9.9.4b1

author: Internet Software Consortium, Inc <@isc.org> 2013-08-14 06:35:21 -0600
committer: Internet Software Consortium, Inc <@isc.org> 2013-08-14 06:35:21 -0600
commit: ebbc86ee1eae2231a10e23f4cda592085dbc7eef (patch)
tree: 8e373dd37c3b0a9fb113ff78f7a15dd19f6c0911 /bin/tests
parent: 87c6fc212d37ddbeb388f8308377ae38de3061d9 (diff)
download: bind9-ebbc86ee1eae2231a10e23f4cda592085dbc7eef.tar.gz
35 files changed, 1262 insertions, 33 deletions
diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
index 1f9f41fd..f7bcc261 100644
--- a/bin/tests/system/Makefile.in
+++ b/bin/tests/system/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2008, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2008, 2010-2013  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
@@ -21,7 +21,8 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_MAKE_INCLUDES@
 
-SUBDIRS =	dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss
+SUBDIRS =	dlzexternal filter-aaaa lwresd rpz rrl \
+		rsabigexponent tkey tsiggss
 TARGETS =
 
 @BIND9_MAKE_RULES@
diff --git a/bin/tests/system/README b/bin/tests/system/README
index dbca6083..2145a444 100644
--- a/bin/tests/system/README
+++ b/bin/tests/system/README
@@ -1,4 +1,4 @@
-Copyright (C) 2004, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004, 2010, 2011, 2013  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 2000, 2001  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
@@ -17,6 +17,7 @@ involving a different DNS setup.  They are:
   nsupdate/	Dynamic update and IXFR tests
   resolver/     Regression tests for resolver bugs that have been fixed
 		(not a complete resolver test suite)
+  rrl/		query rate limiting
   rpz/		Tests of response policy zone (RPZ) rewriting
   stub/		Tests of stub zone functionality
   unknown/	Unknown type and class tests
diff --git a/bin/tests/system/addzone/ns2/added.db b/bin/tests/system/addzone/ns2/added.db
index 4c734cb6..d6224439 100644
--- a/bin/tests/system/addzone/ns2/added.db
+++ b/bin/tests/system/addzone/ns2/added.db
@@ -1,4 +1,4 @@
-; Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+; Copyright (C) 2010, 2013  Internet Systems Consortium, Inc. ("ISC")
 ;
 ; Permission to use, copy, modify, and/or distribute this software for any
 ; purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
 
 ; $Id: added.db,v 1.2 2010/08/11 18:14:18 each Exp $
 
-$ORIGIN added.example.
+;$ORIGIN added.example.
 $TTL 300	; 5 minutes
 @                       IN SOA	mname1. . (
 				1          ; serial
diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh
index 59456b34..45a57124 100644..100755
--- a/bin/tests/system/addzone/tests.sh
+++ b/bin/tests/system/addzone/tests.sh
@@ -51,6 +51,26 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:adding a zone that requires quotes ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+$DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
+grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:adding a zone with a quote in the name ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
+grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:adding new zone with missing master file ($n)"
 ret=0
 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
@@ -84,6 +104,16 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:deleting newly added zone with escaped quote ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /'
+$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n
+grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:attempt to delete a normally-loaded zone ($n)"
 ret=0
 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2> rndc.out.ns2.$n
diff --git a/bin/tests/system/checkconf/inline-bad.conf b/bin/tests/system/checkconf/inline-bad.conf
new file mode 100644
index 00000000..de9c4a2e
--- /dev/null
+++ b/bin/tests/system/checkconf/inline-bad.conf
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+acl "transferees" {};
+masters "stealthMasters" {127.0.0.1;};
+masters "publicSlaves" {127.0.0.1;};
+zone "example.net" {
+        type slave;
+        key-directory "/var/lib/bind/example.net";
+        auto-dnssec maintain;
+        inline-signing yes;
+        masters { stealthMasters; };
+        notify explicit;
+        also-notify { publicSlaves; };
+        allow-transfer { localhost; transferees; };
+};
+
diff --git a/bin/tests/system/checkconf/inline-good.conf b/bin/tests/system/checkconf/inline-good.conf
new file mode 100644
index 00000000..84a6a840
--- /dev/null
+++ b/bin/tests/system/checkconf/inline-good.conf
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+acl "transferees" {};
+masters "stealthMasters" {127.0.0.1;};
+masters "publicSlaves" {127.0.0.1;};
+zone "example.net" {
+        type slave;
+        file "/var/cache/bind/example.net.db";
+        key-directory "/var/lib/bind/example.net";
+        auto-dnssec maintain;
+        inline-signing yes;
+        masters { stealthMasters; };
+        notify explicit;
+        also-notify { publicSlaves; };
+        allow-transfer { localhost; transferees; };
+};
+
diff --git a/bin/tests/system/checkconf/inline-no.conf b/bin/tests/system/checkconf/inline-no.conf
new file mode 100644
index 00000000..2027b943
--- /dev/null
+++ b/bin/tests/system/checkconf/inline-no.conf
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+acl "transferees" {};
+masters "stealthMasters" {127.0.0.1;};
+masters "publicSlaves" {127.0.0.1;};
+zone "example.net" {
+        type slave;
+        key-directory "/var/lib/bind/example.net";
+        auto-dnssec maintain;
+        inline-signing no;
+        masters { stealthMasters; };
+        notify explicit;
+        also-notify { publicSlaves; };
+        allow-transfer { localhost; transferees; };
+};
+
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index a544fa71..64563154 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -1,4 +1,4 @@
-# Copyright (C) 2005, 2007, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2005, 2007, 2010-2013  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -104,5 +104,15 @@ n=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" |
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I: check file + inline-signing for slave zones"
+n=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+[ $n -eq 0 ] || ret=1
+n=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+[ $n -eq 0 ] || ret=1
+n=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
+[ $n -eq 1 ] || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 2aadf9fc..447aaa64 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -62,9 +62,9 @@ SUBDIRS="acl additional allow_query addzone autosign builtin
          database dlv dlvauto dlz dlzexternal dname dns64 dnssec ecdsa
          formerr forward glue gost ixfr inline limits logfileconfig
          lwresd masterfile masterformat metadata notify nsupdate pending
-	 pkcs11 redirect resolver rndc rpz rrsetorder rsabigexponent
+	 pkcs11 redirect resolver rndc rpz rrl rrsetorder rsabigexponent
 	 smartsign sortlist spf staticstub stub tkey tsig tsiggss unknown
-	 upforwd verify views wildcard xfer xferquota zonechecks"
+	 upforwd verify views wildcard xfer xferquota zero zonechecks"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@
diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh
index dd653cda..e2cd0b6d 100644
--- a/bin/tests/system/inline/tests.sh
+++ b/bin/tests/system/inline/tests.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -103,6 +103,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo "I:checking negative private type response was properly signed ($n)"
 ret=0
+sleep 1
 $DIG $DIGOPTS @10.53.0.6 -p 5300 bits TYPE65534 > dig.out.ns6.test$n
 grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1
 grep "ANSWER: 0," dig.out.ns6.test$n > /dev/null || ret=1
diff --git a/bin/tests/system/logfileconfig/tests.sh b/bin/tests/system/logfileconfig/tests.sh
index 69d44d1a..3c4f5224 100644
--- a/bin/tests/system/logfileconfig/tests.sh
+++ b/bin/tests/system/logfileconfig/tests.sh
@@ -32,13 +32,101 @@ PIDFILE="${THISDIR}/${CONFDIR}/named.pid"
 myRNDC="$RNDC -c ${THISDIR}/${CONFDIR}/rndc.conf"
 myNAMED="$NAMED -c ${THISDIR}/${CONFDIR}/named.conf -m record,size,mctx -T clienttest -T nosyslog -d 99 -U 4"
 
+status=0
+
+cd $CONFDIR
+
+echo "I:testing log file validity (named -g + only plain files allowed)"
+
+# First run with a known good config.
+echo > $PLAINFILE
+cp $PLAINCONF named.conf
+$myRNDC reconfig
+grep "reloading configuration failed" named.run > /dev/null 2>&1
+if [ $? -ne 0 ]
+then
+	echo "I: testing plain file succeeded"
+else
+	echo "I: testing plain file failed (unexpected)"
+	echo "I:exit status: 1"
+	exit 1 
+fi
+
+# Now try directory, expect failure
+echo "I: testing directory as log file (named -g)"
+echo > named.run
+rm -rf $DIRFILE
+mkdir -p $DIRFILE >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+	cp $DIRCONF named.conf
+	echo > named.run
+	$myRNDC reconfig
+	grep "checking logging configuration failed: invalid file" named.run > /dev/null 2>&1
+	if [ $? -ne 0 ]
+	then
+		echo "I: testing directory as file succeeded (UNEXPECTED)"
+		echo "I:exit status: 1"
+		exit 1
+	else
+		echo "I: testing directory as log file failed (expected)"
+	fi
+else
+	echo "I: skipping directory test (unable to create directory)"
+fi
+
+# Now try pipe file, expect failure
+echo "I: testing pipe file as log file (named -g)"
+echo > named.run
+rm -f $PIPEFILE
+mkfifo $PIPEFILE >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+	cp $PIPECONF named.conf
+	echo > named.run
+	$myRNDC reconfig
+	grep "checking logging configuration failed: invalid file" named.run  > /dev/null 2>&1
+	if [ $? -ne 0 ]
+	then
+		echo "I: testing pipe file as log file succeeded (UNEXPECTED)"
+		echo "I:exit status: 1"
+		exit 1
+	else
+		echo "I: testing pipe file as log file failed (expected)"
+	fi
+else
+	echo "I: skipping pipe test (unable to create pipe)"
+fi
+
+# Now try symlink file to plain file, expect success 
+echo "I: testing symlink to plain file as log file (named -g)"
+# Assume success
+echo > named.run
+echo > $PLAINFILE
+rm -f  $SYMFILE  $SYMFILE
+ln -s $PLAINFILE $SYMFILE >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+	cp $SYMCONF named.conf
+	$myRNDC reconfig
+	echo > named.run
+	grep "reloading configuration failed" named.run > /dev/null 2>&1
+	if [ $? -ne 0 ]
+	then
+		echo "I: testing symlink to plain file succeeded"
+	else
+		echo "I: testing symlink to plain file failed (unexpected)"
+		echo "I:exit status: 1"
+		exit 1
+	fi
+else
+	echo "I: skipping symlink test (unable to create symlink)"
+fi
 # Stop the server and run through a series of tests with various config
 # files while controlling the stop/start of the server.
 # Have to stop the stock server because it uses "-g"
 #
-$PERL ../stop.pl . ns1
-
-cd $CONFDIR
+$PERL ../../stop.pl .. ns1
 
 $myNAMED > /dev/null 2>&1
 
@@ -70,6 +158,7 @@ fi
 # Now try directory, expect failure
 echo "I: testing directory as log file"
 echo > named.run
+rm -rf $DIRFILE
 mkdir -p $DIRFILE >/dev/null 2>&1
 if [ $? -eq 0 ]
 then
@@ -92,6 +181,7 @@ fi
 # Now try pipe file, expect failure
 echo "I: testing pipe file as log file"
 echo > named.run
+rm -f $PIPEFILE
 mkfifo $PIPEFILE >/dev/null 2>&1
 if [ $? -eq 0 ]
 then
@@ -117,6 +207,7 @@ echo "I: testing symlink to plain file as log file"
 status=0
 echo > named.run
 echo > $PLAINFILE
+rm -f $SYMFILE
 ln -s $PLAINFILE $SYMFILE >/dev/null 2>&1
 if [ $? -eq 0 ]
 then
diff --git a/bin/tests/system/rrl/Makefile.in b/bin/tests/system/rrl/Makefile.in
new file mode 100644
index 00000000..1c737dda
--- /dev/null
+++ b/bin/tests/system/rrl/Makefile.in
@@ -0,0 +1,53 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+DNSLIBS =	
+ISCLIBS =	.
+
+DNSDEPLIBS =
+ISCDEPLIBS =
+
+DEPLIBS =
+
+LIBS =		@LIBS@
+
+TARGETS =	rrl@EXEEXT@
+
+FILTEROBJS =	rrl.@O@
+
+SRCS =		rrl.c
+
+@BIND9_MAKE_RULES@
+
+all: rrl@EXEEXT@
+
+rrl@EXEEXT@: ${FILTEROBJS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${FILTEROBJS} ${LIBS}
+
+clean distclean::
+	rm -f ${TARGETS}
+
diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh
new file mode 100644
index 00000000..4a53b46f
--- /dev/null
+++ b/bin/tests/system/rrl/clean.sh
@@ -0,0 +1,21 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+
+
+# Clean up after rrl tests.
+
+rm -f dig.out*
+rm -f  */named.memstats */named.run */named.stats */log-* */session.key
+rm -f ns3/bl*.db */*.jnl */*.core */*.pid
diff --git a/bin/tests/system/rrl/ns1/named.conf b/bin/tests/system/rrl/ns1/named.conf
new file mode 100644
index 00000000..7bb725ca
--- /dev/null
+++ b/bin/tests/system/rrl/ns1/named.conf
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	session-keyfile "session.key";
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	notify no;
+};
+
+zone "." {type master; file "root.db";};
diff --git a/bin/tests/system/rrl/ns1/root.db b/bin/tests/system/rrl/ns1/root.db
new file mode 100644
index 00000000..ef39c3c2
--- /dev/null
+++ b/bin/tests/system/rrl/ns1/root.db
@@ -0,0 +1,31 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+$TTL	120
+@		SOA	ns. hostmaster.ns. ( 1 3600 1200 604800 60 )
+@		NS	ns.
+ns.		A	10.53.0.1
+.		A	10.53.0.1
+
+; limit responses from here
+tld2.		NS	ns.tld2.
+ns.tld2.	A	10.53.0.2
+
+; limit recursion to here
+tld3.		NS	ns.tld3.
+ns.tld3.	A	10.53.0.3
+
+; generate SERVFAIL
+tld4.		NS	ns.tld3.
diff --git a/bin/tests/system/rrl/ns2/hints b/bin/tests/system/rrl/ns2/hints
new file mode 100644
index 00000000..542dfc75
--- /dev/null
+++ b/bin/tests/system/rrl/ns2/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+.	0	NS	ns1.
+ns1.	0	A	10.53.0.1
diff --git a/bin/tests/system/rrl/ns2/named.conf b/bin/tests/system/rrl/ns2/named.conf
new file mode 100644
index 00000000..cc261cb9
--- /dev/null
+++ b/bin/tests/system/rrl/ns2/named.conf
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port 5300;
+	session-keyfile "session.key";
+	pid-file "named.pid";
+	statistics-file	"named.stats";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	notify no;
+
+	rate-limit {
+	    responses-per-second 2;
+	    all-per-second 50;
+	    slip 3;
+	    exempt-clients { 10.53.0.7; };
+
+	    // small enough to force a table expansion
+	    min-table-size 75;
+	};
+
+	additional-from-cache no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-md5;
+};
+controls {
+	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
+/*
+ * These log settings have no effect unless "-g" is removed from ../../start.pl
+ */
+logging {
+	channel debug {
+	    file "log-debug";
+	    print-category yes; print-severity yes; severity debug 10;
+	};
+	channel queries {
+	    file "log-queries";
+	    print-category yes; print-severity yes; severity info;
+	};
+	category rate-limit { debug; queries; };
+	category queries { debug; queries; };
+};
+
+zone "." { type hint; file "hints"; };
+
+zone "tld2."{ type master; file "tld2.db"; };
diff --git a/bin/tests/system/rrl/ns2/tld2.db b/bin/tests/system/rrl/ns2/tld2.db
new file mode 100644
index 00000000..ada7a9b0
--- /dev/null
+++ b/bin/tests/system/rrl/ns2/tld2.db
@@ -0,0 +1,47 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+; rate limit response from this zone
+
+$TTL	120
+@		SOA	tld2.  hostmaster.ns.tld2. ( 1 3600 1200 604800 60 )
+		NS	ns
+		NS	.
+ns		A	10.53.0.2
+
+; basic rate limiting
+a1		A	192.0.2.1
+
+; wildcards
+*.a2		A	192.0.2.2
+
+; a3 is in tld3
+
+; a4 does not exist to give NXDOMAIN
+
+; a5 for TCP requests
+a5		A	192.0.2.5
+
+; a6 for whitelisted clients
+a6		A	192.0.2.6
+
+; a7 for SERVFAIL
+
+; a8 for NODATA
+a8		A	192.0.2.8
+
+; a9 for all-per-second limit
+$GENERATE 101-180 all$.a9 A 192.0.2.8
diff --git a/bin/tests/system/rrl/ns3/hints b/bin/tests/system/rrl/ns3/hints
new file mode 100644
index 00000000..542dfc75
--- /dev/null
+++ b/bin/tests/system/rrl/ns3/hints
@@ -0,0 +1,18 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+.	0	NS	ns1.
+ns1.	0	A	10.53.0.1
diff --git a/bin/tests/system/rrl/ns3/named.conf b/bin/tests/system/rrl/ns3/named.conf
new file mode 100644
index 00000000..c797996a
--- /dev/null
+++ b/bin/tests/system/rrl/ns3/named.conf
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port 5300;
+	session-keyfile "session.key";
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	notify no;
+
+	// check that all of the options are parsed without limiting anything
+	rate-limit {
+	    responses-per-second 200;
+	    referrals-per-second 220;
+	    nodata-per-second 230;
+	    nxdomains-per-second 240;
+	    errors-per-second 250;
+	    all-per-second 700;
+	    ipv4-prefix-length 24;
+	    ipv6-prefix-length 64;
+	    qps-scale 10;
+	    window 1;
+	    max-table-size 1000;
+	};
+
+};
+
+zone "." { type hint; file "hints"; };
+
+zone "tld3."{ type master; file "tld3.db"; };
diff --git a/bin/tests/system/rrl/ns3/tld3.db b/bin/tests/system/rrl/ns3/tld3.db
new file mode 100644
index 00000000..79bd8a1c
--- /dev/null
+++ b/bin/tests/system/rrl/ns3/tld3.db
@@ -0,0 +1,25 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+; rate limit response from this zone
+
+$TTL	120
+@		SOA	tld3.  hostmaster.ns.tld3. ( 1 3600 1200 604800 60 )
+		NS	ns
+		NS	.
+ns		A	10.53.0.3
+
+*.a3		A	192.0.3.3
diff --git a/bin/tests/system/rrl/prereq.sh b/bin/tests/system/rrl/prereq.sh
new file mode 100644
index 00000000..e163af8d
--- /dev/null
+++ b/bin/tests/system/rrl/prereq.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+if ./rrl
+then
+    :
+else
+    echo "I:This test requires --enable-rrl at compile time." >&2
+    exit 255
+fi
diff --git a/bin/tests/system/rrl/rrl.c b/bin/tests/system/rrl/rrl.c
new file mode 100644
index 00000000..6e98e8dc
--- /dev/null
+++ b/bin/tests/system/rrl/rrl.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <isc/util.h>
+
+int
+main(int argc, char **argv) {
+
+	UNUSED(argc);
+	UNUSED(argv);
+
+#ifdef USE_RRL
+	return (0);
+#else
+	return (1);
+#endif
+}
diff --git a/bin/tests/system/rrl/setup.sh b/bin/tests/system/rrl/setup.sh
new file mode 100644
index 00000000..1cbdd725
--- /dev/null
+++ b/bin/tests/system/rrl/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+. ./clean.sh
+
diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh
new file mode 100644
index 00000000..c0825237
--- /dev/null
+++ b/bin/tests/system/rrl/tests.sh
@@ -0,0 +1,258 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+
+# test response rate limiting
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+#set -x
+
+ns1=10.53.0.1			    # root, defining the others
+ns2=10.53.0.2			    # test server
+ns3=10.53.0.3			    # secondary test server
+ns7=10.53.0.7			    # whitelisted client
+
+USAGE="$0: [-x]"
+while getopts "x" c; do
+    case $c in
+	x) set -x;;
+	*) echo "$USAGE" 1>&2; exit 1;;
+    esac
+done
+shift `expr $OPTIND - 1 || true`
+if test "$#" -ne 0; then
+    echo "$USAGE" 1>&2
+    exit 1
+fi
+# really quit on control-C
+trap 'exit 1' 1 2 15
+
+
+ret=0
+setret () {
+    ret=1
+    echo "$*"
+}
+
+
+# Wait until soon after the start of a second to make results consistent.
+#   The start of a second credits a rate limit.
+#   This would be far easier in C or by assuming a modern version of perl.
+sec_start () {
+    START=`date`
+    while true; do
+	NOW=`date`
+	if test "$START" != "$NOW"; then
+	    return
+	fi
+	$PERL -e 'select(undef, undef, undef, 0.05)' || true
+    done
+}
+
+
+# turn off ${HOME}/.digrc
+HOME=/dev/null; export HOME
+
+#   $1=result name  $2=domain name  $3=dig options
+digcmd () {
+    OFILE=$1; shift
+    DIG_DOM=$1; shift
+    ARGS="+nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
+    #echo I:dig $ARGS 1>&2
+    START=`date +%y%m%d%H%M.%S`
+    RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP				\
+	    | sed -n -e '/^;; AUTHORITY/,/^$/d'				\
+		-e '/^;; ADDITIONAL/,/^$/d'				\
+		-e  's/^[^;].*	\([^	 ]\{1,\}\)$/\1/p'		\
+		-e 's/;; flags.* tc .*/TC/p'				\
+		-e 's/;; .* status: NXDOMAIN.*/NXDOMAIN/p'		\
+		-e 's/;; .* status: SERVFAIL.*/SERVFAIL/p'		\
+		-e 's/;; connection timed out.*/drop/p'			\
+		-e 's/;; communications error to.*/drop/p'		\
+	    | tr -d '\n'`
+    mv "$OFILE=TEMP" "$OFILE=$RESULT"
+    touch -t $START "$OFILE=$RESULT"
+}
+
+
+#   $1=number of tests  $2=target domain  $3=dig options
+QNUM=1
+burst () {
+    BURST_LIMIT=$1; shift
+    BURST_DOM_BASE="$1"; shift
+    while test "$BURST_LIMIT" -ge 1; do
+	CNT=`expr "00$QNUM" : '.*\(...\)'`
+	eval BURST_DOM="$BURST_DOM_BASE"
+	FILE="dig.out-$BURST_DOM-$CNT"
+	digcmd $FILE $BURST_DOM $* &
+	QNUM=`expr $QNUM + 1`
+	BURST_LIMIT=`expr "$BURST_LIMIT" - 1`
+    done
+}
+
+
+#   $1=domain  $2=IP address  $3=# of IP addresses  $4=TC  $5=drop
+#	$6=NXDOMAIN  $7=SERVFAIL or other errors
+ck_result() {
+    BAD=
+    wait
+    ADDRS=`ls dig.out-$1-*=$2				2>/dev/null | wc -l`
+    # count simple truncated and truncated NXDOMAIN as TC
+    TC=`ls dig.out-$1-*=TC dig.out-$1-*=NXDOMAINTC	2>/dev/null | wc -l`
+    DROP=`ls dig.out-$1-*=drop				2>/dev/null | wc -l`
+    # count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN
+    NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN  dig.out-$1-*=NXDOMAINTC	2>/dev/null \
+							| wc -l`
+    SERVFAIL=`ls dig.out-$1-*=SERVFAIL			2>/dev/null | wc -l`
+    if test $ADDRS -ne "$3"; then
+	setret "I:"$ADDRS" instead of $3 '$2' responses for $1"
+	BAD=yes
+    fi
+    if test $TC -ne "$4"; then
+	setret "I:"$TC" instead of $4 truncation responses for $1"
+	BAD=yes
+    fi
+    if test $DROP -ne "$5"; then
+	setret "I:"$DROP" instead of $5 dropped responses for $1"
+	BAD=yes
+    fi
+    if test $NXDOMAIN -ne "$6"; then
+	setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1"
+	BAD=yes
+    fi
+    if test $SERVFAIL -ne "$7"; then
+	setret "I:"$SERVFAIL" instead of $7 error responses for $1"
+	BAD=yes
+    fi
+    if test -z "$BAD"; then
+	rm -f dig.out-$1-*
+    fi
+}
+
+
+ckstats () {
+    LABEL="$1"; shift
+    TYPE="$1"; shift
+    EXPECTED="$1"; shift
+    C=`sed -n -e "s/[	 ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p"  \
+	    ns2/named.stats | tail -1`
+    C=`expr 0$C + 0`
+    if test "$C" -ne $EXPECTED; then
+	setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
+    fi
+}
+
+
+#########
+sec_start
+
+# Tests of referrals to "." must be done before the hints are loaded
+#   or with "additional-from-cache no"
+burst 5 a1.tld3 +norec
+# basic rate limiting
+burst 3 a1.tld2
+# 1 second delay allows an additional response.
+sleep 1
+burst 10 a1.tld2
+# Request 30 different qnames to try a wildcard.
+burst 30 'x$CNT.a2.tld2'
+# These should be counted and limited but are not.  See RT33138.
+burst 10 'y.x$CNT.a2.tld2'
+
+#					IP      TC      drop  NXDOMAIN SERVFAIL
+# referrals to "."
+ck_result   a1.tld3	''		2	1	2	0	0
+# check 13 results including 1 second delay that allows an additional response
+ck_result   a1.tld2	192.0.2.1	3	4	6	0	0
+
+# Check the wild card answers.
+# The parent name of the 30 requests is counted.
+ck_result 'x*.a2.tld2'	192.0.2.2	2	10	18	0	0
+
+# These should be limited but are not.  See RT33138.
+ck_result 'y.x*.a2.tld2' 192.0.2.2	10	0	0	0	0
+
+#########
+sec_start
+
+burst 10 'x.a3.tld3'
+burst 10 'y$CNT.a3.tld3'
+burst 10 'z$CNT.a4.tld2'
+
+# 10 identical recursive responses are limited
+ck_result 'x.a3.tld3'	192.0.3.3	2	3	5	0	0
+
+# 10 different recursive responses are not limited
+ck_result 'y*.a3.tld3'	192.0.3.3	10	0	0	0	0
+
+# 10 different NXDOMAIN responses are limited based on the parent name.
+#   We count 13 responses because we count truncated NXDOMAIN responses
+#   as both truncated and NXDOMAIN.
+ck_result 'z*.a4.tld2'	x		0	3	5	5	0
+
+$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
+ckstats first dropped 36
+ckstats first truncated 21
+
+
+#########
+sec_start
+
+burst 10 a5.tld2 +tcp
+burst 10 a6.tld2 -b $ns7
+burst 10 a7.tld4
+burst 2 a8.tld2 AAAA
+burst 2 a8.tld2 TXT
+burst 2 a8.tld2 SPF
+
+#					IP      TC      drop  NXDOMAIN SERVFAIL
+# TCP responses are not rate limited
+ck_result a5.tld2	192.0.2.5	10	0	0	0	0
+
+# whitelisted client is not rate limited
+ck_result a6.tld2	192.0.2.6	10	0	0	0	0
+
+# Errors such as SERVFAIL are rate limited.
+ck_result a7.tld4	x		0	0	8	0	2
+
+# NODATA responses are counted as the same regardless of qtype.
+ck_result a8.tld2	''		2	2	2	0	0
+
+$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
+ckstats second dropped 46
+ckstats second truncated 23
+
+
+#########
+sec_start
+
+#					IP      TC      drop  NXDOMAIN SERVFAIL
+# all-per-second
+#   The qnames are all unique but the client IP address is constant.
+QNUM=101
+burst 60 'all$CNT.a9.tld2'
+
+ck_result 'a*.a9.tld2'	192.0.2.8	50	0	10	0	0
+
+$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
+ckstats final dropped 56
+ckstats final truncated 23
+
+
+echo "I:exit status: $ret"
+# exit $ret
+[ $ret -ne 0 ] && echo "I:test failure overridden"
+exit 0
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
index 9e019d68..a138649a 100644
--- a/bin/tests/system/upforwd/tests.sh
+++ b/bin/tests/system/upforwd/tests.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2004, 2007, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2011-2013  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
@@ -40,78 +40,112 @@ do
 	test $ret = 0 && break
 	sleep 1
 done
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+
 echo "I:fetching master copy of zone before update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 1 copy of zone before update"
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 2 copy of zone before update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:comparing pre-update copies to known good data"
-$PERL ../digcomp.pl knowngood.before dig.out.ns1 || status=1
-$PERL ../digcomp.pl knowngood.before dig.out.ns2 || status=1
-$PERL ../digcomp.pl knowngood.before dig.out.ns3 || status=1
+ret=0
+$PERL ../digcomp.pl knowngood.before dig.out.ns1 || ret=1
+$PERL ../digcomp.pl knowngood.before dig.out.ns2 || ret=1
+$PERL ../digcomp.pl knowngood.before dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:updating zone (signed)"
-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || status=1
+ret=0
+$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
 server 10.53.0.3 5300
 update add updated.example. 600 A 10.10.10.1
 update add updated.example. 600 TXT Foo
 send
 EOF
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:sleeping 15 seconds for server to incorporate changes"
 sleep 15
 
 echo "I:fetching master copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 1 copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 2 copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:comparing post-update copies to known good data"
-$PERL ../digcomp.pl knowngood.after1 dig.out.ns1 || status=1
-$PERL ../digcomp.pl knowngood.after1 dig.out.ns2 || status=1
-$PERL ../digcomp.pl knowngood.after1 dig.out.ns3 || status=1
+ret=0
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns1 || ret=1
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns2 || ret=1
+$PERL ../digcomp.pl knowngood.after1 dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+
+echo "I:checking 'forwarding update for zone' is logged"
+ret=0
+grep "forwarding update for zone 'example/IN'" ns3/named.run > /dev/null || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:updating zone (unsigned)"
-$NSUPDATE -- - <<EOF || status=1
+ret=0
+$NSUPDATE -- - <<EOF || ret=1
 server 10.53.0.3 5300
 update add unsigned.example. 600 A 10.10.10.1
 update add unsigned.example. 600 TXT Foo
 send
 EOF
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:sleeping 15 seconds for server to incorporate changes"
 sleep 15
 
 echo "I:fetching master copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
+	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 1 copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
+	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:fetching slave 2 copy of zone after update"
+ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
-	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || status=1
+	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:comparing post-update copies to known good data"
-$PERL ../digcomp.pl knowngood.after2 dig.out.ns1 || status=1
-$PERL ../digcomp.pl knowngood.after2 dig.out.ns2 || status=1
-$PERL ../digcomp.pl knowngood.after2 dig.out.ns3 || status=1
+ret=0
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns1 || ret=1
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns2 || ret=1
+$PERL ../digcomp.pl knowngood.after2 dig.out.ns3 || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
 echo "I:checking update forwarding to dead master"
 count=0
diff --git a/bin/tests/system/zero/clean.sh b/bin/tests/system/zero/clean.sh
new file mode 100644
index 00000000..554577bf
--- /dev/null
+++ b/bin/tests/system/zero/clean.sh
@@ -0,0 +1,19 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+rm -f */named.run
+rm -f ns2/example.db
+rm -f ns4/example.bk
+rm -f dig.out*
+rm -f query.list
diff --git a/bin/tests/system/zero/ns1/named.conf b/bin/tests/system/zero/ns1/named.conf
new file mode 100644
index 00000000..1c8aabcc
--- /dev/null
+++ b/bin/tests/system/zero/ns1/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	acache-enable yes;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
+
diff --git a/bin/tests/system/zero/ns1/root.db b/bin/tests/system/zero/ns1/root.db
new file mode 100644
index 00000000..69aca86f
--- /dev/null
+++ b/bin/tests/system/zero/ns1/root.db
@@ -0,0 +1,24 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 300
+@	SOA ns1. hostmaster.warn.example. (
+	    1 3600 1200 604800 3600 )
+	NS  ns1.
+ns1. A 10.53.0.1
+;
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
+example. NS ns4.example.
+ns4.example. A 10.53.0.4
diff --git a/bin/tests/system/zero/ns2/named.conf b/bin/tests/system/zero/ns2/named.conf
new file mode 100644
index 00000000..86673b21
--- /dev/null
+++ b/bin/tests/system/zero/ns2/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion no;
+	acache-enable yes;
+};
+
+zone "example" {
+	type master;
+	file "example.db";
+};
+
diff --git a/bin/tests/system/zero/ns3/named.conf b/bin/tests/system/zero/ns3/named.conf
new file mode 100644
index 00000000..3af9fd95
--- /dev/null
+++ b/bin/tests/system/zero/ns3/named.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion yes;
+	acache-enable yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
diff --git a/bin/tests/system/zero/ns3/root.hint b/bin/tests/system/zero/ns3/root.hint
new file mode 100644
index 00000000..b67101d6
--- /dev/null
+++ b/bin/tests/system/zero/ns3/root.hint
@@ -0,0 +1,16 @@
+; Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+. NS ns1.
+ns1. A 10.53.0.1
diff --git a/bin/tests/system/zero/ns4/named.conf b/bin/tests/system/zero/ns4/named.conf
new file mode 100644
index 00000000..bceeb231
--- /dev/null
+++ b/bin/tests/system/zero/ns4/named.conf
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.4;
+	notify-source 10.53.0.4;
+	transfer-source 10.53.0.4;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.4; };
+	listen-on-v6 { none; };
+	recursion no;
+	acache-enable yes;
+};
+
+zone "example" {
+	type slave;
+	masters { 10.53.0.2; };
+	file "example.bk";
+};
+
diff --git a/bin/tests/system/zero/setup.sh b/bin/tests/system/zero/setup.sh
new file mode 100644
index 00000000..f5dd9c5f
--- /dev/null
+++ b/bin/tests/system/zero/setup.sh
@@ -0,0 +1,15 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+sh ../genzone.sh 2 4 | sed -e 's/^$TTL 3600$/$TTL 0 ; force TTL to zero/' -e 's/86400.IN SOA/0 SOA/' > ns2/example.db
diff --git a/bin/tests/system/zero/tests.sh b/bin/tests/system/zero/tests.sh
new file mode 100644
index 00000000..15c2906a
--- /dev/null
+++ b/bin/tests/system/zero/tests.sh
@@ -0,0 +1,48 @@
+# Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+echo "I:check lookups against zero TTL records"
+i=0
+passes=10
+$DIG -p 5300 @10.53.0.2 axfr example | 
+awk '$2 == "0" { print "-q", $1, $4; print "-q", "zzz"$1, $4;}' > query.list
+while [ $i -lt $passes ]
+do
+	ret=0
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.1 &
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.2 &
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.3 &
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.4 &
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.5 &
+	$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.6 &
+	wait
+	grep "status: SERVFAIL" dig.out$i.1 && ret=1
+	grep "status: SERVFAIL" dig.out$i.2 && ret=1
+	grep "status: SERVFAIL" dig.out$i.3 && ret=1
+	grep "status: SERVFAIL" dig.out$i.5 && ret=1
+	grep "status: SERVFAIL" dig.out$i.6 && ret=1
+	grep "status: SERVFAIL" dig.out$i.6 && ret=1
+	[ $ret = 1 ] && break
+	i=`expr $i + 1`
+	echo "I: successfully completed pass $i of $passes"
+done
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
author	Internet Software Consortium, Inc <@isc.org>	2013-08-14 06:35:21 -0600
committer	Internet Software Consortium, Inc <@isc.org>	2013-08-14 06:35:21 -0600
commit	ebbc86ee1eae2231a10e23f4cda592085dbc7eef (patch)
tree	8e373dd37c3b0a9fb113ff78f7a15dd19f6c0911 /bin/tests
parent	87c6fc212d37ddbeb388f8308377ae38de3061d9 (diff)
download	bind9-ebbc86ee1eae2231a10e23f4cda592085dbc7eef.tar.gz