b/bin/tests/system/inline/clean.sh @@ -0,0 +1,27 @@ +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +rm -f */named.memstats +rm -f */named.run +rm -f */trusted.conf +rm -f ns2/bits.db +rm -f ns3/K* +rm -f ns3/bits.bk +rm -f ns3/bits.bk.jnl +rm -f ns3/bits.bk.signed +rm -f ns3/bits.bk.signed.jnl +rm -f ns4/noixfr.db +rm -f random.data diff --git a/bin/tests/system/inline/ns1/named.conf b/bin/tests/system/inline/ns1/named.conf new file mode 100644 index 00000000..61209758 --- /dev/null +++ b/bin/tests/system/inline/ns1/named.conf @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2011-08-30 23:46:52 tbox Exp $ */ + +// NS1 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "." { + type master; + file "root.db.signed"; +}; + +// include "trusted.conf"; diff --git a/bin/tests/system/inline/ns2/bits.db.in b/bin/tests/system/inline/ns2/bits.db.in new file mode 100644 index 00000000..0d469e29 --- /dev/null +++ b/bin/tests/system/inline/ns2/bits.db.in @@ -0,0 +1,134 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: bits.db.in,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA ns2 . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns2 A 10.53.0.2 +ns3 A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 + +; Used for testing ANY queries +foo TXT "testing" +foo A 10.0.1.0 + +bad-cname CNAME a +bad-dname DNAME @ + +; Used for testing CNAME queries +cname1 CNAME cname1-target +cname1-target TXT "testing cname" + +cname2 CNAME cname2-target +cname2-target TXT "testing cname" + +; Used for testing DNAME queries +dname1 DNAME dname1-target +foo.dname1-target TXT "testing dname" + +dname2 DNAME dname2-target +foo.dname2-target TXT "testing dname" + +; A secure subdomain +secure NS ns.secure +ns.secure A 10.53.0.3 + +; An insecure subdomain +insecure NS ns.insecure +ns.insecure A 10.53.0.3 + +; A secure subdomain we're going to inject bogus data into +bogus NS ns.bogus +ns.bogus A 10.53.0.3 + +; A dynamic secure subdomain +dynamic NS dynamic +dynamic A 10.53.0.3 + +; A insecure subdomain +mustbesecure NS ns.mustbesecure +ns.mustbesecure A 10.53.0.3 + +; A rfc2535 signed zone w/ CNAME +rfc2535 NS ns.rfc2535 +ns.rfc2535 A 10.53.0.3 + +z A 10.0.0.26 + +keyless NS ns.keyless +ns.keyless A 10.53.0.3 + +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 + +optout NS ns.optout +ns.optout A 10.53.0.3 + +nsec3-unknown NS ns.nsec3-unknown +ns.nsec3-unknown A 10.53.0.3 + +optout-unknown NS ns.optout-unknown +ns.optout-unknown A 10.53.0.3 + +multiple NS ns.multiple +ns.multiple A 10.53.0.3 + +*.wild A 10.0.0.27 + +rsasha256 NS ns.rsasha256 +ns.rsasha256 A 10.53.0.3 + +rsasha512 NS ns.rsasha512 +ns.rsasha512 A 10.53.0.3 + +kskonly NS ns.kskonly +ns.kskonly A 10.53.0.3 + +update-nsec3 NS ns.update-nsec3 +ns.update-nsec3 A 10.53.0.3 + +auto-nsec NS ns.auto-nsec +ns.auto-nsec A 10.53.0.3 + +auto-nsec3 NS ns.auto-nsec3 +ns.auto-nsec3 A 10.53.0.3 + + +below-cname CNAME some.where.else. + +insecure.below-cname NS ns.insecure.below-cname +ns.insecure.below-cname A 10.53.0.3 + +secure.below-cname NS ns.secure.below-cname +ns.secure.below-cname A 10.53.0.3 + +ttlpatch NS ns.ttlpatch +ns.ttlpatch A 10.53.0.3 + +split-dnssec NS ns.split-dnssec +ns.split-dnssec A 10.53.0.3 + +split-smart NS ns.split-smart +ns.split-smart A 10.53.0.3 diff --git a/bin/tests/system/inline/ns2/named.conf b/bin/tests/system/inline/ns2/named.conf new file mode 100644 index 00000000..2623fe68 --- /dev/null +++ b/bin/tests/system/inline/ns2/named.conf @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2011-08-30 23:46:52 tbox Exp $ */ + +// NS2 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + notify-delay 0; +}; + +zone "bits" { + type master; + file "bits.db"; + allow-update { any; }; +}; diff --git a/bin/tests/system/inline/ns3/named.conf b/bin/tests/system/inline/ns3/named.conf new file mode 100644 index 00000000..e39580bb --- /dev/null +++ b/bin/tests/system/inline/ns3/named.conf @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2011-08-30 23:46:52 tbox Exp $ */ + +// NS2 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + try-tcp-refresh no; + notify-delay 0; +}; + +zone "bits" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "bits.bk"; +}; + +server 10.53.0.4 { request-ixfr no; }; + +zone "noixfr" { + type slave; + masters { 10.53.0.4; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "noixfr.bk"; +}; diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh new file mode 100644 index 00000000..fd185cd2 --- /dev/null +++ b/bin/tests/system/inline/ns3/sign.sh @@ -0,0 +1,34 @@ +#!/bin/sh -e +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: sign.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +RANDFILE=../random.data + +zone=bits +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` + +zone=noixfr +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` diff --git a/bin/tests/system/inline/ns4/named.conf b/bin/tests/system/inline/ns4/named.conf new file mode 100644 index 00000000..df9d9b6f --- /dev/null +++ b/bin/tests/system/inline/ns4/named.conf @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2011-08-30 23:46:52 tbox Exp $ */ + +// NS2 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + notify-delay 0; +}; + +zone "noixfr" { + type master; + file "noixfr.db"; + allow-update { any; }; +}; diff --git a/bin/tests/system/inline/ns4/noixfr.db.in b/bin/tests/system/inline/ns4/noixfr.db.in new file mode 100644 index 00000000..8fb44da1 --- /dev/null +++ b/bin/tests/system/inline/ns4/noixfr.db.in @@ -0,0 +1,134 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: noixfr.db.in,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA ns4 . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns4 A 10.53.0.4 +ns3 A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 + +; Used for testing ANY queries +foo TXT "testing" +foo A 10.0.1.0 + +bad-cname CNAME a +bad-dname DNAME @ + +; Used for testing CNAME queries +cname1 CNAME cname1-target +cname1-target TXT "testing cname" + +cname2 CNAME cname2-target +cname2-target TXT "testing cname" + +; Used for testing DNAME queries +dname1 DNAME dname1-target +foo.dname1-target TXT "testing dname" + +dname2 DNAME dname2-target +foo.dname2-target TXT "testing dname" + +; A secure subdomain +secure NS ns.secure +ns.secure A 10.53.0.3 + +; An insecure subdomain +insecure NS ns.insecure +ns.insecure A 10.53.0.3 + +; A secure subdomain we're going to inject bogus data into +bogus NS ns.bogus +ns.bogus A 10.53.0.3 + +; A dynamic secure subdomain +dynamic NS dynamic +dynamic A 10.53.0.3 + +; A insecure subdomain +mustbesecure NS ns.mustbesecure +ns.mustbesecure A 10.53.0.3 + +; A rfc2535 signed zone w/ CNAME +rfc2535 NS ns.rfc2535 +ns.rfc2535 A 10.53.0.3 + +z A 10.0.0.26 + +keyless NS ns.keyless +ns.keyless A 10.53.0.3 + +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 + +optout NS ns.optout +ns.optout A 10.53.0.3 + +nsec3-unknown NS ns.nsec3-unknown +ns.nsec3-unknown A 10.53.0.3 + +optout-unknown NS ns.optout-unknown +ns.optout-unknown A 10.53.0.3 + +multiple NS ns.multiple +ns.multiple A 10.53.0.3 + +*.wild A 10.0.0.27 + +rsasha256 NS ns.rsasha256 +ns.rsasha256 A 10.53.0.3 + +rsasha512 NS ns.rsasha512 +ns.rsasha512 A 10.53.0.3 + +kskonly NS ns.kskonly +ns.kskonly A 10.53.0.3 + +update-nsec3 NS ns.update-nsec3 +ns.update-nsec3 A 10.53.0.3 + +auto-nsec NS ns.auto-nsec +ns.auto-nsec A 10.53.0.3 + +auto-nsec3 NS ns.auto-nsec3 +ns.auto-nsec3 A 10.53.0.3 + + +below-cname CNAME some.where.else. + +insecure.below-cname NS ns.insecure.below-cname +ns.insecure.below-cname A 10.53.0.3 + +secure.below-cname NS ns.secure.below-cname +ns.secure.below-cname A 10.53.0.3 + +ttlpatch NS ns.ttlpatch +ns.ttlpatch A 10.53.0.3 + +split-dnssec NS ns.split-dnssec +ns.split-dnssec A 10.53.0.3 + +split-smart NS ns.split-smart +ns.split-smart A 10.53.0.3 diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh new file mode 100644 index 00000000..c1007d77 --- /dev/null +++ b/bin/tests/system/inline/setup.sh @@ -0,0 +1,39 @@ +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: setup.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +sh clean.sh + +touch ns2/trusted.conf +cp ns2/bits.db.in ns2/bits.db +rm -f ns2/bits.db.jnl + +rm -f ns3/bits.bk +rm -f ns3/bits.bk.jnl +rm -f ns3/bits.bk.signed +rm -f ns3/bits.bk.signed.jnl + +touch ns4/trusted.conf +cp ns4/noixfr.db.in ns4/noixfr.db +rm -f ns4/noixfr.db.jnl + +rm -f ns3/noixfr.bk +rm -f ns3/noixfr.bk.jnl +rm -f ns3/noixfr.bk.signed +rm -f ns3/noixfr.bk.signed.jnl + +../../../tools/genrandom 400 random.data + +(cd ns3; sh -e sign.sh) diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh new file mode 100644 index 00000000..73bf5262 --- /dev/null +++ b/bin/tests/system/inline/tests.sh @@ -0,0 +1,329 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: tests.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIGOPTS="+tcp +dnssec" + +status=0 +n=0 + +n=`expr $n + 1` +echo "I:checking that the zone is signed on initial transfer ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 3," dig.out.ns3.test$n > /dev/null || ret=1 + records=`grep "TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001" dig.out.ns3.test$n | wc -l` + [ $records = 2 ] || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone bits +server 10.53.0.2 5300 +update add added.bits 0 A 1.2.3.4 +send +EOF + +n=`expr $n + 1` +echo "I:checking that the record is added on the hidden master ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -p 5300 added.bits A > dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that update has been transfered and has been signed ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 added.bits A > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone bits +server 10.53.0.2 5300 +update add bits 0 SOA ns2.bits. . 2011072400 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072400) serial on hidden master ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 +grep "2011072400" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072400) serial in signed zone ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +echo "I:checking that the zone is signed on initial transfer, noixfr ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr TYPE65534 > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 3," dig.out.ns3.test$n > /dev/null || ret=1 + records=`grep "TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001" dig.out.ns3.test$n | wc -l` + [ $records = 2 ] || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone noixfr +server 10.53.0.4 5300 +update add added.noixfr 0 A 1.2.3.4 +send +EOF + +n=`expr $n + 1` +echo "I:checking that the record is added on the hidden master, noixfr ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.4 -p 5300 added.noixfr A > dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking that update has been transfered and has been signed, noixfr ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 added.noixfr A > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone noixfr +server 10.53.0.4 5300 +update add noixfr 0 SOA ns4.noixfr. . 2011072400 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072400) serial on hidden master, noixfr ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 +grep "2011072400" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:stop bump in the wire signer server ($n)" +ret=0 +$PERL ../stop.pl . ns3 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:restart bump in the wire signer server ($n)" +ret=0 +$PERL ../start.pl --noclean . ns3 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone bits +server 10.53.0.2 5300 +update add bits 0 SOA ns2.bits. . 2011072450 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072450) serial on hidden master ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 +grep "2011072450" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072450) serial in signed zone ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone noixfr +server 10.53.0.4 5300 +update add noixfr 0 SOA ns4.noixfr. . 2011072450 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072450) serial on hidden master, noixfr ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 +grep "2011072450" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone bits +server 10.53.0.3 5300 +update add bits 0 SOA ns2.bits. . 2011072460 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking forwarded update on hidden master ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 +grep "2011072460" dig.out.ns2.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking forwarded update on signed zone ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +$NSUPDATE << EOF +zone noixfr +server 10.53.0.3 5300 +update add noixfr 0 SOA ns4.noixfr. . 2011072460 20 20 1814400 3600 +send +EOF + +n=`expr $n + 1` +echo "I:checking forwarded update on hidden master, noixfr ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 +grep "2011072460" dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:checking forwarded update on signed zone, noixfr ($n)" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 + grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +exit $status diff --git a/bin/tests/system/ixfr/clean.sh b/bin/tests/system/ixfr/clean.sh index 91e28b84..3846e433 100644 --- a/bin/tests/system/ixfr/clean.sh +++ b/bin/tests/system/ixfr/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,9 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.6 2007-09-26 03:22:43 marka Exp $ +# $Id: clean.sh,v 1.8 2011-09-06 23:46:27 tbox Exp $ rm -f ns1/named.conf ns1/myftp.db +rm -f ns3/*.jnl ns3/mytest.db ns3/subtest.db +rm -f ns4/*.jnl ns4/*.db rm -f */named.memstats diff --git a/bin/tests/system/ixfr/ns3/mytest0.db b/bin/tests/system/ixfr/ns3/mytest0.db new file mode 100644 index 00000000..c964c6df --- /dev/null +++ b/bin/tests/system/ixfr/ns3/mytest0.db @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: mytest0.db,v 1.3 2011-09-07 23:46:27 tbox Exp $ + +$ORIGIN test. +$TTL 15 +test. 15 IN SOA ns1.test. hostmaster.test. ( + 1 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + IN NS ns1.test. + IN NS ns2.test. +ns1 IN A 10.53.0.3 +ns2 IN A 10.53.0.4 +host1 IN A 192.168.10.3 +host2 IN A 192.168.10.4 diff --git a/bin/tests/system/ixfr/ns3/mytest1.db b/bin/tests/system/ixfr/ns3/mytest1.db new file mode 100644 index 00000000..36ae69bc --- /dev/null +++ b/bin/tests/system/ixfr/ns3/mytest1.db @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: mytest1.db,v 1.3 2011-09-07 23:46:27 tbox Exp $ + +$ORIGIN test. +$TTL 15 +test. 15 IN SOA ns1.test. hostmaster.test. ( + 2 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + IN NS ns1.test. + IN NS ns2.test. +ns1 IN A 10.53.0.3 +ns2 IN A 10.53.0.4 +host1 IN A 192.168.10.13 +host2 IN A 192.168.10.4 diff --git a/bin/tests/system/ixfr/ns3/mytest2.db b/bin/tests/system/ixfr/ns3/mytest2.db new file mode 100644 index 00000000..ca4e4264 --- /dev/null +++ b/bin/tests/system/ixfr/ns3/mytest2.db @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: mytest2.db,v 1.3 2011-09-07 23:46:27 tbox Exp $ + +$ORIGIN test. +$TTL 15 +test. 15 IN SOA ns1.test. hostmaster.test. ( + 4 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + IN NS ns1.test. + IN NS ns2.test. +ns1 IN A 10.53.0.3 +ns2 IN A 10.53.0.4 +host1 IN A 192.168.10.13 +host2 IN A 192.168.10.14 diff --git a/bin/tests/system/ixfr/ns3/named.conf b/bin/tests/system/ixfr/ns3/named.conf new file mode 100644 index 00000000..225df371 --- /dev/null +++ b/bin/tests/system/ixfr/ns3/named.conf @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2011-09-07 23:46:27 tbox Exp $ */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + allow-transfer { any; }; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; +}; + +view "primary" { + ixfr-from-differences yes; + request-ixfr yes; + zone "test" IN { + type master; + file "mytest.db"; + }; + zone "sub.test" IN { + type master; + file "subtest.db"; + request-ixfr no; + }; +}; diff --git a/bin/tests/system/ixfr/ns3/subtest0.db b/bin/tests/system/ixfr/ns3/subtest0.db new file mode 100644 index 00000000..5bbeca42 --- /dev/null +++ b/bin/tests/system/ixfr/ns3/subtest0.db @@ -0,0 +1,29 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: subtest0.db,v 1.3 2011-09-07 23:46:27 tbox Exp $ + +$ORIGIN sub.test. +$TTL 15 +sub.test. 15 IN SOA ns1.test. hostmaster.test. ( + 1 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + IN NS ns1.test. + IN NS ns2.test. +host3 IN A 192.168.10.23 +host4 IN A 192.168.10.24 diff --git a/bin/tests/system/ixfr/ns3/subtest1.db b/bin/tests/system/ixfr/ns3/subtest1.db new file mode 100644 index 00000000..49b719d9 --- /dev/null +++ b/bin/tests/system/ixfr/ns3/subtest1.db @@ -0,0 +1,29 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: subtest1.db,v 1.3 2011-09-07 23:46:27 tbox Exp $ + +$ORIGIN sub.test. +$TTL 15 +sub.test. 15 IN SOA ns1.test. hostmaster.test. ( + 3 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + IN NS ns1.test. + IN NS ns2.test. +host3 IN A 192.168.10.123 +host4 IN A 192.168.10.24 diff --git a/bin/tests/system/ixfr/ns4/named.conf b/bin/tests/system/ixfr/ns4/named.conf new file mode 100644 index 00000000..8b5e0b45 --- /dev/null +++ b/bin/tests/system/ixfr/ns4/named.conf @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2011-09-07 23:46:28 tbox Exp $ */ + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; +}; + +view "primary" { + ixfr-from-differences yes; + request-ixfr yes; + zone "test" IN { + type slave; + file "mytest.db"; + masters { 10.53.0.3; }; + }; + zone "sub.test" IN { + type slave; + file "subtest.db"; + request-ixfr no; + masters { 10.53.0.3; }; + }; +}; diff --git a/bin/tests/system/ixfr/setup.sh b/bin/tests/system/ixfr/setup.sh index 820dd4e9..45259a80 100644 --- a/bin/tests/system/ixfr/setup.sh +++ b/bin/tests/system/ixfr/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,9 +15,9 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.4 2007-06-19 23:47:03 tbox Exp $ +# $Id: setup.sh,v 1.6 2011-09-06 23:46:27 tbox Exp $ -rm -f ns1/*.db ns1/*.jnl +rm -f ns1/*.db ns1/*.jnl ns3/*.jnl ns4/*.jnl cat <<EOF >ns1/named.conf options { @@ -41,3 +41,7 @@ controls { inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; EOF + +# Setup initial db files for ns3 +cp ns3/mytest0.db ns3/mytest.db +cp ns3/subtest0.db ns3/subtest.db diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index e3d6aa7c..c304d616 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -15,7 +15,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.7 2011-03-05 23:52:29 tbox Exp $ +# $Id: tests.sh,v 1.8 2011-09-06 22:29:32 smann Exp $ + + +# WARNING: The test labelled "testing request-ixfr option in view vs zone" +# is fragile because it depends upon counting instances of records +# in the log file - need a better approach <sdm> - until then, +# if you add any tests above that point, you will break the test. SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -132,5 +138,67 @@ $DIGCMD nil. TXT | grep 'fallback AXFR' >/dev/null || { status=1 } +echo "I:testing ixfr-from-differences option" +# ns3 is master; ns4 is slave +$CHECKZONE test. ns3/mytest.db > /dev/null 2>&1 +if [ $? -ne 0 ] +then + echo "I:named-checkzone returned failure on ns3/mytest.db" +fi +# modify the master +#echo "I: digging against master: " +#$DIG $DIGOPTS @10.53.0.3 -p 5300 a host1.test. +#echo "I: digging against slave: " +#$DIG $DIGOPTS @10.53.0.4 -p 5300 a host1.test. + +cp ns3/mytest1.db ns3/mytest.db +$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +sleep 2 + +# slave should have gotten notify and updated + +INCR=`grep "test/IN/primary" ns4/named.run|grep "got incremental"|wc -l` +if [ $INCR -ne 1 ] +then + echo "I:failed to get incremental response" + status=1 +fi + +echo "I:testing request-ixfr option in view vs zone" +# There's a view with 2 zones. In the view, "request-ixfr yes" +# but in the zone "sub.test", request-ixfr no" +# we want to make sure that a change to sub.test results in AXFR, while +# changes to test. result in IXFR + +echo "I: this result should be AXFR" +cp ns3/subtest1.db ns3/subtest.db # change to sub.test zone, should be AXFR +$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +sleep 2 + +echo "I: this result should be AXFR" +NONINCR=`grep 'sub\.test/IN/primary' ns4/named.run|grep "got nonincremental" | wc -l` +if [ $NONINCR -ne 2 ] +then + echo "I:failed to get nonincremental response in 2nd AXFR test" + status=1 +else + echo "I: success: AXFR it was" +fi + +echo "I: this result should be IXFR" +cp ns3/mytest2.db ns3/mytest.db # change to test zone, should be IXFR +$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +sleep 2 + +INCR=`grep "test/IN/primary" ns4/named.run|grep "got incremental"|wc -l` +if [ $INCR -ne 2 ] +then + echo "I:failed to get incremental response in 2nd IXFR test" + status=1 +else + echo "I: success: IXFR it was" +fi + + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/upforwd/ans4/ans.pl b/bin/tests/system/upforwd/ans4/ans.pl new file mode 100644 index 00000000..b5aebc51 --- /dev/null +++ b/bin/tests/system/upforwd/ans4/ans.pl @@ -0,0 +1,351 @@ +#!/usr/bin/perl +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: ans.pl,v 1.2 2011-08-31 06:49:10 marka Exp $ + +# +# This is the name server from hell. It provides canned +# responses based on pattern matching the queries, and +# can be reprogrammed on-the-fly over a TCP connection. +# +# The server listens for control connections on port 5301. +# A control connection is a TCP stream of lines like +# +# /pattern/ +# name ttl type rdata +# name ttl type rdata +# ... +# /pattern/ +# name ttl type rdata +# name ttl type rdata +# ... +# +# There can be any number of patterns, each associated +# with any number of response RRs. Each pattern is a +# Perl regular expression. +# +# Each incoming query is converted into a string of the form +# "qname qtype" (the printable query domain name, space, +# printable query type) and matched against each pattern. +# +# The first pattern matching the query is selected, and +# the RR following the pattern line are sent in the +# answer section of the response. +# +# Each new control connection causes the current set of +# patterns and responses to be cleared before adding new +# ones. +# +# The server handles UDP and TCP queries. Zone transfer +# responses work, but must fit in a single 64 k message. +# +# Now you can add TSIG, just specify key/key data with: +# +# /pattern <key> <key_data>/ +# name ttl type rdata +# name ttl type rdata +# +# Note that this data will still be sent with any request for +# pattern, only this data will be signed. Currently, this is only +# done for TCP. + + +use IO::File; +use IO::Socket; +use Data::Dumper; +use Net::DNS; +use Net::DNS::Packet; +use strict; + +# Ignore SIGPIPE so we won't fail if peer closes a TCP socket early +local $SIG{PIPE} = 'IGNORE'; + +# Flush logged output after every line +local $| = 1; + +my $server_addr = "10.53.0.4"; + +my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => 5300, Proto => "udp", Reuse => 1) or die "$!"; + +my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => 5300, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; + +print "listening on $server_addr:5300.\n"; + +my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; +print $pidf "$$\n" or die "cannot write pid file: $!"; +$pidf->close or die "cannot close pid file: $!";; +sub rmpid { unlink "ans.pid"; exit 1; }; + +$SIG{INT} = \&rmpid; +$SIG{TERM} = \&rmpid; + +#my @answers = (); +my @rules; +sub handleUDP { + my ($buf) = @_; + + my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + + $packet->header->qr(1); + $packet->header->aa(1); + + my @questions = $packet->question; + my $qname = $questions[0]->qname; + my $qtype = $questions[0]->qtype; + + # get the existing signature if any, and clear the additional section + my $prev_tsig; + while (my $rr = $packet->pop("additional")) { + if ($rr->type eq "TSIG") { + $prev_tsig = $rr; + } + } + + my $r; + foreach $r (@rules) { + my $pattern = $r->{pattern}; + my($dbtype, $key_name, $key_data) = split(/ /,$pattern); + print "[handleUDP] $dbtype, $key_name, $key_data \n"; + if ("$qname $qtype" =~ /$dbtype/) { + my $a; + foreach $a (@{$r->{answer}}) { + $packet->push("answer", $a); + } + if(defined($key_name) && defined($key_data)) { + # Sign the packet + print " Signing the response with " . + "$key_name/$key_data\n"; + my $tsig = Net::DNS::RR-> + new("$key_name TSIG $key_data"); + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {}; + $packet->{"header"}{"arcount"} += 1; + if (defined($prev_tsig)) { + my $rmac = pack('n H*', + $prev_tsig->mac_size, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } + + $packet->sign_tsig($tsig); + } + last; + } + } + #$packet->print; + + return $packet->data; +} + +# namelen: +# given a stream of data, reads a DNS-formatted name and returns its +# total length, thus making it possible to skip past it. +sub namelen { + my ($data) = @_; + my $len = 0; + my $label_len = 0; + do { + $label_len = unpack("c", $data); + $data = substr($data, $label_len + 1); + $len += $label_len + 1; + } while ($label_len != 0); + return ($len); +} + +# packetlen: +# given a stream of data, reads a DNS wire-format packet and returns +# its total length, making it possible to skip past it. +sub packetlen { + my ($data) = @_; + my $q; + my $rr; + + my ($header, $offset) = Net::DNS::Header->parse(\$data); + for (1 .. $header->qdcount) { + ($q, $offset) = Net::DNS::Question->parse(\$data, $offset); + } + for (1 .. $header->ancount) { + ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + for (1 .. $header->nscount) { + ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + for (1 .. $header->arcount) { + ($rr, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + return $offset; +} + +# sign_tcp_continuation: +# This is a hack to correct the problem that Net::DNS has no idea how +# to sign multiple-message TCP responses. Several data that are included +# in the digest when signing a query or the first message of a response are +# omitted when signing subsequent messages in a TCP stream. +# +# Net::DNS::Packet->sign_tsig() has the ability to use a custom signing +# function (specified by calling Packet->sign_func()). We use this +# function as the signing function for TCP continuations, and it removes +# the unwanted data from the digest before calling the default sign_hmac +# function. +sub sign_tcp_continuation { + my ($key, $data) = @_; + + # copy out first two bytes: size of the previous MAC + my $rmacsize = unpack("n", $data); + $data = substr($data, 2); + + # copy out previous MAC + my $rmac = substr($data, 0, $rmacsize); + $data = substr($data, $rmacsize); + + # try parsing out the packet information + my $plen = packetlen($data); + my $pdata = substr($data, 0, $plen); + $data = substr($data, $plen); + + # remove the keyname, ttl, class, and algorithm name + $data = substr($data, namelen($data)); + $data = substr($data, 6); + $data = substr($data, namelen($data)); + + # preserve the TSIG data + my $tdata = substr($data, 0, 8); + + # prepare a new digest and sign with it + $data = pack("n", $rmacsize) . $rmac . $pdata . $tdata; + return Net::DNS::RR::TSIG::sign_hmac($key, $data); +} + +sub handleTCP { + my ($buf) = @_; + + my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + + $packet->header->qr(1); + $packet->header->aa(1); + + my @questions = $packet->question; + my $qname = $questions[0]->qname; + my $qtype = $questions[0]->qtype; + + # get the existing signature if any, and clear the additional section + my $prev_tsig; + my $signer; + while (my $rr = $packet->pop("additional")) { + if ($rr->type eq "TSIG") { + $prev_tsig = $rr; + } + } + + my @results = (); + my $count_these = 0; + + my $r; + foreach $r (@rules) { + my $pattern = $r->{pattern}; + my($dbtype, $key_name, $key_data) = split(/ /,$pattern); + print "[handleTCP] $dbtype, $key_name, $key_data \n"; + if ("$qname $qtype" =~ /$dbtype/) { + $count_these++; + my $a; + foreach $a (@{$r->{answer}}) { + $packet->push("answer", $a); + } + if(defined($key_name) && defined($key_data)) { + # sign the packet + print " Signing the data with " . + "$key_name/$key_data\n"; + + my $tsig = Net::DNS::RR-> + new("$key_name TSIG $key_data"); + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {}; + $packet->{"header"}{"arcount"} += 1; + if (defined($prev_tsig)) { + my $rmac = pack('n H*', + $prev_tsig->mac_size, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } + + $tsig->sign_func($signer) if defined($signer); + $packet->sign_tsig($tsig); + $signer = \&sign_tcp_continuation; + + my $copy = + Net::DNS::Packet->new(\($packet->data)); + $prev_tsig = $copy->pop("additional"); + } + #$packet->print; + push(@results,$packet->data); + $packet = new Net::DNS::Packet(\$buf, 0); + $packet->header->qr(1); + $packet->header->aa(1); + } + } + print " A total of $count_these patterns matched\n"; + return \@results; +} + +# Main +my $rin; +my $rout; +for (;;) { + $rin = ''; + vec($rin, fileno($tcpsock), 1) = 1; + vec($rin, fileno($udpsock), 1) = 1; + + select($rout = $rin, undef, undef, undef); + + if (vec($rout, fileno($udpsock), 1)) { + printf "UDP request\n"; + my $buf; + $udpsock->recv($buf, 512); + } elsif (vec($rout, fileno($tcpsock), 1)) { + my $conn = $tcpsock->accept; + my $buf; + for (;;) { + my $lenbuf; + my $n = $conn->sysread($lenbuf, 2); + last unless $n == 2; + my $len = unpack("n", $lenbuf); + $n = $conn->sysread($buf, $len); + } + sleep(1); + } +} diff --git a/bin/tests/system/upforwd/ns3/named.conf b/bin/tests/system/upforwd/ns3/named.conf index c634871e..61af892d 100644 --- a/bin/tests/system/upforwd/ns3/named.conf +++ b/bin/tests/system/upforwd/ns3/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.10 2007-06-18 23:47:31 tbox Exp $ */ +/* $Id: named.conf,v 1.13 2011-09-02 02:25:07 marka Exp $ */ controls { /* empty */ }; @@ -38,3 +38,10 @@ zone "example" { allow-update-forwarding { any; }; masters { 10.53.0.1; }; }; + +zone "nomaster" { + type slave; + file "nomaster1.db"; + allow-update-forwarding { any; }; + masters { 10.53.0.4; }; +}; diff --git a/bin/tests/system/upforwd/ns3/nomaster.db b/bin/tests/system/upforwd/ns3/nomaster.db new file mode 100644 index 00000000..07748deb --- /dev/null +++ b/bin/tests/system/upforwd/ns3/nomaster.db @@ -0,0 +1,19 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nomaster.db,v 1.3 2011-08-31 23:46:44 tbox Exp $ + +@ 0 SOA . . 141235 3600 1200 86400 1200 +@ 0 NS ns4 +ns4 0 A 10.53.0.4 diff --git a/bin/tests/system/upforwd/setup.sh b/bin/tests/system/upforwd/setup.sh index 77838efe..a972febf 100644 --- a/bin/tests/system/upforwd/setup.sh +++ b/bin/tests/system/upforwd/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,8 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.8 2007-06-19 23:47:06 tbox Exp $ +# $Id: setup.sh,v 1.10 2011-09-02 23:46:32 tbox Exp $ cp -f ns1/example1.db ns1/example.db rm -f ns1/example.db.jnl ns2/example.bk ns2/example.bk.jnl +cp -f ns3/nomaster.db ns3/nomaster1.db diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh index 2eb3b30e..cc12e26b 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.10 2007-06-19 23:47:06 tbox Exp $ +# $Id: tests.sh,v 1.12 2011-08-31 23:46:43 tbox Exp $ # ns1 = stealth master # ns2 = slave with update forwarding disabled; not currently used @@ -99,5 +99,26 @@ $PERL ../digcomp.pl knowngood.after2 dig.out.ns1 || status=1 $PERL ../digcomp.pl knowngood.after2 dig.out.ns2 || status=1 $PERL ../digcomp.pl knowngood.after2 dig.out.ns3 || status=1 +echo "I:checking update forwarding to dead master" +count=0 +ret=0 +while [ $count -lt 5 -a $ret -eq 0 ] +do +( +$NSUPDATE -- - <<EOF +server 10.53.0.3 5300 +zone nomaster +update add unsigned.nomaster. 600 A 10.10.10.1 +update add unsigned.nomaster. 600 TXT Foo +send +EOF +) > /dev/null 2>&1 & + $DIG +notcp +noadd +noauth nomaster.\ + @10.53.0.3 soa -p 5300 > dig.out.ns3 || ret=1 + grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 + count=`expr $count + 1` +done +if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi + echo "I:exit status: $status" exit $status |