diff options
Diffstat (limited to 'bin/tests')
56 files changed, 1617 insertions, 84 deletions
diff --git a/bin/tests/Makefile.in b/bin/tests/Makefile.in index 3af011df..93b63f1c 100644 --- a/bin/tests/Makefile.in +++ b/bin/tests/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.129 2007/06/19 23:46:59 tbox Exp $ +# $Id: Makefile.in,v 1.131 2008/09/25 04:02:38 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -62,6 +62,7 @@ XTARGETS = adb_test@EXEEXT@ \ gxba_test@EXEEXT@ \ gxbn_test@EXEEXT@ \ hash_test@EXEEXT@ \ + nsec3hash@EXEEXT@ \ fsaccess_test@EXEEXT@ \ inter_test@EXEEXT@ \ journalprint@EXEEXT@ \ @@ -285,6 +286,10 @@ cfg_test@EXEEXT@: cfg_test.@O@ ${ISCCFGDEPLIBS} ${ISCDEPLIBS} ${LIBTOOL_MODE_LINK} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ cfg_test.@O@ \ ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS} +nsec3hash@EXEEXT@: nsec3hash.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nsec3hash.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + distclean:: rm -f headerdep_test.sh diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index bcbf3f0c..9b0d90d2 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db_test.c,v 1.64 2007/06/19 23:46:59 tbox Exp $ */ +/* $Id: db_test.c,v 1.66 2008/09/25 04:02:38 tbox Exp $ */ -/*! \file +/*! \file * \author * Principal Author: Bob Halley */ @@ -177,8 +177,7 @@ list(dbinfo *dbi, char *seektext) { dns_db_currentversion(dbi->db, &dbi->iversion); } - result = dns_db_createiterator(dbi->db, ISC_FALSE, - &dbi->dbiterator); + result = dns_db_createiterator(dbi->db, 0, &dbi->dbiterator); if (result == ISC_R_SUCCESS) { if (seektext != NULL) { len = strlen(seektext); @@ -386,7 +385,7 @@ main(int argc, char *argv[]) { RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) == ISC_R_SUCCESS); - + strcpy(dbtype, "rbt"); while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT")) @@ -405,7 +404,7 @@ main(int argc, char *argv[]) { case 'g': options |= (DNS_DBFIND_GLUEOK|DNS_DBFIND_VALIDATEGLUE); break; - case 'l': + case 'l': RUNTIME_CHECK(isc_log_create(mctx, &lctx, NULL) == ISC_R_SUCCESS); isc_log_setcontext(lctx); diff --git a/bin/tests/dst/Makefile.in b/bin/tests/dst/Makefile.in index 965e22e6..9b317fc7 100644 --- a/bin/tests/dst/Makefile.in +++ b/bin/tests/dst/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.44.128.2 2008/08/22 23:46:32 tbox Exp $ +# $Id: Makefile.in,v 1.46 2008/05/19 23:47:03 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c index d6bffcb2..d5e5db74 100644 --- a/bin/tests/dst/t_dst.c +++ b/bin/tests/dst/t_dst.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_dst.c,v 1.53.128.2 2008/01/12 23:46:43 tbox Exp $ */ +/* $Id: t_dst.c,v 1.55 2008/01/12 23:47:13 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/inter_test.c b/bin/tests/inter_test.c index 4dc19a80..141467ca 100644 --- a/bin/tests/inter_test.c +++ b/bin/tests/inter_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: inter_test.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */ +/* $Id: inter_test.c,v 1.16 2008/03/20 23:47:00 tbox Exp $ */ /*! \file */ #include <config.h> @@ -83,6 +83,53 @@ main(int argc, char **argv) { } } isc_interfaceiter_destroy(&iter); + + fprintf(stdout, "\nPass 2\n\n"); + + result = isc_interfaceiter_create(mctx, &iter); + if (result != ISC_R_SUCCESS) + goto cleanup; + result = isc_interfaceiter_first(iter); + while (result == ISC_R_SUCCESS) { + result = isc_interfaceiter_current(iter, &ifdata); + if (result != ISC_R_SUCCESS) { + fprintf(stdout, "isc_interfaceiter_current: %s", + isc_result_totext(result)); + continue; + } + fprintf(stdout, "%s %d %x\n", ifdata.name, ifdata.af, + ifdata.flags); + INSIST(ifdata.af == AF_INET || ifdata.af == AF_INET6); + res = inet_ntop(ifdata.af, &ifdata.address.type, buf, + sizeof(buf)); + if (ifdata.address.zone != 0) + fprintf(stdout, "address = %s (zone %u)\n", + res == NULL ? "BAD" : res, + ifdata.address.zone); + else + fprintf(stdout, "address = %s\n", + res == NULL ? "BAD" : res); + INSIST(ifdata.address.family == ifdata.af); + res = inet_ntop(ifdata.af, &ifdata.netmask.type, buf, + sizeof(buf)); + fprintf(stdout, "netmask = %s\n", res == NULL ? "BAD" : res); + INSIST(ifdata.netmask.family == ifdata.af); + if ((ifdata.flags & INTERFACE_F_POINTTOPOINT) != 0) { + res = inet_ntop(ifdata.af, &ifdata.dstaddress.type, + buf, sizeof(buf)); + fprintf(stdout, "dstaddress = %s\n", + res == NULL ? "BAD" : res); + + INSIST(ifdata.dstaddress.family == ifdata.af); + } + result = isc_interfaceiter_next(iter); + if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) { + fprintf(stdout, "isc_interfaceiter_next: %s", + isc_result_totext(result)); + continue; + } + } + isc_interfaceiter_destroy(&iter); cleanup: isc_mem_destroy(&mctx); diff --git a/bin/tests/journalprint.c b/bin/tests/journalprint.c index e45470c2..d8bd72b3 100644 --- a/bin/tests/journalprint.c +++ b/bin/tests/journalprint.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,23 +15,57 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journalprint.c,v 1.12 2007/06/18 23:47:26 tbox Exp $ */ +/* $Id: journalprint.c,v 1.14 2008/09/25 04:02:38 tbox Exp $ */ /*! \file */ #include <config.h> +#include <isc/log.h> #include <isc/mem.h> #include <isc/util.h> #include <dns/journal.h> +#include <dns/log.h> +#include <dns/result.h> #include <dns/types.h> #include <stdlib.h> +/* + * Setup logging to use stderr. + */ +static isc_result_t +setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) { + isc_logdestination_t destination; + isc_logconfig_t *logconfig = NULL; + isc_log_t *log = NULL; + + RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS); + isc_log_setcontext(log); + dns_log_init(log); + dns_log_setcontext(log); + + destination.file.stream = errout; + destination.file.name = NULL; + destination.file.versions = ISC_LOG_ROLLNEVER; + destination.file.maximum_size = 0; + RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr", + ISC_LOG_TOFILEDESC, + ISC_LOG_DYNAMIC, + &destination, 0) == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", + NULL, NULL) == ISC_R_SUCCESS); + + *logp = log; + return (ISC_R_SUCCESS); +} + int main(int argc, char **argv) { char *file; isc_mem_t *mctx = NULL; + isc_result_t result; + isc_log_t *lctx = NULL; if (argc != 2) { printf("usage: %s journal\n", argv[0]); @@ -41,8 +75,12 @@ main(int argc, char **argv) { file = argv[1]; RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); + RUNTIME_CHECK(setup_logging(mctx, stderr, &lctx) == ISC_R_SUCCESS); - RUNTIME_CHECK(dns_journal_print(mctx, file, stdout) == ISC_R_SUCCESS); + result = dns_journal_print(mctx, file, stdout); + if (result == DNS_R_NOJOURNAL) + fprintf(stderr, "%s\n", dns_result_totext(result)); + isc_log_destroy(&lctx); isc_mem_detach(&mctx); - return(0); + return(result != ISC_R_SUCCESS ? 1 : 0); } diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c index 1c205f68..68ce53b8 100644 --- a/bin/tests/names/t_names.c +++ b/bin/tests/names/t_names.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_names.c,v 1.43.128.3 2008/01/17 23:46:36 tbox Exp $ */ +/* $Id: t_names.c,v 1.46 2008/01/18 23:46:57 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/nsec3hash.c b/bin/tests/nsec3hash.c new file mode 100644 index 00000000..4a4a782e --- /dev/null +++ b/bin/tests/nsec3hash.c @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: nsec3hash.c,v 1.4 2008/09/26 01:31:19 marka Exp $ */ + +#include <config.h> + +#include <stdlib.h> +#include <stdarg.h> + +#include <isc/base32.h> +#include <isc/buffer.h> +#include <isc/hex.h> +#include <isc/iterated_hash.h> +#include <isc/print.h> +#include <isc/result.h> +#include <isc/string.h> +#include <isc/types.h> + +#include <dns/fixedname.h> +#include <dns/name.h> +#include <dns/types.h> + +const char *program = "nsec3hash"; + +static void +fatal(const char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", program); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} + +static void +check_result(isc_result_t result, const char *message) { + if (result != ISC_R_SUCCESS) + fatal("%s: %s", message, isc_result_totext(result)); +} + +static void +usage() { + fatal("salt hash iterations domain"); +} + +int +main(int argc, char **argv) { + dns_fixedname_t fixed; + dns_name_t *name; + isc_buffer_t buffer; + isc_region_t region; + isc_result_t result; + unsigned char hash[NSEC3_MAX_HASH_LENGTH]; + unsigned char salt[255]; + unsigned char text[1024]; + unsigned int hash_alg; + unsigned int length; + unsigned int iterations; + unsigned int salt_length; + + if (argc != 5) + usage(); + + if (strcmp(argv[1], "-") == 0) { + salt_length = 0; + salt[0] = 0; + } else { + isc_buffer_init(&buffer, salt, sizeof(salt)); + result = isc_hex_decodestring(argv[1], &buffer); + check_result(result, "isc_hex_decodestring(salt)"); + salt_length = isc_buffer_usedlength(&buffer); + if (salt_length > 255U) + fatal("salt too long"); + } + hash_alg = atoi(argv[2]); + if (hash_alg > 255U) + fatal("hash algorithm too large"); + iterations = atoi(argv[3]); + if (iterations > 0xffffU) + fatal("iterations to large"); + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + isc_buffer_init(&buffer, argv[4], strlen(argv[4])); + isc_buffer_add(&buffer, strlen(argv[4])); + result = dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL); + check_result(result, "dns_name_fromtext() failed"); + + dns_name_downcase(name, name, NULL); + length = isc_iterated_hash(hash, hash_alg, iterations, salt, + salt_length, name->ndata, name->length); + if (length == 0) + fatal("isc_iterated_hash failed"); + region.base = hash; + region.length = length; + isc_buffer_init(&buffer, text, sizeof(text)); + isc_base32hex_totext(®ion, 1, "", &buffer); + fprintf(stdout, "%.*s (salt=%s, hash=%u, iterations=%u)\n", + (int)isc_buffer_usedlength(&buffer), text, argv[1], hash_alg, iterations); + return(0); +} diff --git a/bin/tests/nsecify.c b/bin/tests/nsecify.c index abc447e8..2e055c66 100644 --- a/bin/tests/nsecify.c +++ b/bin/tests/nsecify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsecify.c,v 1.6 2007/06/19 23:46:59 tbox Exp $ */ +/* $Id: nsecify.c,v 1.8 2008/09/25 04:02:38 tbox Exp $ */ #include <config.h> @@ -154,7 +154,7 @@ nsecify(char *filename) { result = dns_db_newversion(db, &wversion); check_result(result, "dns_db_newversion()"); dbiter = NULL; - result = dns_db_createiterator(db, ISC_FALSE, &dbiter); + result = dns_db_createiterator(db, 0, &dbiter); check_result(result, "dns_db_createiterator()"); result = dns_dbiterator_first(dbiter); node = NULL; diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c index 6025a506..f36bbee0 100644 --- a/bin/tests/sig0_test.c +++ b/bin/tests/sig0_test.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sig0_test.c,v 1.15.128.2 2008/07/22 23:46:34 tbox Exp $ */ +/* $Id: sig0_test.c,v 1.17 2008/07/22 23:47:04 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c index 5539511e..c9612f78 100644 --- a/bin/tests/sock_test.c +++ b/bin/tests/sock_test.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sock_test.c,v 1.52.128.3 2008/07/23 23:31:17 marka Exp $ */ +/* $Id: sock_test.c,v 1.55 2008/07/23 23:27:54 marka Exp $ */ #include <config.h> diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index d6c1dea9..ef8fc582 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.29 2007/06/19 23:47:00 tbox Exp $ +# $Id: Makefile.in,v 1.31 2008/09/25 04:02:38 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -34,7 +34,7 @@ check: test test: subdirs if test -f ./runall.sh; then sh ./runall.sh; fi -clean distclean:: +testclean clean distclean:: if test -f ./cleanall.sh; then sh ./cleanall.sh; fi distclean:: diff --git a/bin/tests/system/acl/clean.sh b/bin/tests/system/acl/clean.sh index b407cbf1..80ce5168 100644 --- a/bin/tests/system/acl/clean.sh +++ b/bin/tests/system/acl/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.2.2 2008/01/10 23:46:34 tbox Exp $ +# $Id: clean.sh,v 1.3 2008/01/10 23:47:01 tbox Exp $ # # Clean up after zone transfer tests. diff --git a/bin/tests/system/acl/ns2/named1.conf b/bin/tests/system/acl/ns2/named1.conf index 1b80f9cb..b70d1dd7 100644 --- a/bin/tests/system/acl/ns2/named1.conf +++ b/bin/tests/system/acl/ns2/named1.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named1.conf,v 1.2.2.1 2008/01/10 01:35:37 marka Exp $ */ +/* $Id: named1.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/acl/ns2/named2.conf b/bin/tests/system/acl/ns2/named2.conf index aea7b902..bcd7e0df 100644 --- a/bin/tests/system/acl/ns2/named2.conf +++ b/bin/tests/system/acl/ns2/named2.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named2.conf,v 1.2.2.2 2008/01/21 21:02:23 each Exp $ */ +/* $Id: named2.conf,v 1.3 2008/01/21 20:38:54 each Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/acl/ns2/named3.conf b/bin/tests/system/acl/ns2/named3.conf index 1c41f128..ea2cbcb4 100644 --- a/bin/tests/system/acl/ns2/named3.conf +++ b/bin/tests/system/acl/ns2/named3.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named3.conf,v 1.2.2.1 2008/01/10 01:35:37 marka Exp $ */ +/* $Id: named3.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/acl/ns2/named4.conf b/bin/tests/system/acl/ns2/named4.conf index 91e7ff62..99edf7eb 100644 --- a/bin/tests/system/acl/ns2/named4.conf +++ b/bin/tests/system/acl/ns2/named4.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named4.conf,v 1.2.2.1 2008/01/10 01:35:37 marka Exp $ */ +/* $Id: named4.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/acl/setup.sh b/bin/tests/system/acl/setup.sh index 0b7e5333..9cc07f17 100644 --- a/bin/tests/system/acl/setup.sh +++ b/bin/tests/system/acl/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.2.2.2 2008/01/10 23:46:34 tbox Exp $ +# $Id: setup.sh,v 1.3 2008/01/10 23:47:01 tbox Exp $ sh ../genzone.sh 2 3 >ns2/example.db sh ../genzone.sh 2 3 >ns2/tsigzone.db diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh index bf43da09..8d2d5640 100644 --- a/bin/tests/system/acl/tests.sh +++ b/bin/tests/system/acl/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.3 2008/07/19 00:04:20 each Exp $ +# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 3739831d..23b31f10 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: conf.sh.in,v 1.37.128.2 2008/01/10 23:46:34 tbox Exp $ +# $Id: conf.sh.in,v 1.39 2008/01/10 23:47:01 tbox Exp $ # # Common configuration data for system tests, to be sourced into diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 2df940d3..3f207d5c 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,9 +15,9 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.21 2007/10/30 23:56:09 marka Exp $ +# $Id: clean.sh,v 1.23 2008/09/25 04:02:38 tbox Exp $ -rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* +rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk rm -f ns1/root.db ns2/example.db ns3/secure.example.db rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl @@ -26,4 +26,13 @@ rm -f */example.bk rm -f dig.out.* rm -f random.data rm -f ns2/dlv.db +rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db +rm -f ns3/optout-unknown.example.db ns3/optout.example.db +rm -f ns7/multiple.example.bk ns7/nsec3.example.bk ns7/optout.example.bk rm -f */named.memstats +rm -f ns3/nsec3.nsec3.example.db +rm -f ns3/nsec3.optout.example.db +rm -f ns3/optout.nsec3.example.db +rm -f ns3/optout.optout.example.db +rm -f ns3/secure.nsec3.example.db +rm -f ns3/secure.optout.example.db diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index fe8d1c36..9bc0ddda 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.23 2007/06/19 23:47:02 tbox Exp $ +# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -53,3 +53,4 @@ cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf cp trusted.conf ../ns6/trusted.conf +cp trusted.conf ../ns7/trusted.conf diff --git a/bin/tests/system/dnssec/ns2/child.nsec3.example.db b/bin/tests/system/dnssec/ns2/child.nsec3.example.db new file mode 100644 index 00000000..c432b062 --- /dev/null +++ b/bin/tests/system/dnssec/ns2/child.nsec3.example.db @@ -0,0 +1,25 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: child.nsec3.example.db,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2006081400 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/child.optout.example.db b/bin/tests/system/dnssec/ns2/child.optout.example.db new file mode 100644 index 00000000..feb73a43 --- /dev/null +++ b/bin/tests/system/dnssec/ns2/child.optout.example.db @@ -0,0 +1,25 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: child.optout.example.db,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2006081400 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index 531b3632..c2b5e987 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2000-2002 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db.in,v 1.17 2007/06/19 23:47:02 tbox Exp $ +; $Id: example.db.in,v 1.19 2008/09/25 04:02:38 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -79,4 +79,19 @@ z A 10.0.0.26 keyless NS ns.keyless ns.keyless A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 + +optout NS ns.optout +ns.optout A 10.53.0.3 + +nsec3-unknown NS ns.nsec3-unknown +ns.nsec3-unknown A 10.53.0.3 + +optout-unknown NS ns.optout-unknown +ns.optout-unknown A 10.53.0.3 + +multiple NS ns.multiple +ns.multiple A 10.53.0.3 + *.wild A 10.0.0.27 diff --git a/bin/tests/system/dnssec/ns2/named.conf b/bin/tests/system/dnssec/ns2/named.conf index 4a884507..31604130 100644 --- a/bin/tests/system/dnssec/ns2/named.conf +++ b/bin/tests/system/dnssec/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.28 2007/06/19 23:47:02 tbox Exp $ */ +/* $Id: named.conf,v 1.30 2008/09/25 04:02:38 tbox Exp $ */ // NS2 @@ -68,5 +68,16 @@ zone "rfc2335.example" { file "rfc2335.example.db"; }; +zone "child.nsec3.example" { + type master; + file "child.nsec3.example.db"; + allow-update { none; }; +}; + +zone "child.optout.example" { + type master; + file "child.optout.example.db"; + allow-update { none; }; +}; include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index 61b0119f..4389678c 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.28 2007/06/19 23:47:02 tbox Exp $ +# $Id: sign.sh,v 1.30 2008/09/25 04:02:38 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -30,7 +30,7 @@ zonefile=example.db ( cd ../ns3 && sh sign.sh ) -for subdomain in secure bogus dynamic keyless +for subdomain in secure bogus dynamic keyless nsec3 optout nsec3-unknown optout-unknown multiple do cp ../ns3/keyset-$subdomain.example. . done diff --git a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db new file mode 100644 index 00000000..4518c2de --- /dev/null +++ b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db @@ -0,0 +1,31 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: insecure.nsec3.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.optout.example.db b/bin/tests/system/dnssec/ns3/insecure.optout.example.db new file mode 100644 index 00000000..0a3a45da --- /dev/null +++ b/bin/tests/system/dnssec/ns3/insecure.optout.example.db @@ -0,0 +1,31 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: insecure.optout.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/multiple.example.db.in b/bin/tests/system/dnssec/ns3/multiple.example.db.in new file mode 100644 index 00000000..c805a3e8 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/multiple.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: multiple.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf index 4d78e745..38f4ad02 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.31 2007/06/19 23:47:02 tbox Exp $ */ +/* $Id: named.conf,v 1.33 2008/09/25 04:02:38 tbox Exp $ */ // NS3 @@ -70,11 +70,81 @@ zone "insecure.example" { allow-update { any; }; }; +zone "insecure.nsec3.example" { + type master; + file "insecure.nsec3.example.db"; + allow-update { any; }; +}; + +zone "insecure.optout.example" { + type master; + file "insecure.optout.example.db"; + allow-update { any; }; +}; + zone "keyless.example" { type master; file "keyless.example.db.signed"; }; +zone "nsec3.example" { + type master; + file "nsec3.example.db.signed"; +}; + +zone "optout.nsec3.example" { + type master; + file "optout.nsec3.example.db.signed"; +}; + +zone "nsec3.nsec3.example" { + type master; + file "nsec3.nsec3.example.db.signed"; +}; + +zone "secure.nsec3.example" { + type master; + file "secure.nsec3.example.db.signed"; +}; + +zone "optout.example" { + type master; + file "optout.example.db.signed"; +}; + +zone "secure.optout.example" { + type master; + file "secure.optout.example.db.signed"; +}; + +zone "nsec3.optout.example" { + type master; + file "nsec3.optout.example.db.signed"; +}; + +zone "optout.optout.example" { + type master; + file "optout.optout.example.db.signed"; +}; + +zone "nsec3-unknown.example" { + type master; + nsec3-test-zone yes; + file "nsec3-unknown.example.db.signed"; +}; + +zone "optout-unknown.example" { + type master; + nsec3-test-zone yes; + file "optout-unknown.example.db.signed"; +}; + +zone "multiple.example" { + type master; + file "multiple.example.db.signed"; + allow-update { any; }; +}; + zone "mustbesecure.example" { type master; file "mustbesecure.example.db"; diff --git a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in new file mode 100644 index 00000000..ffdd3e30 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.example.db.in new file mode 100644 index 00000000..97ac59c4 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.example.db.in @@ -0,0 +1,43 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +child NS ns2.example. +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in new file mode 100644 index 00000000..ca5b6e82 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in new file mode 100644 index 00000000..fd766e77 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in new file mode 100644 index 00000000..b001555b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.example.db.in new file mode 100644 index 00000000..e41d15b9 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.example.db.in @@ -0,0 +1,45 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +child NS ns2.example. +insecure.empty NS ns.insecure.empty +ns.insecure.empty A 10.53.0.3 +foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in new file mode 100644 index 00000000..150c386f --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in new file mode 100644 index 00000000..91b5b899 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in index fe0559ba..9cd4d6f8 100644 --- a/bin/tests/system/dnssec/ns3/secure.example.db.in +++ b/bin/tests/system/dnssec/ns3/secure.example.db.in @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2000, 2001 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: secure.example.db.in,v 1.11 2007/06/19 23:47:02 tbox Exp $ +; $Id: secure.example.db.in,v 1.13 2008/09/25 04:02:38 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -30,6 +30,7 @@ a A 10.0.0.1 b A 10.0.0.2 d A 10.0.0.4 z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 x CNAME a private NS ns.private diff --git a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in new file mode 100644 index 00000000..92e720b0 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: secure.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in new file mode 100644 index 00000000..d1ac6afc --- /dev/null +++ b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: secure.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 69651ea0..eb362aa9 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,10 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.23 2007/06/19 23:47:02 tbox Exp $ +# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh RANDFILE=../random.data @@ -66,3 +69,156 @@ mv $zonefile.signed $zonefile.tmp <$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/ if /^a.b.keyless.example/../NXT/;' >$zonefile.signed rm -f $zonefile.tmp + +# +# NSEC3/NSEC test zone +# +zone=secure.nsec3.example. +infile=secure.nsec3.example.db.in +zonefile=secure.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# NSEC3/NSEC3 test zone +# +zone=nsec3.nsec3.example. +infile=nsec3.nsec3.example.db.in +zonefile=nsec3.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=optout.nsec3.example. +infile=optout.nsec3.example.db.in +zonefile=optout.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout). +# +zone=nsec3.example. +infile=nsec3.example.db.in +zonefile=nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC test zone +# +zone=secure.optout.example. +infile=secure.optout.example.db.in +zonefile=secure.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=nsec3.optout.example. +infile=nsec3.optout.example.db.in +zonefile=nsec3.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/OPTOUT test zone +# +zone=optout.optout.example. +infile=optout.optout.example.db.in +zonefile=optout.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout.example. +infile=optout.example.db.in +zonefile=optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout) with unknown hash algorithm. +# +zone=nsec3-unknown.example. +infile=nsec3-unknown.example.db.in +zonefile=nsec3-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout-unknown.example. +infile=optout-unknown.example.db.in +zonefile=optout-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A multiple parameter nsec3 zone. +# +zone=multiple.example. +infile=multiple.example.db.in +zonefile=multiple.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null diff --git a/bin/tests/system/dnssec/ns7/named.conf b/bin/tests/system/dnssec/ns7/named.conf new file mode 100644 index 00000000..0b5ce899 --- /dev/null +++ b/bin/tests/system/dnssec/ns7/named.conf @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2008/09/25 04:02:38 tbox Exp $ */ + +// NS3 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.7; + notify-source 10.53.0.7; + transfer-source 10.53.0.7; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.7; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "nsec3.example" { + type slave; + masters { 10.53.0.3; }; + file "nsec3.example.bk"; +}; + +zone "optout.example" { + type slave; + masters { 10.53.0.3; }; + file "optout.example.bk"; +}; + +zone "nsec3-unknown.example" { + type slave; + masters { 10.53.0.3; }; + file "nsec3-unknown.example.bk"; +}; + +zone "optout-unknown.example" { + type slave; + masters { 10.53.0.3; }; + file "optout-unknown.example.bk"; +}; + +zone "multiple.example" { + type slave; + masters { 10.53.0.3; }; + file "multiple.example.bk"; +}; + +include "trusted.conf"; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index e676cb01..57faa637 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.51 2007/06/19 23:47:02 tbox Exp $ +# $Id: tests.sh,v 1.53 2008/09/25 04:02:38 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -38,7 +38,7 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation ($n)" +echo "I:checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -48,39 +48,181 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking positive wildcard validation ($n)" +echo "I:checking positive validation NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking positive validation OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking positive wildcard validation NSEC ($n)" ret=0 $DIG $DIGOPTS a.wild.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS a.wild.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking positive wildcard validation NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking positive wildcard validation OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS a.wild.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS a.wild.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation ($n)" +echo "I:checking negative validation NXDOMAIN NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative validation NXDOMAIN NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth q.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth q.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative validation NXDOMAIN OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth q.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth q.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative validation NODATA NSEC ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 +$DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative validation NODATA NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative validation NODATA OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking negative wildcard validation ($n)" +echo "I:checking negative wildcard validation NSEC ($n)" ret=0 $DIG $DIGOPTS b.wild.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS b.wild.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative wildcard validation NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking negative wildcard validation OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS b.wild.optout.example. \ + @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS b.wild.optout.example. \ + @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` # Check the insecure.example domain -echo "I:checking 1-server insecurity proof ($n)" +echo "I:checking 1-server insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -92,7 +234,31 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking 1-server negative insecurity proof ($n)" +echo "I:checking 1-server insecurity proof NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server insecurity proof OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server negative insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -106,7 +272,35 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:checking 1-server negative insecurity proof with SOA hack ($n)" +echo "I:checking 1-server negative insecurity proof NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS q.insecure.nsec3.example. a @10.53.0.3 \ + > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS q.insecure.nsec3.example. a @10.53.0.4 \ + > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server negative insecurity proof OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS q.insecure.optout.example. a @10.53.0.3 \ + > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS q.insecure.optout.example. a @10.53.0.4 \ + > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server negative insecurity proof with SOA hack NSEC ($n)" ret=0 $DIG $DIGOPTS r.insecure.example. soa @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -114,6 +308,37 @@ $DIG $DIGOPTS r.insecure.example. soa @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server negative insecurity proof with SOA hack NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS r.insecure.nsec3.example. soa @10.53.0.3 \ + > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS r.insecure.nsec3.example. soa @10.53.0.4 \ + > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 +# Note - this is looking for failure, hence the && +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking 1-server negative insecurity proof with SOA hack OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS r.insecure.optout.example. soa @10.53.0.3 \ + > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS r.insecure.optout.example. soa @10.53.0.4 \ + > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -122,16 +347,136 @@ status=`expr $status + $ret` # Check the secure.example domain -echo "I:checking multi-stage positive validation ($n)" +echo "I:checking multi-stage positive validation NSEC/NSEC ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.secure.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.secure.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation NSEC/NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation NSEC/OPTOUT ($n)" ret=0 -$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 -$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation NSEC3/NSEC ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.secure.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.secure.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation NSEC3/NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation NSEC3/OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.optout.nsec3.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.nsec3.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation OPTOUT/NSEC ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.secure.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.secure.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation OPTOUT/NSEC3 ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.nsec3.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.nsec3.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking multi-stage positive validation OPTOUT/OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth a.optout.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth a.optout.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking empty NODATA OPTOUT ($n)" +ret=0 +$DIG $DIGOPTS +noauth empty.optout.example. \ + @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth empty.optout.example. \ + @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +#grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + # Check the bogus domain echo "I:checking failed validation ($n)" diff --git a/bin/tests/system/ifconfig.sh b/bin/tests/system/ifconfig.sh index 1f65667d..779d6f95 100755 --- a/bin/tests/system/ifconfig.sh +++ b/bin/tests/system/ifconfig.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ifconfig.sh,v 1.51.128.3 2008/07/25 20:43:57 fdupont Exp $ +# $Id: ifconfig.sh,v 1.55 2008/09/24 02:46:21 marka Exp $ # # Set up interface aliases for bind9 system tests. @@ -57,7 +57,7 @@ esac case "$1" in start|up) - for ns in 1 2 3 4 5 6 + for ns in 1 2 3 4 5 6 7 do if test -n "$base" then @@ -120,7 +120,7 @@ case "$1" in ;; stop|down) - for ns in 6 5 4 3 2 1 + for ns in 7 6 5 4 3 2 1 do if test -n "$base" then diff --git a/bin/tests/system/lwresd/clean.sh b/bin/tests/system/lwresd/clean.sh new file mode 100644 index 00000000..107a0209 --- /dev/null +++ b/bin/tests/system/lwresd/clean.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.1 2008/07/17 01:14:16 marka Exp $ + +# +# Clean up after lwresd tests. +# +rm -f */named.memstats diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c index e3ded8a0..534e9992 100644 --- a/bin/tests/system/lwresd/lwtest.c +++ b/bin/tests/system/lwresd/lwtest.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwtest.c,v 1.29.60.2 2008/01/14 23:46:28 tbox Exp $ */ +/* $Id: lwtest.c,v 1.32 2008/04/02 02:37:42 marka Exp $ */ #include <config.h> @@ -764,7 +764,7 @@ main(void) { test_getrrsetbyname("a.example1.", 1, 1, 1, 0, 1); test_getrrsetbyname("e.example1.", 1, 1, 1, 1, 1); test_getrrsetbyname("e.example1.", 1, 255, 1, 1, 0); - test_getrrsetbyname("e.example1.", 1, 46, 1, 0, 1); + test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1); test_getrrsetbyname("", 1, 1, 0, 0, 0); if (fails == 0) diff --git a/bin/tests/system/lwresd/ns1/e.example1.db b/bin/tests/system/lwresd/ns1/e.example1.db new file mode 100644 index 00000000..2d9587c4 --- /dev/null +++ b/bin/tests/system/lwresd/ns1/e.example1.db @@ -0,0 +1,54 @@ +; File written on Wed Mar 5 10:20:40 2008 +; dnssec_signzone version 9.3.4-P1 +e.example1. 300 IN SOA mname1. . ( + 2002082210 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + 300 RRSIG SOA 5 2 300 20010101000000 ( + 20000101000000 14043 e.example1. + KtYwrnKM7Tu53BNf8XuTix53r9kDdCneJ1X7 + xklFbp4YjRKC3NhwVK9PFe0jdHOkIDMtrwxn + n7/Rp07xIyURqw== ) + 300 NS ns.e.example1. + 300 RRSIG NS 5 2 300 20010101000000 ( + 20000101000000 14043 e.example1. + KBPx3XmNl4swVPdwuUEFuzZedMSfsyK2a0Fu + o2wBnbCuS7G7DtfW9690lP/eTyixLOIwlFLQ + MrjN3+XgpkdgIw== ) + 300 A 10.0.1.1 + 300 RRSIG A 5 2 300 20010101000000 ( + 20000101000000 14043 e.example1. + KYlxMQUvv8DQtVgS23lNL5tFYmRppJ7vTgH3 + btvgKbyHxW/04ewRsgCa82iu3iJipdEhKM11 + ALkRNhqL7frnig== ) + 3600 NSEC ns.e.example1. A NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 5 2 3600 20010101000000 ( + 20000101000000 14043 e.example1. + azSgagb7bldM06qSZg8nDZWOY2FbqeZY0/T8 + nC+6VhCs7YTfNvXynLWmvmpqL7gVT6/O+Yi2 + 2lmdntld7GORrQ== ) + 300 DNSKEY 256 3 5 ( + AwEAAcvAUMfH7wA0z077fJaF7RMrxAFyvo0/ + 7aAL4d2/yA5TqTaUCVnJtE+XgGO34kH9mwae + we+Nyv2kRWDeLl6nhGk= + ) ; key id = 14043 + 300 RRSIG DNSKEY 5 2 300 20010101000000 ( + 20000101000000 14043 e.example1. + BQFWOHopXuBNdzcopkdl1YVKGF0QvIaYpywM + fcpG5gi+sy9EoTofQ1UGsLOjU3nFXCvJFG4K + 1gUhzEEti440/g== ) +ns.e.example1. 300 IN A 10.53.0.1 + 300 RRSIG A 5 3 300 20010101000000 ( + 20000101000000 14043 e.example1. + cYPzsWNQ/eL4h2lihKRjKT2jhGpOqV9woGJA + /Jstx2iethOAvYtgY22CsAbCUr/6E4bSgBZR + TMoC604cNdFzIw== ) + 3600 NSEC e.example1. A RRSIG NSEC + 3600 RRSIG NSEC 5 3 3600 20010101000000 ( + 20000101000000 14043 e.example1. + J8Md544zDLP4GjyAtkjH/rSFvpzXY/7bgJRS + YDoARwFQRmlrJvavXEjqElb2fTQqlNNz1cal + QROz/WJ3GLwOWw== ) diff --git a/bin/tests/system/lwresd/ns1/example1.db b/bin/tests/system/lwresd/ns1/example1.db index 5a24410f..16a53f43 100644 --- a/bin/tests/system/lwresd/ns1/example1.db +++ b/bin/tests/system/lwresd/ns1/example1.db @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2000-2003 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example1.db,v 1.17 2007/06/19 23:47:04 tbox Exp $ +; $Id: example1.db,v 1.19 2008/04/02 23:46:57 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -32,7 +32,4 @@ a3 CNAME nowhere b AAAA eeee:eeee:eeee:eeee:ffff:ffff:ffff:ffff 8.8.7.7 DNAME net 0.0.f.f.e.e.d.d.c.c.b.b.a.a.9.9.net PTR dname -e A 10.0.1.1 - RRSIG A 1 1 300 20001202003412 ( - 20001102003412 1 example. abcd ) - +e NS ns.e diff --git a/bin/tests/system/lwresd/ns1/named.conf b/bin/tests/system/lwresd/ns1/named.conf index 54a272ef..2d649c79 100644 --- a/bin/tests/system/lwresd/ns1/named.conf +++ b/bin/tests/system/lwresd/ns1/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.19 2007/06/19 23:47:04 tbox Exp $ */ +/* $Id: named.conf,v 1.21 2008/04/02 23:46:57 tbox Exp $ */ controls { /* empty */ }; @@ -43,6 +43,11 @@ zone "example1." { file "example1.db"; }; +zone "e.example1." { + type master; + file "e.example1.db"; +}; + zone "example2." { type master; file "example2.db"; diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh new file mode 100644 index 00000000..c79da928 --- /dev/null +++ b/bin/tests/system/resolver/clean.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.1 2008/07/17 01:15:34 marka Exp $ + +# +# Clean up after resolver tests. +# +rm -f */named.memstats diff --git a/bin/tests/system/rrsetorder/clean.sh b/bin/tests/system/rrsetorder/clean.sh index dd2dc114..d5b245cc 100644 --- a/bin/tests/system/rrsetorder/clean.sh +++ b/bin/tests/system/rrsetorder/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.6.46.2 2008/04/24 23:46:29 tbox Exp $ +# $Id: clean.sh,v 1.8 2008/04/24 23:46:59 tbox Exp $ rm -f dig.out.cyclic dig.out.fixed dig.out.random rm -f dig.out.0 dig.out.1 dig.out.2 dig.out.3 diff --git a/bin/tests/system/rrsetorder/tests.sh b/bin/tests/system/rrsetorder/tests.sh index cf38a703..76bfe9ac 100644 --- a/bin/tests/system/rrsetorder/tests.sh +++ b/bin/tests/system/rrsetorder/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5.128.2 2008/04/24 23:46:29 tbox Exp $ +# $Id: tests.sh,v 1.7 2008/04/24 23:46:59 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl index b22f74ce..1f461b50 100644 --- a/bin/tests/system/start.pl +++ b/bin/tests/system/start.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -w # -# Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: start.pl,v 1.11 2007/06/19 23:47:00 tbox Exp $ +# $Id: start.pl,v 1.13 2008/01/02 23:47:01 tbox Exp $ # Framework for starting test servers. # Based on the type of server specified, check for port availability, remove @@ -129,7 +129,9 @@ sub start_server { if ($options) { $command .= "$options"; } else { - $command .= "-m record,size,mctx -c named.conf -d 99 -g"; + $command .= "-m record,size,mctx "; + $command .= "-T clienttest "; + $command .= "-c named.conf -d 99 -g"; } $command .= " >named.run 2>&1 &"; $pid_file = "named.pid"; @@ -139,7 +141,10 @@ sub start_server { if ($options) { $command .= "$options"; } else { - $command .= "-m record,size,mctx -C resolv.conf -d 99 -g -i lwresd.pid -P 9210 -p 5300"; + $command .= "-m record,size,mctx "; + $command .= "-T clienttest "; + $command .= "-C resolv.conf -d 99 -g "; + $command .= "-i lwresd.pid -P 9210 -p 5300"; } $command .= " >lwresd.run 2>&1 &"; $pid_file = "lwresd.pid"; diff --git a/bin/tests/timers/t_timers.c b/bin/tests/timers/t_timers.c index 33a97d77..7705364b 100644 --- a/bin/tests/timers/t_timers.c +++ b/bin/tests/timers/t_timers.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_timers.c,v 1.26.128.2 2008/01/12 23:46:43 tbox Exp $ */ +/* $Id: t_timers.c,v 1.28 2008/01/12 23:47:13 tbox Exp $ */ #include <config.h> |