diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:45:10 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:45:10 -0600 |
| commit | cf94dd77f7578bef7bc0ff3feac9aaa548180641 (patch) | |
| tree | 02b5994fd9a1c51c845f2f094bbe3a48b89b35fa /bin/tests | |
| parent | 15c17fb71db9b8f876da1be5e6ddbba25ce61aba (diff) | |
| download | bind9-cf94dd77f7578bef7bc0ff3feac9aaa548180641.tar.gz | |
9.9.0a3
Diffstat (limited to 'bin/tests')
35 files changed, 1053 insertions, 324 deletions
diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c index 13d76295..291fe447 100644 --- a/bin/tests/system/dlzexternal/driver.c +++ b/bin/tests/system/dlzexternal/driver.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: driver.c,v 1.5 2011-03-21 00:30:18 marka Exp $ */ +/* $Id: driver.c,v 1.8 2011-10-11 13:36:12 marka Exp $ */ /* * This provides a very simple example of an external loadable DLZ @@ -29,6 +29,7 @@ #include <stdarg.h> #include <isc/log.h> +#include <isc/print.h> #include <isc/result.h> #include <isc/types.h> #include <isc/util.h> @@ -152,7 +153,33 @@ del_name(struct dlz_example_data *state, struct record *list, return (ISC_R_SUCCESS); } +static isc_result_t +fmt_address(isc_sockaddr_t *addr, char *buffer, size_t size) { + char addr_buf[100]; + const char *ret; + isc_uint16_t port = 0; + + switch (addr->type.sa.sa_family) { + case AF_INET: + port = ntohs(addr->type.sin.sin_port); + ret = inet_ntop(AF_INET, &addr->type.sin.sin_addr, addr_buf, + sizeof(addr_buf)); + break; + case AF_INET6: + port = ntohs(addr->type.sin6.sin6_port); + ret = inet_ntop(AF_INET6, &addr->type.sin6.sin6_addr, addr_buf, + sizeof(addr_buf)); + break; + default: + return (ISC_R_FAILURE); + } + if (ret == NULL) + return (ISC_R_FAILURE); + + snprintf(buffer, size, "%s#%u", addr_buf, port); + return (ISC_R_SUCCESS); +} /* * Return the version of the API @@ -260,17 +287,18 @@ dlz_findzonedb(void *dbdata, const char *name) { return (ISC_R_NOTFOUND); } - - /* * Look up one record */ isc_result_t dlz_lookup(const char *zone, const char *name, void *dbdata, - dns_sdlzlookup_t *lookup) + dns_sdlzlookup_t *lookup, dns_clientinfomethods_t *methods, + dns_clientinfo_t *clientinfo) { + isc_result_t result; struct dlz_example_data *state = (struct dlz_example_data *)dbdata; isc_boolean_t found = ISC_FALSE; + isc_sockaddr_t *src; char full_name[100]; int i; @@ -281,21 +309,39 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, else sprintf(full_name, "%s.%s", name, state->zone_name); + if (strcmp(name, "source-addr") == 0) { + char buf[100]; + strcpy(buf, "unknown"); + if (methods != NULL && + methods->version - methods->age >= + DNS_CLIENTINFOMETHODS_VERSION) + { + methods->sourceip(clientinfo, &src); + fmt_address(src, buf, sizeof(buf)); + } + + fprintf(stderr, "connection from: %s\n", buf); + + found = ISC_TRUE; + result = state->putrr(lookup, "TXT", 0, buf); + if (result != ISC_R_SUCCESS) + return (result); + } + for (i = 0; i < MAX_RECORDS; i++) { if (strcasecmp(state->current[i].name, full_name) == 0) { - isc_result_t result; found = ISC_TRUE; result = state->putrr(lookup, state->current[i].type, state->current[i].ttl, state->current[i].data); - if (result != ISC_R_SUCCESS) { + if (result != ISC_R_SUCCESS) return (result); - } } } if (!found) return (ISC_R_NOTFOUND); + return (ISC_R_SUCCESS); } diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index e8a46f9c..3272b8b5 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -52,4 +52,12 @@ status=`expr $status + $ret` test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 status=`expr $status + $ret` +echo "I:testing passing client info into DLZ driver" +ret=0 +out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil` +addr=`eval echo $out | cut -f1 -d'#'` +[ "$addr" = "10.53.0.1" ] || ret=1 +[ "$ret" -eq 0 ] || echo "I:failed" +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 12a0428b..2ced443c 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.42 2011-05-23 20:10:02 each Exp $ +# $Id: clean.sh,v 1.43 2011-10-11 19:26:06 each Exp $ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk @@ -46,6 +46,7 @@ rm -f ns3/secure.optout.example.db rm -f */named.secroots rm -f ns1/managed.key.id rm -f signer/example.db +rm -f signer/signer.out.1 signer/signer.out.2 rm -f ns2/algroll.db rm -f ns3/kskonly.example.db rm -f ns4/named.conf diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 9ddd5184..ccebaa29 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.93 2011-09-02 21:55:16 each Exp $ +# $Id: tests.sh,v 1.97 2011-10-11 19:26:06 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -982,11 +982,13 @@ cd signer cat example.db.in $key1.key $key2.key > example.db $SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1 awk '/^IQF9LQTLK/ { - printf("%s ", $0); - getline; - printf ("%s ", $0); - getline; - print; + printf("%s", $0); + while (!index($0, ")")) { + if (getline <= 0) + break; + printf (" %s", $0); + } + printf("\n"); }' example.db | sed 's/[ ][ ]*/ /g' > nsec3param.out grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - ( IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM )" nsec3param.out > /dev/null @@ -1048,6 +1050,26 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking dnssec-signzone retains unexpired signatures ($n)" +ret=0 +( +cd signer +$SIGNER -Sxt -o example example.db > signer.out.1 2>&1 +$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2 2>&1 +) || ret=1 +gen1=`awk '/generated/ {print $3}' signer/signer.out.1` +retain1=`awk '/retained/ {print $3}' signer/signer.out.1` +drop1=`awk '/dropped/ {print $3}' signer/signer.out.1` +gen2=`awk '/generated/ {print $3}' signer/signer.out.2` +retain2=`awk '/retained/ {print $3}' signer/signer.out.2` +drop2=`awk '/dropped/ {print $3}' signer/signer.out.2` +[ "$retain2" -eq `expr "$gen1" + "$retain1"` ] || ret=1 +[ "$gen2" -eq 0 ] || ret=1 +[ "$drop2" -eq 0 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking validated data are not cached longer than originalttl ($n)" ret=0 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 diff --git a/bin/tests/system/forward/ns5/named.conf b/bin/tests/system/forward/ns5/named.conf new file mode 100644 index 00000000..92cc3117 --- /dev/null +++ b/bin/tests/system/forward/ns5/named.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2011-10-13 22:48:23 tbox Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + forward only; + forwarders { 10.53.0.4; }; +}; + +zone "." { + type hint; + file "root.db"; +}; diff --git a/bin/tests/system/forward/ns5/root.db b/bin/tests/system/forward/ns5/root.db new file mode 100644 index 00000000..422250b3 --- /dev/null +++ b/bin/tests/system/forward/ns5/root.db @@ -0,0 +1,35 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: root.db,v 1.3 2011-10-13 22:48:23 tbox Exp $ + +$TTL 300 +. IN SOA gson.nominum.com. a.root.servers.nil. ( + 2000042100 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +example1 NS ns.example1 +ns.example1 A 10.53.0.1 + +example2 NS ns.example2 +ns.example2 A 10.53.0.1 + +example3 NS ns.example3 +ns.example3 A 10.53.0.1 diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh index fbb30a17..9d2d32ad 100644 --- a/bin/tests/system/forward/tests.sh +++ b/bin/tests/system/forward/tests.sh @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.7 2007-06-19 23:47:03 tbox Exp $ +# $Id: tests.sh,v 1.9 2011-10-13 22:48:23 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -88,5 +88,18 @@ grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking for negative caching of forwarder response" +# prime the cache, shutdown the forwarder then check that we can +# get the answer from the cache. restart forwarder. +ret=0 +$DIG nonexist. txt @10.53.0.5 -p 5300 > dig.out.f2 || ret=1 +grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1 +$PERL ../stop.pl . ns4 || ret=1 +$DIG nonexist. txt @10.53.0.5 -p 5300 > dig.out.f2 || ret=1 +grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1 +$PERL ../start.pl --restart --noclean . ns4 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index f36b1d12..f67a88b3 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -12,16 +12,30 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ +# $Id: clean.sh,v 1.3 2011-10-12 00:10:19 marka Exp $ rm -f */named.memstats rm -f */named.run rm -f */trusted.conf rm -f ns2/bits.db +rm -f ns2/bits.db.jnl rm -f ns3/K* rm -f ns3/bits.bk rm -f ns3/bits.bk.jnl rm -f ns3/bits.bk.signed rm -f ns3/bits.bk.signed.jnl +rm -f ns3/noixfr.bk +rm -f ns3/noixfr.bk.jnl +rm -f ns3/noixfr.bk.signed +rm -f ns3/noixfr.bk.signed.jnl +rm -f ns4/K* rm -f ns4/noixfr.db +rm -f ns4/noixfr.db.jnl +rm -f ns5/K* +rm -f ns5/named.conf +rm -f ns5/bits.bk +rm -f ns5/bits.bk.jnl +rm -f ns5/bits.bk.signed +rm -f ns5/bits.bk.signed.jnl rm -f random.data +rm -f dig.out.ns*.test* diff --git a/bin/tests/system/inline/ns5/named.conf.post b/bin/tests/system/inline/ns5/named.conf.post new file mode 100644 index 00000000..02919b9e --- /dev/null +++ b/bin/tests/system/inline/ns5/named.conf.post @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf.post,v 1.2 2011-10-12 00:10:19 marka Exp $ */ + +// NS5 + +include "../../common/rndc.key"; + +controls { inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; }; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + notify-delay 0; +}; + +zone "bits" { + type slave; + masters { 10.53.0.2; }; + file "bits.bk"; + auto-dnssec maintain; + inline-signing yes; +}; diff --git a/bin/tests/system/inline/ns5/named.conf.pre b/bin/tests/system/inline/ns5/named.conf.pre new file mode 100644 index 00000000..0de06f81 --- /dev/null +++ b/bin/tests/system/inline/ns5/named.conf.pre @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf.pre,v 1.2 2011-10-12 00:10:20 marka Exp $ */ + +// NS5 + +include "../../common/rndc.key"; + +controls { inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; }; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + notify-delay 0; +}; + +zone "bits" { + type slave; + masters { 10.53.0.2; }; + file "bits.bk"; +}; diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh index c1007d77..d7f6b3e5 100644 --- a/bin/tests/system/inline/setup.sh +++ b/bin/tests/system/inline/setup.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ +# $Id: setup.sh,v 1.3 2011-10-12 00:10:19 marka Exp $ sh clean.sh @@ -34,6 +34,8 @@ rm -f ns3/noixfr.bk.jnl rm -f ns3/noixfr.bk.signed rm -f ns3/noixfr.bk.signed.jnl +cp ns5/named.conf.pre ns5/named.conf + ../../../tools/genrandom 400 random.data (cd ns3; sh -e sign.sh) diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 73bf5262..4b84e147 100644 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -14,12 +14,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2 2011-08-30 23:46:52 tbox Exp $ +# $Id: tests.sh,v 1.3 2011-10-12 00:10:19 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh DIGOPTS="+tcp +dnssec" +RANDFILE=random.data status=0 n=0 @@ -326,4 +327,27 @@ done if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo "I:checking turning on of inline signing in a slave zone via reload ($n)" +$DIG $DIGOPTS @10.53.0.5 -p 5300 +dnssec bits SOA > dig.out.ns5.test$n +grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:setup broken"; fi +status=`expr $status + $ret` +cp ns5/named.conf.post ns5/named.conf +(cd ns5; $KEYGEN -q -r ../$RANDFILE bits) > /dev/null 2>&1 +(cd ns5; $KEYGEN -q -r ../$RANDFILE -f KSK bits) > /dev/null 2>&1 +$RNDC -c ../common/rndc.conf -s 10.53.0.5 -p 9953 reload 2>&1 | sed 's/^/I:ns5 /' +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG $DIGOPTS @10.53.0.5 -p 5300 bits SOA > dig.out.ns5.test$n + grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 + grep "ANSWER: 2," dig.out.ns5.test$n > /dev/null || ret=1 + if [ $ret = 0 ]; then break; fi + sleep 1 +done +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/resolver/ns7/named.args b/bin/tests/system/resolver/ns7/named.args new file mode 100644 index 00000000..e4eeccb5 --- /dev/null +++ b/bin/tests/system/resolver/ns7/named.args @@ -0,0 +1,2 @@ +# this server runs named with the "-T clienttest" option omitted +-m record,size,mctx -c named.conf -d 99 -g diff --git a/bin/tests/system/rpz/clean.sh b/bin/tests/system/rpz/clean.sh index 45080b7b..2008de1c 100644 --- a/bin/tests/system/rpz/clean.sh +++ b/bin/tests/system/rpz/clean.sh @@ -12,11 +12,11 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.3 2011-01-13 04:59:24 tbox Exp $ +# $Id: clean.sh,v 1.4 2011-10-13 01:32:32 vjs Exp $ # Clean up after rpz tests. -rm -f dig.out* nsupdate.tmp -rm -f */named.memstats */named.run */session.key -rm -f ns3/bl*.db */*.jnl +rm -f proto.* dig.out* nsupdate.tmp +rm -f */named.memstats */named.run */named.rpz */session.key +rm -f ns3/bl*.db */*.jnl */*.core */*.pid diff --git a/bin/tests/system/rpz/ns1/root.db b/bin/tests/system/rpz/ns1/root.db index f27372b6..aa209311 100644 --- a/bin/tests/system/rpz/ns1/root.db +++ b/bin/tests/system/rpz/ns1/root.db @@ -12,17 +12,24 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db,v 1.3 2011-01-13 04:59:24 tbox Exp $ +; $Id: root.db,v 1.4 2011-10-13 01:32:33 vjs Exp $ $TTL 120 -@ SOA s1. hostmaster.ns.s1. ( 1 3600 1200 604800 60 ) -@ NS s1 -s1. A 10.53.0.1 +@ SOA ns. hostmaster.ns. ( 1 3600 1200 604800 60 ) +@ NS ns. +ns. A 10.53.0.1 +. A 10.53.0.1 ; rewrite responses from this zone tld2. NS ns.tld2. ns.tld2. A 10.53.0.2 +ns2.tld2. A 10.53.0.2 ; requests come from here tld3. NS ns.tld3. ns.tld3. A 10.53.0.3 + +; rewrite responses from this zone +tld4. NS ns.tld4. +ns.tld4. A 10.53.0.4 +ns2.tld4. A 10.53.0.4 diff --git a/bin/tests/system/rpz/ns2/hints b/bin/tests/system/rpz/ns2/hints index 69ab18ca..2218602b 100644 --- a/bin/tests/system/rpz/ns2/hints +++ b/bin/tests/system/rpz/ns2/hints @@ -12,7 +12,8 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: hints,v 1.3 2011-01-13 04:59:25 tbox Exp $ +; $Id: hints,v 1.4 2011-10-13 01:32:33 vjs Exp $ -. 0 NS s1. -s1. 0 A 10.53.0.1 + +. 0 NS ns1. +ns1. 0 A 10.53.0.1 diff --git a/bin/tests/system/rpz/ns2/named.conf b/bin/tests/system/rpz/ns2/named.conf index f7e4e1b2..bed5187f 100644 --- a/bin/tests/system/rpz/ns2/named.conf +++ b/bin/tests/system/rpz/ns2/named.conf @@ -14,7 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.3 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: named.conf,v 1.4 2011-10-13 01:32:33 vjs Exp $ */ + controls { /* empty */ }; @@ -32,6 +33,10 @@ options { zone "." { type hint; file "hints"; }; -zone "tld2." {type master; file "tld2.db";}; -zone "sub1.tld2." {type master; file "tld2.db";}; -zone "sub2.sub1.tld2." {type master; file "tld2.db";}; +zone "tld2." {type master; file "tld2.db";}; +zone "sub1.tld2." {type master; file "tld2.db";}; +zone "subsub.sub1.tld2." {type master; file "tld2.db";}; +zone "sub2.tld2." {type master; file "tld2.db";}; +zone "subsub.sub2.tld2." {type master; file "tld2.db";}; +zone "sub3.tld2." {type master; file "tld2.db";}; +zone "subsub.sub3.tld2." {type master; file "tld2.db";}; diff --git a/bin/tests/system/rpz/ns2/tld2.db b/bin/tests/system/rpz/ns2/tld2.db index 22e6f5f1..2723425c 100644 --- a/bin/tests/system/rpz/ns2/tld2.db +++ b/bin/tests/system/rpz/ns2/tld2.db @@ -12,46 +12,106 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: tld2.db,v 1.3 2011-01-13 04:59:25 tbox Exp $ +; $Id: tld2.db,v 1.4 2011-10-13 01:32:33 vjs Exp $ + ; RPZ rewrite responses from this zone $TTL 120 @ SOA tld2. hostmaster.ns.tld2. ( 1 3600 1200 604800 60 ) - NS @ - A 10.53.0.2 + NS ns + NS ns2 + NS . ; check for RT 24985 +ns A 10.53.0.2 +ns2 A 10.53.0.2 + + +txt-only TXT "txt-only-tld2" -nodata TXT "nodata" a12 A 12.12.12.12 + AAAA 2001::12 + TXT "a12 tld2 text" +a12-cname CNAME a12 a0-1 A 192.168.0.1 AAAA 2001:2::1 - TXT "a0-1 text" + TXT "a0-1 tld2 text" a3-1 A 192.168.3.1 AAAA 2001:2:3::1 - TXT "a3-1 text" + TXT "a3-1 tld2 text" a3-2 A 192.168.3.2 AAAA 2001:2:3::2 - TXT "a3-2 text" + TXT "a3-2 tld2 text" + +a3-3 A 192.168.3.3 + AAAA 2001:2:3::3 + TXT "a3-3 tld2 text" + +a3-4 A 192.168.3.4 + AAAA 2001:2:3::4 + TXT "a3-4 tld2 text" + +a3-5 A 192.168.3.5 + AAAA 2001:2:3::5 + TXT "a3-5 tld2 text" + +a3-6 A 192.168.3.6 + AAAA 2001:2:3::6 + TXT "a3-6 tld2 text" + +a3-7 A 192.168.3.7 + AAAA 2001:2:3::7 + TXT "a3-7 tld2 text" + +a3-8 A 192.168.3.8 + AAAA 2001:2:3::8 + TXT "a3-8 tld2 text" + +a3-9 A 192.168.3.9 + AAAA 2001:2:3::9 + TXT "a3-9 tld2 text" a4-1 A 192.168.4.1 AAAA 2001:2:4::1 - TXT "a4-1 text" + TXT "a4-1 tld2 text" a4-1-aaaa AAAA 2001:2:4::1 a4-2 A 192.168.4.2 AAAA 2001:2:4::2 - TXT "a4-2 text" + TXT "a4-2 tld2 text" +a4-2-cname CNAME a4-2 a4-3 A 192.168.4.3 AAAA 2001:2:4::3 - TXT "a4-3 text" + TXT "a4-3 tld2 text" +a4-3-cname CNAME a4-3 a4-4 A 192.168.4.4 AAAA 2001:2:4::4 - TXT "a4-4 text" + TXT "a4-4 tld2 text" + +a4-5 A 192.168.4.5 + AAAA 2001:2:4::5 + TXT "a4-5 tld2 text" +a4-5-cname CNAME a4-5 +a4-5-cname2 CNAME a4-5-cname +a4-5-cname3 CNAME a4-5-cname2 + +a4-6 A 192.168.4.6 + AAAA 2001:2:4::6 + TXT "a4-6 tld2 text" +a4-6-cname CNAME a4-6 +a4-6-cname2 CNAME a4-6-cname +a4-6-cname3 CNAME a4-6-cname2 + +a5-1-2 A 192.168.5.1 + A 192.168.5.2 + TXT "a5-1-2 tld2 text" -a4-5 CNAME a12 +a5-3 A 192.168.5.3 + TXT "a5-3 tld2 text" +a5-4 A 192.168.5.4 + TXT "a5-4 tld2 text" diff --git a/bin/tests/system/rpz/ns3/base.db b/bin/tests/system/rpz/ns3/base.db index 0b3b176e..7ceff0d8 100644 --- a/bin/tests/system/rpz/ns3/base.db +++ b/bin/tests/system/rpz/ns3/base.db @@ -12,13 +12,15 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: base.db,v 1.5 2011-06-09 00:42:50 marka Exp $ +; $Id: base.db,v 1.6 2011-10-13 01:32:33 vjs Exp $ + ; RPZ test $TTL 120 -@ SOA tld3. hostmaster.ns.tld3. ( 1 3600 1200 604800 60 ) -@ NS ns.utld. +@ SOA blx. hostmaster.ns.blx. ( 1 3600 1200 604800 60 ) + NS ns.tld. +ns A 10.53.0.3 ; Poke the radix tree a little. 128.1111.2222.3333.4444.5555.6666.7777.8888.rpz-ip CNAME . @@ -30,7 +32,8 @@ $TTL 120 128.zz.3333.4444.0.8777.8888.rpz-ip CNAME . 127.zz.3333.4444.0.8777.8888.rpz-ip CNAME . -; for testing rrset replacement + +; regression testing for some old crashes redirect IN A 127.0.0.1 *.redirect IN A 127.0.0.1 -*.cname-redirect IN CNAME google.com. +*.credirect IN CNAME google.com. diff --git a/bin/tests/system/rpz/ns3/crash1 b/bin/tests/system/rpz/ns3/crash1 new file mode 100644 index 00000000..d8c65c34 --- /dev/null +++ b/bin/tests/system/rpz/ns3/crash1 @@ -0,0 +1,22 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: crash1,v 1.2 2011-10-13 04:53:06 marka Exp $ + +; a bad zone that caused a crash related to dns_rdataset_disassociate() + +$TTL 120 +@ SOA crash1.tld2. hostmaster.ns.tld2. ( 1 3600 1200 604800 60 ) + + NS tld2. diff --git a/bin/tests/system/rpz/ns3/hints b/bin/tests/system/rpz/ns3/hints index 69ab18ca..2218602b 100644 --- a/bin/tests/system/rpz/ns3/hints +++ b/bin/tests/system/rpz/ns3/hints @@ -12,7 +12,8 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: hints,v 1.3 2011-01-13 04:59:25 tbox Exp $ +; $Id: hints,v 1.4 2011-10-13 01:32:33 vjs Exp $ -. 0 NS s1. -s1. 0 A 10.53.0.1 + +. 0 NS ns1. +ns1. 0 A 10.53.0.1 diff --git a/bin/tests/system/rpz/ns3/named.conf b/bin/tests/system/rpz/ns3/named.conf index 86aae6e0..4463f8af 100644 --- a/bin/tests/system/rpz/ns3/named.conf +++ b/bin/tests/system/rpz/ns3/named.conf @@ -14,9 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.3 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: named.conf,v 1.4 2011-10-13 01:32:33 vjs Exp $ */ -controls { /* empty */ }; options { query-source address 10.53.0.3; @@ -31,47 +30,62 @@ options { response-policy { zone "bl"; - zone "bl-given" policy given; - zone "bl-no-op" policy no-op; - zone "bl-nodata" policy nodata; - zone "bl-nxdomain" policy nxdomain; - zone "bl-cname" policy cname nodata.tld2.; + zone "bl-2"; + zone "bl-given" policy given; + zone "bl-passthru" policy passthru; + zone "bl-no-op" policy no-op; # obsolete for passthru + zone "bl-disabled" policy disabled; + zone "bl-nodata" policy nodata; + zone "bl-nxdomain" policy nxdomain; + zone "bl-cname" policy cname txt-only.tld2.; + zone "bl-wildcname" policy cname *.tld4.; + zone "bl-garden" policy cname a12.tld2.; }; }; key rndc_key { - secret "1234abcd8765"; - algorithm hmac-md5; + secret "1234abcd8765"; + algorithm hmac-md5; }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; }; logging { - category queries { default_stderr; }; + # change "-c named.conf -d 99 -g" to "-c named.conf -d 99 -f" + # in ../start.pl to check the rpz log category + channel rpz { severity debug 10; + print-category yes; print-time yes; print-severity yes; + file "named.rpz";}; + category rpz { default_stderr; rpz; }; + category queries { default_stderr; rpz; }; category query-errors { default_stderr; }; }; zone "." { type hint; file "hints"; }; +zone "bl." {type master; file "bl.db"; + allow-update {any;};}; +zone "bl-2." {type master; file "bl-2.db"; + allow-update {any;};}; +zone "bl-given." {type master; file "bl-given.db"; + allow-update {any;};}; +zone "bl-passthru." {type master; file "bl-passthru.db"; + allow-update {any;};}; +zone "bl-no-op." {type master; file "bl-no-op.db"; + allow-update {any;};}; +zone "bl-disabled." {type master; file "bl-disabled.db"; + allow-update {any;};}; +zone "bl-nodata." {type master; file "bl-nodata.db"; + allow-update {any;};}; +zone "bl-nxdomain." {type master; file "bl-nxdomain.db"; + allow-update {any;};}; +zone "bl-cname." {type master; file "bl-cname.db"; + allow-update {any;};}; +zone "bl-wildcname." {type master; file "bl-wildcname.db"; + allow-update {any;};}; +zone "bl-garden." {type master; file "bl-garden.db"; + allow-update {any;};}; -zone "bl." {type master; file "bl.db"; - allow-update {any;}; -}; -zone "bl-given." {type master; file "bl-given.db"; - allow-update {any;}; -}; -zone "bl-no-op." {type master; file "bl-no-op.db"; - allow-update {any;}; -}; -zone "bl-nodata." {type master; file "bl-nodata.db"; - allow-update {any;}; -}; -zone "bl-nxdomain." {type master; file "bl-nxdomain.db"; - allow-update {any;}; -}; -zone "bl-cname." {type master; file "bl-cname.db"; - allow-update {any;}; -}; - +zone "crash1.tld2" {type master; file "crash1";}; diff --git a/bin/tests/system/rpz/ns4/hints b/bin/tests/system/rpz/ns4/hints new file mode 100644 index 00000000..5d88ce0a --- /dev/null +++ b/bin/tests/system/rpz/ns4/hints @@ -0,0 +1,18 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: hints,v 1.2 2011-10-13 04:53:06 marka Exp $ + +. 0 NS ns1. +ns1. 0 A 10.53.0.1 diff --git a/bin/tests/system/rpz/ns4/named.conf b/bin/tests/system/rpz/ns4/named.conf new file mode 100644 index 00000000..d960de39 --- /dev/null +++ b/bin/tests/system/rpz/ns4/named.conf @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.2 2011-10-13 04:53:06 marka Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + notify no; +}; + +zone "." { type hint; file "hints"; }; + +zone "tld4." {type master; file "tld4.db";}; +zone "sub1.tld4." {type master; file "tld4.db";}; +zone "subsub.sub1.tld4." {type master; file "tld4.db";}; +zone "sub2.tld4." {type master; file "tld4.db";}; +zone "subsub.sub2.tld4." {type master; file "tld4.db";}; diff --git a/bin/tests/system/rpz/ns4/tld4.db b/bin/tests/system/rpz/ns4/tld4.db new file mode 100644 index 00000000..59834e4b --- /dev/null +++ b/bin/tests/system/rpz/ns4/tld4.db @@ -0,0 +1,73 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: tld4.db,v 1.2 2011-10-13 04:53:07 marka Exp $ + +; RPZ rewrite responses from this zone + +$TTL 120 +@ SOA tld4. hostmaster.ns.tld4. ( 1 3600 1200 604800 60 ) + NS ns + NS ns2 +ns A 10.53.0.4 +ns2 A 10.53.0.4 + + +txt-only TXT "txt-only-tld4" + +a14 A 14.14.14.14 + AAAA 2001::14 + TXT "a14 text" +a14-cname CNAME a14 + +a0-1 A 192.168.0.1 + AAAA 2001:2::1 + TXT "a0-1 text" + +a3-1 A 192.168.3.1 + AAAA 2001:2:3::1 + TXT "a3-1 text" + +a3-2 A 192.168.3.2 + AAAA 2001:2:3::2 + TXT "a3-2 text" + +a4-1 A 192.168.4.1 + AAAA 2001:2:4::1 + TXT "a4-1 text" +a4-1-aaaa AAAA 2001:2:4::1 + +a4-2 A 192.168.4.2 + AAAA 2001:2:4::2 + TXT "a4-2 text" +a4-2-cname CNAME a4-2 + +a4-3 A 192.168.4.3 + AAAA 2001:2:4::3 + TXT "a4-3 text" +a4-3-cname CNAME a4-3 + +a4-4 A 192.168.4.4 + AAAA 2001:2:4::4 + TXT "a4-4 text" + +a3-6.tld2 A 56.56.56.56 + +a3-7.sub1.tld2 A 57.57.57.57 + +a3-8.tld2 A 58.58.58.58 + +a3-9.sub9.tld2 A 59.59.59.59 + +a3-10.tld2 A 60.60.60.60 diff --git a/bin/tests/system/rpz/setup.sh b/bin/tests/system/rpz/setup.sh index 95937671..947b28a4 100644 --- a/bin/tests/system/rpz/setup.sh +++ b/bin/tests/system/rpz/setup.sh @@ -14,10 +14,11 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3 2011-01-13 04:59:24 tbox Exp $ +# $Id: setup.sh,v 1.4 2011-10-13 01:32:32 vjs Exp $ sh clean.sh -for NM in '' -given -no-op -nodata -nxdomain -cname; do - cp -f ns3/base.db ns3/bl$NM.db +# NO-OP is an obsolete synonym for PASSHTRU +for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden; do + sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db done diff --git a/bin/tests/system/rpz/test1 b/bin/tests/system/rpz/test1 index f665505a..c076c093 100644 --- a/bin/tests/system/rpz/test1 +++ b/bin/tests/system/rpz/test1 @@ -12,19 +12,64 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test1,v 1.5 2011-06-09 03:10:17 marka Exp $ +; $Id: test1,v 1.6 2011-10-13 01:32:32 vjs Exp $ +; Use comment lines instead of blank lines to combine update requests into +; single requests +; Separate update requests for distinct TLDs with blank lines or 'send' +; End the file with a blank line or 'send' + server 10.53.0.3 5300 +; QNAME tests + ; NXDOMAIN update add a0-1.tld2.bl. 300 CNAME . - +; ; NODATA -update add a1-1.tld2.bl. 300 CNAME *. -; and no assert-botch -update add a1-2.tld2.bl. 300 DNAME example.com. - -update add *.sub1.tld2.bl. 300 A 12.12.12.12 - +update add a3-1.tld2.bl. 300 CNAME *. +; and no assert-botch +; 5 +update add a3-2.tld2.bl. 300 DNAME example.com. +; +; NXDOMAIN for a4-2-cname.tld2 via its target a4-2.tld2. +; 6 and 7 +update add a4-2.tld2.bl 300 CNAME . +; 8 +; NODATA for a4-3-cname.tld2 via its target a4-3.tld2. +update add a4-3.tld2.bl 300 CNAME *. +; +; replace the A for a4-1.sub1.tld2 with 12.12.12.12 +; 9 +update add a4-1.sub1.tld2.bl. 300 A 12.12.12.12 +; +; replace the A for *.sub2.tld2 with 12.12.12.12 +; 10 +update add a4-1.sub2.tld2.bl. 300 A 12.12.12.12 +; +; replace NXDOMAIN for {nxc1,nxc2}.sub1.tld2 with 12.12.12.12 using CNAMEs +; 11 +update add nxc1.sub1.tld2.bl. 300 CNAME a12.tld2. +; 12 +update add nxc2.sub1.tld2.bl. 300 CNAME a12-cname.tld2. +; +; prefer the first conflicting zone +; 13 +update add a4-4.tld2.bl. 300 A 127.0.0.1 +send +update add a4-4.tld2.bl-2. 300 A 127.0.0.2 +send +; +; wildcard CNAME +; 14 +update add a3-6.tld2.bl. 300 CNAME *.tld4. +; 15 +update add *.sub1.tld2.bl. 300 CNAME *.tld4. +; CNAME chains +; 16 +update add a4-5.tld2.bl. 300 A 127.0.0.16 +; 17 +update add a4-6.tld2.bl. 300 CNAME . +update add a4-6-cname.tld2.bl. 300 A 127.0.0.17 send diff --git a/bin/tests/system/rpz/test2 b/bin/tests/system/rpz/test2 index 76815972..6d18ab97 100644 --- a/bin/tests/system/rpz/test2 +++ b/bin/tests/system/rpz/test2 @@ -12,24 +12,47 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test2,v 1.4 2011-01-13 19:30:41 each Exp $ +; $Id: test2,v 1.5 2011-10-13 01:32:32 vjs Exp $ +; Use comment lines instead of blank lines to combine update requests into +; single requests +; Separate update requests for distinct TLDs with blank lines or 'send' +; End the file with a blank line or 'send' + +; IP tests + server 10.53.0.3 5300 ; NODATA a3-1.tld2 update add 32.1.3.168.192.rpz-ip.bl 300 CNAME *. - -; NXDOMAIN for network of a4-1.tld2 +; +; NXDOMAIN for 192.168.4.0/24, the network of a4-1.tld2 update add 24.0.4.168.192.rpz-ip.bl 300 CNAME . - +; ; poke hole in NXDOMAIN CIDR block to leave a4-1.tld2 unchanged update add 32.1.4.168.192.rpz-ip.bl 300 CNAME 32.1.4.168.192 - -; NODATA a4-3.tld2 +; +; NODATA for a4-3.tld2 update add 32.3.4.168.192.rpz-ip.bl 300 CNAME *. - +; ; NXDOMAIN for IPv6 a3-1.tld2 update add 128.1.zz.3.2.2001.rpz-ip.bl 300 CNAME . - +; +; apply the policy with the lexically smallest address of 192.168.5.1 +; to an RRset of more than one A RR +update add 32.1.5.168.192.rpz-ip.bl 300 A 127.0.0.1 +update add 32.2.5.168.192.rpz-ip.bl 300 A 127.0.0.2 +; +; prefer first conflicting IP zone for a5-3.tld2 +update add 32.3.5.168.192.rpz-ip.bl 300 A 127.0.0.1 +send +update add 32.3.5.168.192.rpz-ip.bl-2 300 A 127.0.0.2 send + +; prefer QNAME to IP for a5-4.tld2 +update add 32.4.5.168.192.rpz-ip.bl 300 CNAME a12.tld2. +update add a5-4.tld2.bl 300 CNAME a14.tld4. + +; wildcard CNAMEs +;update add diff --git a/bin/tests/system/rpz/test3 b/bin/tests/system/rpz/test3 index 05759aaf..0ecebea7 100644 --- a/bin/tests/system/rpz/test3 +++ b/bin/tests/system/rpz/test3 @@ -12,11 +12,33 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test3,v 1.4 2011-01-13 19:30:41 each Exp $ +; $Id: test3,v 1.5 2011-10-13 01:32:32 vjs Exp $ -server 10.53.0.3 5300 +; Use comment lines instead of blank lines to combine update requests into +; single requests +; Separate update requests for distinct TLDs with blank lines or 'send' +; End the file with a blank line or 'send' + +; NSDNAME tests -update add *.tld2.rpz-nsdname.bl. 300 CNAME . +server 10.53.0.3 5300 +; NXDOMAIN for *.sub1.tld2 by NSDNAME +update add *.sub1.tld2.rpz-nsdname.bl. 300 CNAME . +; +; walled garden for *.sub2.tld2 +update add *.sub2.tld2.rpz-nsdname.bl. 300 CNAME a12-cname.tld2. +; +; exempt a3-2.tld2 and anything in 192.168.0.0/24 +; also checks that IP policies are preferred over NSDNAME policies +update add a3-2.tld2.bl 300 CNAME a3-2.tld2. +update add 24.0.0.168.192.rpz-ip.bl 300 CNAME 24.0.0.168.192. +; +; prefer QNAME policy to NSDNAME policy +update add a4-1.tld2.bl. 300 A 12.12.12.12 +; +; prefer policy for largest NS name +update add ns.sub3.tld2.rpz-nsdname.bl. 300 A 127.0.0.1 +update add ns.subsub.sub3.tld2.rpz-nsdname.bl. 300 A 127.0.0.2 send diff --git a/bin/tests/system/rpz/test4 b/bin/tests/system/rpz/test4 index e614a69a..16a027e7 100644 --- a/bin/tests/system/rpz/test4 +++ b/bin/tests/system/rpz/test4 @@ -12,11 +12,26 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test4,v 1.4 2011-01-13 19:30:41 each Exp $ +; $Id: test4,v 1.5 2011-10-13 01:32:33 vjs Exp $ +; Use comment lines instead of blank lines to combine update requests into +; single requests +; Separate update requests for distinct TLDs with blank lines or 'send' +; End the file with a blank line or 'send' + +; NSIP tests + server 10.53.0.3 5300 +; NXDOMAIN for all of tld2 based on its server IP address update add 32.2.0.53.10.rpz-nsip.bl. 300 CNAME . - +; +; exempt a3-2.tld2 and anything in 192.168.0.0/24 +; also checks that IP policies are preferred over NSIP policies +update add a3-2.tld2.bl 300 CNAME a3-2.tld2. +update add 24.0.0.168.192.rpz-ip.bl 300 CNAME 24.0.0.168.192. +; +; prefer NSIP policy to NSDNAME policy +update add ns.tld2.rpz-nsdname.bl. 300 CNAME 10.0.0.1 send diff --git a/bin/tests/system/rpz/test5 b/bin/tests/system/rpz/test5 index 1f19d1bd..ef8566da 100644 --- a/bin/tests/system/rpz/test5 +++ b/bin/tests/system/rpz/test5 @@ -12,25 +12,34 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test5,v 1.4 2011-01-13 19:30:41 each Exp $ +; $Id: test5,v 1.5 2011-10-13 01:32:33 vjs Exp $ -server 10.53.0.3 5300 -update add a3-1.tld2.bl-given. 300 CNAME . -send +; Use comment lines instead of blank lines to combine update requests into +; single requests +; Separate update requests for distinct TLDs with blank lines or 'send' +; End the file with a blank line or 'send' -server 10.53.0.3 5300 -update add a3-2.tld2.bl-no-op. 300 CNAME . -send +; the policies or replacements specified in ns3/named.conf override these server 10.53.0.3 5300 -update add a3-3.tld2.bl-nodata. 300 CNAME . -send -server 10.53.0.3 5300 -update add a3-4.tld2.bl-nxdomain. 300 CNAME *. +update add a3-1.tld2.bl-given. 300 A 127.0.0.1 send - -server 10.53.0.3 5300 -update add a3-5.tld2.bl-cname. 300 CNAME . +update add a3-2.tld2.bl-passthru. 300 A 127.0.0.2 +send +update add a3-3.tld2.bl-no-op. 300 A 127.0.0.3 +send +update add a3-4.tld2.bl-disabled. 300 A 127.0.0.4 +send +update add a3-5.tld2.bl-nodata. 300 A 127.0.0.5 +send +update add a3-6.tld2.bl-nxdomain. 300 A 127.0.0.6 +send +update add a3-7.tld2.bl-cname. 300 A 127.0.0.7 +send +update add a3-8.tld2.bl-wildcname. 300 A 127.0.0.8 +update add *.sub9.tld2.bl-wildcname. 300 A 127.0.1.9 +send +update add a3-10.tld2.bl-garden. 300 A 127.0.0.10 send diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 7aef0eb5..63c2ecfe 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -12,19 +12,21 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.6 2011-06-09 03:10:17 marka Exp $ +# $Id: tests.sh,v 1.8 2011-10-13 13:03:51 marka Exp $ # test response policy zones (RPZ) SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -root=10.53.0.1 -s2=10.53.0.2 -s3=10.53.0.3 +ns1=10.53.0.1 # root, defining the other two +ns2=10.53.0.2 # server whose answers are rewritten +ns3=10.53.0.3 # resolve that does the rewriting +ns4=10.53.0.4 # another server that is rewritten -DIGCMD="$DIG +noadd +nosea +nocmd -p 5300" +RNDCCMD="$RNDC -c ../common/rndc.conf -s $ns3 -p 9953" +HAVE_CORE= USAGE="$0: [-x]" while getopts "x" c; do @@ -42,16 +44,21 @@ fi trap 'exit 1' 1 2 15 +digcmd () { + #echo I:dig +noadd +noauth +nosearch +time=1 +tries=1 -p 5300 $* 1>&2 + $DIG +noadd +noauth +nosearch +time=1 +tries=1 -p 5300 $* +} + # set DIGNM=file name for dig output -# $1=target domain $2=optional query type $3=optional string -dignm () { - DIGNM=dig.out-$DIGNM_SUB-$1 - if test -n "$3"; then - DIGNM=$DIGNM-$3 - fi - if test -n "$2"; then - DIGNM=$DIGNM-`expr "x$2" : 'x-t *\(.*\)'` - fi +GROUP_NM= +TEST_NUM=0 +make_dignm () { + TEST_NUM=`expr $TEST_NUM + 1` + DIGNM=dig.out$GROUP_NM-$TEST_NUM + while test -f $DIGNM; do + TEST_NUM="$TEST_NUM+" + DIGNM=dig.out$GROUP_NM-$TEST_NUM + done } setret () { @@ -59,109 +66,159 @@ setret () { echo "$*" } +# (re)load the reponse policy zones with the rules in the file $TEST_FILE +load_db () { + if test -n "$TEST_FILE"; then + if $NSUPDATE -v $TEST_FILE; then : ; else + echo "I:failed to update policy zone with $TEST_FILE" + exit 1 + fi + fi +} + +restart () { + $RNDCCMD stop >/dev/null 2>&1 + rm -f ns3/*.jnl + for NM in ns3/bl*.db; do + cp -f ns3/base.db $NM + done + (cd ..; $PERL start.pl --noclean --restart rpz ns3) + load_db +} + +ckalive () { + $RNDCCMD status >/dev/null 2>&1 && return 0 + HAVE_CORE=yes + setret "$1" + restart + return 1 +} + +# $1=message $2=optional test file name +start_group () { + ret=0 + test -n "$1" && echo "I:checking $1" + TEST_FILE=$2 + if test -n "$TEST_FILE"; then + GROUP_NM="-$TEST_FILE" + load_db + else + GROUP_NM= + fi + TEST_NUM=0 +} + +end_group () { + if test -n "$TEST_FILE"; then + sed -e 's/[ ]add[ ]/ delete /' $TEST_FILE | $NSUPDATE + TEST_FILE= + fi + status=`expr $status + $ret` + ckalive "I:failed; server crashed" + GROUP_NM= +} + +# $1=dig args $2=other dig output file +ckresult () { + #ckalive "I:server crashed by 'dig $1'" || return 1 + if $PERL ../digcomp.pl $DIGNM $2 >/dev/null; then + rm -f ${DIGNM}* + return 0 + fi + setret "I:'dig $1' wrong; diff $DIGNM $2" + return 1 +} + +# check only that the server does not crash +# $1=target domain $2=optional query type +nocrash () { + digcmd $* @$ns3 >/dev/null + ckalive "I:server crashed by 'dig $*'" +} + + # check rewrite to NXDOMAIN # $1=target domain $2=optional query type nxdomain () { - dignm $1 "$2" - $DIGCMD +noauth $1 $2 @$s3 >$DIGNM - $PERL ../digcomp.pl dig.out-nxdomain $DIGNM || setret " in $DIGNM" + make_dignm + digcmd +noauth $* @$ns3 \ + | sed -e 's/^[a-z].* IN CNAME /;xxx &/' >$DIGNM + ckresult "$*" proto.nxdomain } # check rewrite to NODATA # $1=target domain $2=optional query type nodata () { - dignm $1 "$2" - $DIGCMD +noauth $1 $2 @$s3 >$DIGNM - $PERL ../digcomp.pl dig.out-nodata $DIGNM || setret " in $DIGNM" + make_dignm + digcmd +noauth $* @$ns3 \ + | sed -e 's/^[a-z].* IN CNAME /;xxx &/' >$DIGNM + ckresult "$*" proto.nodata } -# check rewrite to "A 12.12.12.12" -# modify the output so that it is easily matched, but save the original line -# $1=target domain $2=optional query type -a12 () { - dignm $1 "$2" - $DIGCMD +noauth $1 $2 @$s3 \ - | sed -e "/^$1\. /{" \ - -e "s/.*/;xxx &/p" -e "s/^;xxx $1/a12.tld2/" -e '}' \ - >$DIGNM - $PERL ../digcomp.pl dig.out-a12 $DIGNM || ret=1 +# check rewrite to an address +# modify the output so that it is easily compared, but save the original line +# $1=IPv4 address, $2=target domain $3=optional query type +addr () { + ADDR=$1 + shift + ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'` + make_dignm + digcmd +noauth $* @$ns3 >$DIGNM + #ckalive "I:server crashed by 'dig $*'" || return + if grep -i '^[a-z].* A '"$ADDR_ESC"'$' $DIGNM >/dev/null; then + rm -f ${DIGNM}* + return 0 + fi + setret "I:'dig $*' wrong; no A $ADDR record in $DIGNM $2" } # check that a response is not rewritten # $1=target domain $2=optional query type nochange () { - dignm $1 "$2" ok - DIGNM_OK=$DIGNM - dignm $1 "$2" - $DIGCMD $1 $2 @$s3 >$DIGNM - $DIGCMD $1 $2 @$s2 >$DIGNM_OK - $PERL ../digcomp.pl $DIGNM_OK $DIGNM || ret=1 + make_dignm + digcmd $* @$ns3 >$DIGNM + digcmd $* @$ns2 >${DIGNM}_OK + ckresult "$*" ${DIGNM}_OK && rm -f ${DIGNM}_OK } -flush_db () { - if $RNDC -c ../common/rndc.conf -s $s3 -p 9953 freeze; then : ; else - echo "I:failed to freeze policy zone $1" - exit 1 - fi - if $RNDC -c ../common/rndc.conf -s $s3 -p 9953 thaw; then : ; else - echo "I:failed to thaw policy zone $1" - exit 1 - fi +# check against a 'here document' +here () { + make_dignm + sed -e 's/^[ ]*//' >${DIGNM}_OK + digcmd $* @$ns3 >$DIGNM + ckresult "$*" ${DIGNM}_OK } -# $1=message $2=test file -start_test () { - ret=0 - if test -n "$1"; then - echo "I:checking $1" - fi - PREV_FILE=$2 - if test -n "$2"; then - DIGNM_SUB=`expr "$2" : 'test\(.\)'` - if $NSUPDATE -v $PREV_FILE; then : ; else - echo "I:failed to update policy zone $1 with $2" - exit 1 - fi - #flush_db - else - DIGNM_SUB="${DIGNM_SUB}x" - fi -} - -end_test () { - if test $ret != 0; then - echo "I:failed" - else - rm -f dig.out-${DIGNM_SUB}* - fi - if test -n "$PREV_FILE"; then - sed -e 's/ add / delete /' $PREV_FILE | $NSUPDATE - status=`expr $status + $ret` - #flush_db - fi -} +# make prototype files to check against rewritten results +digcmd +noauth nonexistent @$ns2 >proto.nxdomain +digcmd +noauth txt-only.tld2 @$ns2 >proto.nodata -# make NXDOMAIN and NODATA prototypes -echo "I:making prototype RPZ NXDOMAIN, NODATA, and CNAME results" -$DIGCMD +noauth nonexistent @$s2 >dig.out-nxdomain -$DIGCMD +noauth nodata.tld2 @$s2 >dig.out-nodata -$DIGCMD +noauth a12.tld2 @$s2 >dig.out-a12 - status=0 -start_test "RPZ QNAME rewrites" test1 +start_group "QNAME rewrites" test1 +nochange . nxdomain a0-1.tld2 -nodata a1-1.tld2 -nodata a1-2.tld2 -nodata sub.a1-2.tld2 -a12 a4-1.sub1.tld2 -end_test - -start_test "RPZ IP rewrites" test2 +nodata a3-1.tld2 +nodata a3-2.tld2 +nodata sub.a3-2.tld2 # 5 no crash on DNAME +nxdomain a4-2.tld2 # 6 rewrite based on CNAME target +nxdomain a4-2-cname.tld2 # 7 +nodata a4-3-cname.tld2 # 8 +addr 12.12.12.12 a4-1.sub1.tld2 # 9 A replacement +addr 12.12.12.12 a4-1.sub2.tld2 # 10 A replacement with wildcard +addr 12.12.12.12 nxc1.sub1.tld2 # 11 replace NXDOMAIN with CNAME +addr 12.12.12.12 nxc2.sub1.tld2 # 12 replace NXDOMAIN with CNAME chain +addr 127.0.0.1 a4-4.tld2 # 13 prefer 1st conflicting QNAME zone +addr 56.56.56.56 a3-6.tld2 # 14 wildcard CNAME +addr 57.57.57.57 a3-7.sub1.tld2 # 15 wildcard CNAME +addr 127.0.0.16 a4-5-cname3.tld2 # 16 CNAME chain +addr 127.0.0.17 a4-6-cname3.tld2 # 17 stop short in CNAME chain +end_group + +start_group "IP rewrites" test2 nodata a3-1.tld2 nochange a3-2.tld2 -nxdomain a3-99.tld2 nochange a4-1.tld2 nxdomain a4-2.tld2 nochange a4-2.tld2 -taaaa @@ -170,9 +227,13 @@ nxdomain a4-2.tld2 -tany nodata a4-3.tld2 nxdomain a3-1.tld2 -tAAAA nochange a4-1-aaaa.tld2 -tAAAA -end_test +addr 127.0.0.1 a5-1-2.tld2 # 11 prefer smallest policy address +addr 127.0.0.1 a5-3.tld2 # 12 prefer first conflicting IP zone +addr 14.14.14.14 a5-4.tld2 # 13 prefer QNAME to IP +end_group -start_test "RPZ radix tree deletions" +# check that IP addresses for previous group were deleted from the radix tree +start_group "radix tree deletions" nochange a3-1.tld2 nochange a3-2.tld2 nochange a4-1.tld2 @@ -183,94 +244,73 @@ nochange a4-2.tld2 -tany nochange a4-3.tld2 nochange a3-1.tld2 -tAAAA nochange a4-1-aaaa.tld2 -tAAAA -end_test +nochange a5-1-2.tld2 +end_group if ./rpz nsdname; then - start_test "RPZ NSDNAME rewrites" test3 + start_group "NSDNAME rewrites" test3 nochange a3-1.tld2 - nxdomain a3-1.sub1.tld2 - nxdomain a3-1.sub2.sub1.tld2 - end_test + nochange a3-1.tld2 +dnssec # 2 this once caused problems + nxdomain a3-1.sub1.tld2 # 3 NXDOMAIN *.sub1.tld2 by NSDNAME + nxdomain a3-1.subsub.sub1.tld2 + nxdomain a3-1.subsub.sub1.tld2 -tany + addr 12.12.12.12 a4-2.subsub.sub2.tld2 # 6 walled garden for *.sub2.tld2 + nochange a3-2.tld2. # 7 exempt rewrite by name + nochange a0-1.tld2. # 8 exempt rewrite by address block + addr 12.12.12.12 a4-1.tld2 # 9 prefer QNAME policy to NSDNAME + addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME + addr 127.0.0.2 a3-1.subsub.sub3.tld2 + nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash + end_group else - echo "I:RPZ NSDNAME not checked; named was not built with --enable-rpz-nsdname" + echo "I:NSDNAME not checked; named not configured with --enable-rpz-nsdname" fi if ./rpz nsip; then - start_test "RPZ NSIP rewrites" test4 - nxdomain a3-1.tld2 - nochange . - end_test + start_group "NSIP rewrites" test4 + nxdomain a3-1.tld2 # 1 NXDOMAIN for all of tld2 by NSIP + nochange a3-2.tld2. # 2 exempt rewrite by name + nochange a0-1.tld2. # 3 exempt rewrite by address block + nochange a3-1.tld4 # 4 different NS IP address + end_group else - echo "I:RPZ NSIP not checked; named was not built with --enable-rpz-nsip" -fi - -start_test "RPZ policy overrides" test5 -nxdomain a3-1.tld2 -nochange a3-2.tld2 -nodata a3-3.tld2 -nxdomain a3-4.tld2 -dignm a3-5.tld2 -tany -$DIGCMD +noauth a3-5.tld2 -tany @$s3 >$DIGNM -if grep CNAME $DIGNM >/dev/null; then : ; else - echo "'policy cname' failed" - ret=1 + echo "I:NSIP not checked; named not configured with --enable-rpz-nsip" fi -end_test - -ret=0 -echo "I:checking RRSIG queries" -# We don't actually care about the query results; the important -# thing is the server handles RRSIG queries okay -$DIGCMD a3-1.tld2 -trrsig @$s3 > /dev/null 2>&1 -$DIGCMD a3-2.tld2 -trrsig @$s3 > /dev/null 2>&1 -$DIGCMD a3-5.tld2 -trrsig @$s3 > /dev/null 2>&1 -$DIGCMD www.redirect -trrsig @$s3 > /dev/null 2>&1 -$DIGCMD www.cname-redirect -trrsig @$s3 > /dev/null 2>&1 - -$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then - echo "I:failed"; - (cd ..; $PERL start.pl --noclean --restart rpz ns3) -fi -status=`expr $status + $ret` - -ret=0 -echo "I:checking SIG queries" -# We don't actually care about the query results; the important -# thing is the server handles SIG queries okay -$DIGCMD a3-1.tld2 -tsig @$s3 > /dev/null 2>&1 -$DIGCMD a3-2.tld2 -tsig @$s3 > /dev/null 2>&1 -$DIGCMD a3-5.tld2 -tsig @$s3 > /dev/null 2>&1 -$DIGCMD www.redirect -tsig @$s3 > /dev/null 2>&1 -$DIGCMD www.cname-redirect -tsig @$s3 > /dev/null 2>&1 - -$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then - echo "I:failed"; - (cd ..; $PERL start.pl --noclean --restart rpz ns3) -fi -status=`expr $status + $ret` - -ret=0 -echo "I:checking ANY queries" -# We don't actually care about the query results; the important -# thing is the server handles SIG queries okay -$DIGCMD a3-1.tld2 -tany @$s3 > /dev/null 2>&1 -$DIGCMD a3-2.tld2 -tany @$s3 > /dev/null 2>&1 -$DIGCMD a3-5.tld2 -tany @$s3 > /dev/null 2>&1 -$DIGCMD www.redirect -tany @$s3 > /dev/null 2>&1 -$DIGCMD www.cname-redirect -tany @$s3 > /dev/null 2>&1 - -$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then - echo "I:failed"; - (cd ..; $PERL start.pl --noclean --restart rpz ns3) -fi -status=`expr $status + $ret` +# policies in ./test5 overridden by response-policy{} in ns3/named.conf +start_group "policy overrides" test5 +addr 127.0.0.1 a3-1.tld2 # 1 bl-given +nochange a3-2.tld2 # 2 bl-passthru +nochange a3-3.tld2 # 3 bl-no-op obsolete for passthru +nochange a3-4.tld2 # 4 bl-disabled +nodata a3-5.tld2 # 5 bl-nodata +nxdomain a3-6.tld2 # 6 bl-nxdomain +here +noauth a3-7.tld2 -tany <<'EOF' # 7 bl_cname + ;; status: NOERROR, x + a3-7.tld2. 300 IN CNAME txt-only.tld2. + txt-only.tld2. 120 IN TXT "txt-only-tld2" +EOF +addr 58.58.58.58 a3-8.tld2 # 8 bl_wildcname +addr 59.59.59.59 a3-9.sub9.tld2 # 9 bl_wildcname +addr 12.12.12.12 a3-10.tld2 # 10 bl-garden +end_group + +# check that miscellaneous bugs are still absent +start_group "crashes" +for Q in RRSIG SIG ANY 'ANY +dnssec'; do + nocrash a3-1.tld2 -t$Q + nocrash a3-2.tld2 -t$Q + nocrash a3-5.tld2 -t$Q + nocrash www.redirect -t$Q + nocrash www.credirect -t$Q +done +end_group -if test "$status" -eq 0; then - rm -f dig.out* +# restart the server to see if that creates a core file +if test -z "$HAVE_CORE"; then + $RNDCCMD halt + restart + test -s ns3/named.core && setret "I:found stray core file; memory leak?" fi echo "I:exit status: $status" diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh index 92d14a89..714880fb 100644 --- a/bin/tests/system/smartsign/tests.sh +++ b/bin/tests/system/smartsign/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.15 2011-07-08 01:43:26 each Exp $ +# $Id: tests.sh,v 1.17 2011-10-13 03:55:01 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -118,11 +118,11 @@ status=`expr $status + $ret` echo "I:checking parent zone DS records" ret=0 awk '$2 == "DS" {print $3}' $pfile.signed > dsset.out -grep "$ckactive" dsset.out > /dev/null || ret=1 -grep "$ckpublished" dsset.out > /dev/null || ret=1 +grep -w "$ckactive" dsset.out > /dev/null || ret=1 +grep -w "$ckpublished" dsset.out > /dev/null || ret=1 # revoked key should not be there, hence the && -grep "$ckprerevoke" dsset.out > /dev/null && ret=1 -grep "$ckrevoked" dsset.out > /dev/null && ret=1 +grep -w "$ckprerevoke" dsset.out > /dev/null && ret=1 +grep -w "$ckrevoked" dsset.out > /dev/null && ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -177,43 +177,43 @@ ret=0 # check DNSKEY signatures first awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $3 }' $cfile.signed > dnskey.sigs sub=0 -grep "$ckactive" dnskey.sigs > /dev/null || sub=1 +grep -w "$ckactive" dnskey.sigs > /dev/null || sub=1 if [ $sub != 0 ]; then echo "I:missing ckactive $ckactive (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$ckrevoked" dnskey.sigs > /dev/null || sub=1 +grep -w "$ckrevoked" dnskey.sigs > /dev/null || sub=1 if [ $sub != 0 ]; then echo "I:missing ckrevoke $ckrevoke (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czactive" dnskey.sigs > /dev/null || sub=1 +grep -w "$czactive" dnskey.sigs > /dev/null || sub=1 if [ $sub != 0 ]; then echo "I:missing czactive $czactive (dnskey)"; ret=1; fi # should not be there: echo $ret > /dev/null sync sub=0 -grep "$ckprerevoke" dnskey.sigs > /dev/null && sub=1 +grep -w "$ckprerevoke" dnskey.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckprerevoke $ckprerevoke (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$ckpublished" dnskey.sigs > /dev/null && sub=1 +grep -w "$ckpublished" dnskey.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckpublished $ckpublished (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czpublished" dnskey.sigs > /dev/null && sub=1 +grep -w "$czpublished" dnskey.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czpublished $czpublished (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czinactive" dnskey.sigs > /dev/null && sub=1 +grep -w "$czinactive" dnskey.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czinactive $czinactive (dnskey)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czgenerated" dnskey.sigs > /dev/null && sub=1 +grep -w "$czgenerated" dnskey.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czgenerated $czgenerated (dnskey)"; ret=1; fi # now check other signatures first awk '$2 == "RRSIG" && $3 != "DNSKEY" { getline; print $3 }' $cfile.signed | sort -un > other.sigs @@ -221,47 +221,47 @@ awk '$2 == "RRSIG" && $3 != "DNSKEY" { getline; print $3 }' $cfile.signed | sort echo $ret > /dev/null sync sub=0 -grep "$ckactive" other.sigs > /dev/null && sub=1 +grep -w "$ckactive" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckactive $ckactive (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$ckpublished" other.sigs > /dev/null && sub=1 +grep -w "$ckpublished" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckpublished $ckpublished (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$ckprerevoke" other.sigs > /dev/null && sub=1 +grep -w "$ckprerevoke" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckprerevoke $ckprerevoke (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$ckrevoked" other.sigs > /dev/null && sub=1 +grep -w "$ckrevoked" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found ckrevoked $ckrevoked (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czpublished" other.sigs > /dev/null && sub=1 +grep -w "$czpublished" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czpublished $czpublished (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czinactive" other.sigs > /dev/null && sub=1 +grep -w "$czinactive" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czinactive $czinactive (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czgenerated" other.sigs > /dev/null && sub=1 +grep -w "$czgenerated" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czgenerated $czgenerated (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czpredecessor" other.sigs > /dev/null && sub=1 +grep -w "$czpredecessor" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czpredecessor $czpredecessor (other)"; ret=1; fi echo $ret > /dev/null sync sub=0 -grep "$czsuccessor" other.sigs > /dev/null && sub=1 +grep -w "$czsuccessor" other.sigs > /dev/null && sub=1 if [ $sub != 0 ]; then echo "I:found czsuccessor $czsuccessor (other)"; ret=1; fi if [ $ret != 0 ]; then sed 's/^/I:dnskey sigs: /' < dnskey.sigs @@ -293,7 +293,7 @@ status=`expr $status + $ret` echo "I:checking child zone signatures again" ret=0 awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $3 }' $cfile.signed > dnskey.sigs -grep "$ckpublished" dnskey.sigs > /dev/null || ret=1 +grep -w "$ckpublished" dnskey.sigs > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl index f12ecf2d..ae84dbae 100644 --- a/bin/tests/system/start.pl +++ b/bin/tests/system/start.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: start.pl,v 1.24 2011-05-05 23:15:56 smann Exp $ +# $Id: start.pl,v 1.28 2011-10-13 01:32:32 vjs Exp $ # Framework for starting test servers. # Based on the type of server specified, check for port availability, remove @@ -23,6 +23,7 @@ # If a server is specified, start it. Otherwise, start all servers for test. use strict; +use Cwd; use Cwd 'abs_path'; use Getopt::Long; @@ -35,6 +36,12 @@ use Getopt::Long; # options - alternate options for the server # NOTE: options must be specified with '-- "<option list>"', # for instance: start.pl . ns1 -- "-c n.conf -d 43" +# ALSO NOTE: this variable will be filled with the +# contents of the first non-commented/non-blank line of args +# in a file called "named.args" in an ns*/ subdirectory only +# the FIRST non-commented/non-blank line is used (everything +# else in the file is ignored. If "options" is already set, +# then "named.args" is ignored. my $usage = "usage: $0 [--noclean] [--restart] test-directory [server-directory [server-options]]"; my $noclean = ''; @@ -81,14 +88,15 @@ if ($server) { my @ns = grep /^ns[0-9]*$/, @files; my @lwresd = grep /^lwresd[0-9]*$/, @files; my @ans = grep /^ans[0-9]*$/, @files; + my $name; # Start the servers we found. &check_ports(); - foreach (@ns, @lwresd, @ans) { - &start_server($_); + foreach $name(@ns, @lwresd, @ans) { + &start_server($name); } - foreach (@ns) { - &verify_server($_); + foreach $name(@ns) { + &verify_server($name); } } @@ -125,12 +133,28 @@ sub start_server { my $cleanup_files; my $command; my $pid_file; + my $cwd = getcwd(); + my $args_file = $cwd . "/" . $test . "/" . $server . "/" . "named.args"; if ($server =~ /^ns/) { $cleanup_files = "{*.jnl,*.bk,*.st,named.run}"; $command = "$NAMED "; if ($options) { $command .= "$options"; + } elsif (-e $args_file) { + open(FH, "<", $args_file); + while(my $line=<FH>) + { + #$line =~ s/\R//g; + chomp $line; + next if ($line =~ /^\s*$/); #discard blank lines + next if ($line =~ /^\s*#/); #discard comment lines + $line =~ s/#.*$//g; + $options = $line; + last; + } + close FH; + $command .= "$options"; } else { $command .= "-m record,size,mctx "; $command .= "-T clienttest "; @@ -188,7 +212,7 @@ sub start_server { exit 1; } - # print "I:starting server $server\n"; + # print "I:starting server %s\n",$server; chdir "$testdir/$server"; @@ -208,15 +232,19 @@ sub start_server { # already been started my $tries = 0; while (!-s $pid_file) { - if (++$tries > 14) { + if (++$tries > 140) { print "I:Couldn't start server $server (pid=$child)\n"; print "R:FAIL\n"; system "kill -9 $child" if ("$child" ne ""); system "$PERL $topdir/stop.pl $testdir"; exit 1; } - sleep 1; + # sleep for 0.1 seconds + select undef,undef,undef,0.1; } + + # go back to the top level directory + chdir $cwd; } sub verify_server { diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh index cc12e26b..8844b8bd 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.12 2011-08-31 23:46:43 tbox Exp $ +# $Id: tests.sh,v 1.13 2011-10-13 22:18:05 marka Exp $ # ns1 = stealth master # ns2 = slave with update forwarding disabled; not currently used @@ -26,6 +26,20 @@ SYSTEMTESTTOP=.. status=0 + +echo "I:waiting for servers to be ready for testing" +for i in 1 2 3 4 5 6 7 8 9 10 +do + ret=0 + $DIG +tcp example. @10.53.0.1 soa -p 5300 > dig.out.ns1 || ret=1 + grep "status: NOERROR" dig.out.ns1 > /dev/null || ret=1 + $DIG +tcp example. @10.53.0.2 soa -p 5300 > dig.out.ns2 || ret=1 + grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1 + $DIG +tcp example. @10.53.0.3 soa -p 5300 > dig.out.ns3 || ret=1 + grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 + test $ret = 0 && break + sleep 1 +done echo "I:fetching master copy of zone before update" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\ @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 |