From 3f5a3d99feca79b1338646e936a2ee7a5862a43a Mon Sep 17 00:00:00 2001 From: "Internet Software Consortium, Inc" <@isc.org> Date: Wed, 12 Jun 2013 10:32:09 -0600 Subject: 9.9.3rc2 --- CHANGES | 42 +- bin/check/named-checkconf.c | 14 +- bin/check/named-checkzone.8 | 12 +- bin/check/named-checkzone.c | 20 +- bin/check/named-checkzone.docbook | 17 +- bin/check/named-checkzone.html | 21 +- bin/named/config.c | 1 + bin/named/server.c | 8 +- bin/named/unix/dlz_dlopen_driver.c | 12 +- bin/named/xfrout.c | 16 +- bin/named/zoneconf.c | 11 + bin/nsupdate/nsupdate.c | 4 +- bin/python/dnssec-coverage.8 | 121 + bin/python/dnssec-coverage.html | 167 + bin/tests/db_test.c | 7 +- bin/tests/shutdown_test.c | 10 +- bin/tests/sock_test.c | 10 +- bin/tests/system/checkzone/tests.sh | 14 + bin/tests/system/checkzone/zones/spf.db | 21 + bin/tests/system/conf.sh.in | 2 +- bin/tests/system/dlz/tests.sh | 32 +- bin/tests/system/dlzexternal/tests.sh | 1 + bin/tests/system/redirect/clean.sh | 4 +- bin/tests/system/redirect/ns2/example.db.in | 19 + bin/tests/system/redirect/ns2/named.conf | 16 +- bin/tests/system/redirect/ns2/redirect.db | 25 - bin/tests/system/redirect/ns2/redirect.db.in | 23 + bin/tests/system/redirect/setup.sh | 4 +- bin/tests/system/redirect/tests.sh | 18 +- bin/tests/system/spf/clean.sh | 16 + bin/tests/system/spf/ns1/named.conf | 47 + bin/tests/system/spf/ns1/spf.db | 21 + bin/tests/system/spf/tests.sh | 45 + bin/tests/system/unknown/clean.sh | 4 +- bin/tests/system/unknown/tests.sh | 13 +- bin/tests/system/unknown/zones/nan.bad | 15 + bin/tests/task_test.c | 10 +- bin/tests/timer_test.c | 10 +- bin/tools/isc-hmac-fixup.8 | 6 +- bin/tools/isc-hmac-fixup.docbook | 5 +- bin/tools/isc-hmac-fixup.html | 10 +- contrib/check5011.pl | 8 +- doc/arm/Bv9ARM-book.xml | 61 + doc/arm/Bv9ARM.ch04.html | 96 +- doc/arm/Bv9ARM.ch06.html | 136 +- doc/arm/Bv9ARM.ch07.html | 12 +- doc/arm/Bv9ARM.ch08.html | 16 +- doc/arm/Bv9ARM.ch09.html | 218 +- doc/arm/Bv9ARM.html | 96 +- doc/arm/Bv9ARM.pdf | 10634 ++++++++++++------------- doc/arm/man.arpaname.html | 6 +- doc/arm/man.ddns-confgen.html | 8 +- doc/arm/man.dig.html | 18 +- doc/arm/man.dnssec-dsfromkey.html | 14 +- doc/arm/man.dnssec-keyfromlabel.html | 12 +- doc/arm/man.dnssec-keygen.html | 14 +- doc/arm/man.dnssec-revoke.html | 8 +- doc/arm/man.dnssec-settime.html | 12 +- doc/arm/man.dnssec-signzone.html | 10 +- doc/arm/man.dnssec-verify.html | 8 +- doc/arm/man.genrandom.html | 8 +- doc/arm/man.host.html | 8 +- doc/arm/man.isc-hmac-fixup.html | 8 +- doc/arm/man.named-checkconf.html | 10 +- doc/arm/man.named-checkzone.html | 21 +- doc/arm/man.named-journalprint.html | 6 +- doc/arm/man.named.html | 14 +- doc/arm/man.nsec3hash.html | 8 +- doc/arm/man.nsupdate.html | 12 +- doc/arm/man.rndc-confgen.html | 10 +- doc/arm/man.rndc.conf.html | 10 +- doc/arm/man.rndc.html | 10 +- doc/misc/options | 4 + isc-config.sh.in | 18 +- lib/dns/acache.c | 22 +- lib/dns/api | 4 +- lib/dns/client.c | 10 +- lib/dns/include/dns/acache.h | 5 +- lib/dns/include/dns/message.h | 26 +- lib/dns/include/dns/types.h | 3 +- lib/dns/include/dns/zone.h | 1 + lib/dns/message.c | 94 +- lib/dns/rbtdb.c | 12 +- lib/dns/rdata.c | 6 +- lib/dns/rdata/generic/eui48_108.c | 2 +- lib/dns/rdata/generic/eui64_109.c | 2 +- lib/dns/resolver.c | 148 +- lib/dns/rootns.c | 3 +- lib/dns/zone.c | 89 +- lib/export/samples/nsprobe.c | 28 +- lib/export/samples/sample-async.c | 4 +- lib/export/samples/sample-gai.c | 4 +- lib/export/samples/sample-request.c | 4 +- lib/export/samples/sample-update.c | 4 +- lib/export/samples/sample.c | 2 +- lib/irs/getaddrinfo.c | 13 +- lib/isccfg/api | 2 +- lib/isccfg/namedconf.c | 7 + srcid | 2 +- version | 2 +- 100 files changed, 6950 insertions(+), 5957 deletions(-) create mode 100644 bin/python/dnssec-coverage.8 create mode 100644 bin/python/dnssec-coverage.html create mode 100644 bin/tests/system/checkzone/zones/spf.db create mode 100644 bin/tests/system/redirect/ns2/example.db.in delete mode 100644 bin/tests/system/redirect/ns2/redirect.db create mode 100644 bin/tests/system/redirect/ns2/redirect.db.in create mode 100644 bin/tests/system/spf/clean.sh create mode 100644 bin/tests/system/spf/ns1/named.conf create mode 100644 bin/tests/system/spf/ns1/spf.db create mode 100644 bin/tests/system/spf/tests.sh create mode 100644 bin/tests/system/unknown/zones/nan.bad diff --git a/CHANGES b/CHANGES index 4ad7de09..2f5f9ef5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,35 @@ + --- 9.9.3rc2 released --- + +3360. [bug] isc-config.sh did not honour includedir and libdir + when set via configure. [RT #33345] + +3559. [func] Check that both forms of Sender Policy Framework + records exist or do not exist. [RT #33355] + +3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331] + +3557. [bug] Reloading redirect zones was broken. [RT #33292] + +3556. [maint] Added AAAA for D.ROOT-SERVERS.NET. + +3555. [bug] Address theoretical race conditions in acache.c + (change #3553 was incomplete). [RT #33252] + +3553. [bug] Address suspected double free in acache. [RT #33252] + +3552. [bug] Wrong getopt option string for 'nsupdate -r'. + [RT #33280] + +3549. [doc] Documentation for "request-nsid" was missing. + [RT #33153] + +3548. [bug] The NSID request code in resolver.c was broken + resulting in invalid EDNS options being sent. + [RT #33153] + +3547. [bug] Some malformed unknown rdata records were not properly + detected and rejected. [RT #33129] + --- 9.9.3rc1 released --- 3546. [func] Add EUI48 and EUI64 types. [RT #33082] @@ -57,7 +89,7 @@ where it should have been. [RT #32794] --- 9.9.3b2 released --- - + 3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777] 3515. [port] '%T' is not portable in strftime(). [RT #32763] @@ -111,11 +143,11 @@ syntax now includes a "min-ns-dots" clause, with default 1, to exclude top-level domains from NSIP and NSDNAME checking. --enable-rpz-nsip and - --enable-rpz-nsdname are now the default. [RT #32251] + --enable-rpz-nsdname are now the default. [RT #32251] 3493. [contrib] Added BDBHPT dynamically-lodable DLZ module, contributed by Mark Goldfinch. [RT #32549] - + 3492. [bug] Fixed a regression in zone loading performance due to lock contention. [RT #30399] @@ -130,7 +162,7 @@ 3487. [bug] Change 3444 was not complete. There was a additional place where the NOQNAME proof needed to be saved. - [RT #32629] + [RT #32629] 3486. [bug] named could crash when using TKEY-negotiated keys that had been deleted and then recreated. [RT #32506] @@ -166,7 +198,7 @@ refreshing after an initial failure. [RT #31276] --- 9.9.3b1 released --- - + 3468. [security] RPZ rules to generate A records (but not AAAA records) could trigger an assertion failure when used in conjunction with DNS64 (CVE-2012-5689). [RT #32141] diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 53e6091f..0b3c508f 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -294,6 +294,18 @@ configure_zone(const char *vclass, const char *view, zone_options &= ~DNS_ZONEOPT_CHECKSIBLING; } + obj = NULL; + if (get_maps(maps, "check-spf", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } + obj = NULL; if (get_checknames(maps, &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 664f6d2b..1fb384e2 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -33,9 +33,9 @@ named\-checkzone, named\-compilezone \- zone file validity checking or converting tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .HP 18 -\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename} .SH "DESCRIPTION" .PP \fBnamed\-checkzone\fR @@ -249,6 +249,14 @@ Chroot to so that include directives in the configuration file are processed as if run by a similarly chrooted named. .RE .PP +\-T \fImode\fR +.RS 4 +Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are +\fB"warn"\fR +(default), +\fB"ignore"\fR. +.RE +.PP \-w \fIdirectory\fR .RS 4 chdir to diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c index c059db49..7e779c2d 100644 --- a/bin/check/named-checkzone.c +++ b/bin/check/named-checkzone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -150,19 +150,21 @@ main(int argc, char **argv) { if (progmode == progmode_compile) { zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS | + DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKNAMES | DNS_ZONEOPT_CHECKNAMESFAIL | DNS_ZONEOPT_CHECKWILDCARD); } else - zone_options |= DNS_ZONEOPT_CHECKDUPRR; + zone_options |= (DNS_ZONEOPT_CHECKDUPRR | + DNS_ZONEOPT_CHECKSPF); #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0) isc_commandline_errprint = ISC_FALSE; while ((c = isc_commandline_parse(argc, argv, - "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:W:")) + "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:T:W:")) != EOF) { switch (c) { case 'c': @@ -379,6 +381,18 @@ main(int argc, char **argv) { } break; + case 'T': + if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKSPF; + } else if (ARGCMP("ignore")) { + zone_options &= ~DNS_ZONEOPT_CHECKSPF; + } else { + fprintf(stderr, "invalid argument to -T: %s\n", + isc_commandline_argument); + exit(1); + } + break; + case 'W': if (ARGCMP("warn")) zone_options |= DNS_ZONEOPT_CHECKWILDCARD; diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index 85479e7d..ea37fa2b 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> + + + + + +dnssec-coverage + + +
+
+
+

Name

+

dnssec-coverage — checks future DNSKEY coverage for a zone

+
+
+

Synopsis

+

dnssec-coverage [-K directory] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [zone]

+
+
+

DESCRIPTION

+

dnssec-coverage + verifies that the DNSSEC keys for a given zone or a set of zones + have timing metadata set properly to ensure no future lapses in DNSSEC + coverage. +

+

+ If zone is specified, then keys found in + the key repository matching that zone are scanned, and an ordered + list is generated of the events scheduled for that key (i.e., + publication, activation, inactivation, deletion). The list of + events is walked in order of occurrence. Warnings are generated + if any event is scheduled which could cause the zone to enter a + state in which validation failures might occur: for example, if + the number of published or active keys for a given algorithm drops + to zero, or if a key is deleted from the zone too soon after a new + key is rolled, and cached data signed by the prior key has not had + time to expire from resolver caches. +

+

+ If zone is not specified, then all keys in the + key repository will be scanned, and all zones for which there are + keys will be analyzed. (Note: This method of reporting is only + accurate if all the zones that have keys in a given repository + share the same TTL parameters.) +

+
+
+

OPTIONS

+
+
-f file
+

+ If a file is specified, then the zone is + read from that file; the largest TTL and the DNSKEY TTL are + determined directly from the zone data, and the + -m and -d options do + not need to be specified on the command line. +

+
-K directory
+

+ Sets the directory in which keys can be found. Defaults to the + current working directory. +

+
-m maximum TTL
+
+

+ Sets the value to be used as the maximum TTL for the zone or + zones being analyzed when determining whether there is a + possibility of validation failure. When a zone-signing key is + deactivated, there must be enough time for the record in the + zone with the longest TTL to have expired from resolver caches + before that key can be purged from the DNSKEY RRset. If that + condition does not apply, a warning will be generated. +

+

+ The length of the TTL can be set in seconds, or in larger units + of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +

+

+ This option is mandatory unless the -f has + been used to specify a zone file. (If -f has + been specified, this option may still be used; it will overrde + the value found in the file.) +

+
+
-d DNSKEY TTL
+
+

+ Sets the value to be used as the DNSKEY TTL for the zone or + zones being analyzed when determining whether there is a + possibility of validation failure. When a key is rolled (that + is, replaced with a new key), there must be enough time + for the old DNSKEY RRset to have expired from resolver caches + before the new key is activated and begins generating + signatures. If that condition does not apply, a warning + will be generated. +

+

+ The length of the TTL can be set in seconds, or in larger units + of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +

+

+ This option is mandatory unless the -f has + been used to specify a zone file, or a default key TTL was + set with the -L to + dnssec-keygen. (If either of those is true, + this option may still be used; it will overrde the value found + in the zone or key file.) +

+
+
-r resign interval
+
+

+ Sets the value to be used as the resign interval for the zone + or zones being analyzed when determining whether there is a + possibility of validation failure. This value defaults to + 22.5 days, which is also the default in + named. However, if it has been changed + by the sig-validity-interval option in + named.conf, then it should also be + changed here. +

+

+ The length of the interval can be set in seconds, or in larger + units of time by adding a suffix: 'mi' for minutes, 'h' for hours, + 'd' for days, 'w' for weeks, 'mo' for months, 'y' for years. +

+
+
-c compilezone path
+

+ Specifies a path to a named-compilezone binary. + Used for testing. +

+
+
+
+

SEE ALSO

+

+ dnssec-checkds(8), + dnssec-dsfromkey(8), + dnssec-keygen(8), + dnssec-signzone(8) +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index d72bf4f3..d3d8b4a5 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -610,10 +610,11 @@ main(int argc, char *argv[]) { } else if (strstr(s, "!V") == s) { DBI_CHECK(dbi); v = atoi(&s[2]); - if (v >= dbi->rcount) { + if (v >= dbi->rcount || v < 0) { printf("unknown open version %d\n", v); continue; - } else if (dbi->rversions[v] == NULL) { + } + if (dbi->rversions[v] == NULL) { printf("version %d is not open\n", v); continue; } diff --git a/bin/tests/shutdown_test.c b/bin/tests/shutdown_test.c index 32ad5fed..e0d6ae76 100644 --- a/bin/tests/shutdown_test.c +++ b/bin/tests/shutdown_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -174,9 +174,13 @@ main(int argc, char *argv[]) { RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS); - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c index 8f33a7ed..82a7e775 100644 --- a/bin/tests/sock_test.c +++ b/bin/tests/sock_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -263,9 +263,13 @@ main(int argc, char *argv[]) { isc_result_t result; int pf; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index 757ba2e9..2353c145 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -40,4 +40,18 @@ do status=`expr $status + $ret` done +echo "I:checking with spf warnings ($n)" +ret=0 +$CHECKZONE example zones/spf.db > test.out1.$n 2>&1 || ret=1 +$CHECKZONE -T ignore example zones/spf.db > test.out2.$n 2>&1 || ret=1 +grep "'x.example' found SPF/TXT" test.out1.$n > /dev/null || ret=1 +grep "'y.example' found SPF/SPF" test.out1.$n > /dev/null || ret=1 +grep "'example' found SPF/" test.out1.$n > /dev/null && ret=1 +grep "'x.example' found SPF/" test.out2.$n > /dev/null && ret=1 +grep "'y.example' found SPF/" test.out2.$n > /dev/null && ret=1 +grep "'example' found SPF/" test.out2.$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status diff --git a/bin/tests/system/checkzone/zones/spf.db b/bin/tests/system/checkzone/zones/spf.db new file mode 100644 index 00000000..ffa850ad --- /dev/null +++ b/bin/tests/system/checkzone/zones/spf.db @@ -0,0 +1,21 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN SOA . . 0 0 0 0 0 +@ 0 IN NS . +@ 0 IN TXT "v=spf1 -all" +@ 0 IN SPF "v=spf1 -all" +x 0 IN TXT "v=spf1" +y 0 IN SPF "v=spf1" +y 0 IN TXT "a non spf record" diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index b8debdb8..2aadf9fc 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -63,7 +63,7 @@ SUBDIRS="acl additional allow_query addzone autosign builtin formerr forward glue gost ixfr inline limits logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder rsabigexponent - sortlist smartsign staticstub stub tkey tsig tsiggss unknown + smartsign sortlist spf staticstub stub tkey tsig tsiggss unknown upforwd verify views wildcard xfer xferquota zonechecks" # PERL will be an empty string if no perl interpreter was found. diff --git a/bin/tests/system/dlz/tests.sh b/bin/tests/system/dlz/tests.sh index fd11048d..ce0a36a6 100644 --- a/bin/tests/system/dlz/tests.sh +++ b/bin/tests/system/dlz/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2010-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -40,5 +40,35 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking DLZ IXFR=2010062899 (less than serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062899 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking DLZ IXFR=2010062900 (equal serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062900 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking DLZ IXFR=2010062901 (greater than serial) ($n)" +ret=0 +$DIG $DIGOPTS ixfr=2010062901 example.com @10.53.0.1 +all > dig.out.ns1.test$n +grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 +grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index 062a49e1..e8caddcd 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -66,6 +66,7 @@ for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 [ "$ret" -eq 0 ] && break + sleep 1 done [ "$ret" -eq 0 ] || echo "I:failed" status=`expr $status + $ret` diff --git a/bin/tests/system/redirect/clean.sh b/bin/tests/system/redirect/clean.sh index f043095c..d9648bd4 100644 --- a/bin/tests/system/redirect/clean.sh +++ b/bin/tests/system/redirect/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -25,3 +25,5 @@ rm -f ns1/dsset-nsec3. rm -f */named.memstats rm -f */named.run rm -f dig.out.* random.data +rm -f ns2/*.db +rm -f rndc.out diff --git a/bin/tests/system/redirect/ns2/example.db.in b/bin/tests/system/redirect/ns2/example.db.in new file mode 100644 index 00000000..28cd6461 --- /dev/null +++ b/bin/tests/system/redirect/ns2/example.db.in @@ -0,0 +1,19 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 300 ; 5 minutes +@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 +@ NS ns2 +ns2 A 10.53.0.2 +a A 10.53.0.2 diff --git a/bin/tests/system/redirect/ns2/named.conf b/bin/tests/system/redirect/ns2/named.conf index e1d5334e..6f626445 100644 --- a/bin/tests/system/redirect/ns2/named.conf +++ b/bin/tests/system/redirect/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -37,6 +37,15 @@ options { }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "../../common/root.hint"; @@ -47,3 +56,8 @@ zone "." { file "redirect.db"; allow-query { !10.53.0.4; any; }; }; + +zone "example.nil" { + type master; + file "example.db"; +}; diff --git a/bin/tests/system/redirect/ns2/redirect.db b/bin/tests/system/redirect/ns2/redirect.db deleted file mode 100644 index 23f21ea2..00000000 --- a/bin/tests/system/redirect/ns2/redirect.db +++ /dev/null @@ -1,25 +0,0 @@ -; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") -; -; Permission to use, copy, modify, and/or distribute this software for any -; purpose with or without fee is hereby granted, provided that the above -; copyright notice and this permission notice appear in all copies. -; -; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -; PERFORMANCE OF THIS SOFTWARE. - -; $Id: redirect.db,v 1.3 2011/03/01 23:48:07 tbox Exp $ - -$TTL 300 -@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 -@ IN NS ns.example.net -; -; NS records do not need address records in this zone as it is not in the -; normal namespace. -; -*. IN A 100.100.100.1 -*. IN AAAA 2001:ffff:ffff::100.100.100.1 diff --git a/bin/tests/system/redirect/ns2/redirect.db.in b/bin/tests/system/redirect/ns2/redirect.db.in new file mode 100644 index 00000000..81426d7f --- /dev/null +++ b/bin/tests/system/redirect/ns2/redirect.db.in @@ -0,0 +1,23 @@ +; Copyright (C) 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 300 +@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 +@ IN NS ns.example.net +; +; NS records do not need address records in this zone as it is not in the +; normal namespace. +; +*. IN A 100.100.100.1 +*. IN AAAA 2001:ffff:ffff::100.100.100.1 diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh index 4a8927ad..94512ec6 100644 --- a/bin/tests/system/redirect/setup.sh +++ b/bin/tests/system/redirect/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh -e # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -20,4 +20,6 @@ sh clean.sh ../../../tools/genrandom 400 random.data +cp ns2/redirect.db.in ns2/redirect.db +cp ns2/example.db.in ns2/example.db cd ns1 && sh sign.sh diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh index 5315a064..a51f58b3 100644 --- a/bin/tests/system/redirect/tests.sh +++ b/bin/tests/system/redirect/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -332,5 +332,21 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking that redirect zones reload correctly" +ret=0 +sed -e 's/0 0 0 0 0/1 0 0 0 0/' < ns2/example.db.in > ns2/example.db +sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' < ns2/redirect.db.in > ns2/redirect.db +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload > rndc.out || ret=1 +sed 's/^/I:ns2 /' rndc.out +$DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || ret=1 +set -- `cat dig.out.ns1.test$n` +[ $3 = 1 ] || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/spf/clean.sh b/bin/tests/system/spf/clean.sh new file mode 100644 index 00000000..2e3a0eeb --- /dev/null +++ b/bin/tests/system/spf/clean.sh @@ -0,0 +1,16 @@ +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +rm -f ns1/named.run +rm -f ns1/named.memstats diff --git a/bin/tests/system/spf/ns1/named.conf b/bin/tests/system/spf/ns1/named.conf new file mode 100644 index 00000000..7d5dcfb0 --- /dev/null +++ b/bin/tests/system/spf/ns1/named.conf @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + ixfr-from-differences yes; +}; + +zone "spf" { + type master; + file "spf.db"; +}; + +zone "warn" { + type master; + file "spf.db"; + check-spf warn; +}; + +zone "nowarn" { + type master; + file "spf.db"; + check-spf ignore; +}; diff --git a/bin/tests/system/spf/ns1/spf.db b/bin/tests/system/spf/ns1/spf.db new file mode 100644 index 00000000..ffa850ad --- /dev/null +++ b/bin/tests/system/spf/ns1/spf.db @@ -0,0 +1,21 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN SOA . . 0 0 0 0 0 +@ 0 IN NS . +@ 0 IN TXT "v=spf1 -all" +@ 0 IN SPF "v=spf1 -all" +x 0 IN TXT "v=spf1" +y 0 IN SPF "v=spf1" +y 0 IN TXT "a non spf record" diff --git a/bin/tests/system/spf/tests.sh b/bin/tests/system/spf/tests.sh new file mode 100644 index 00000000..6acd2836 --- /dev/null +++ b/bin/tests/system/spf/tests.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# +# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +n=1 +status=0 + +echo "I:checking that SPF warnings have been correctly generated ($n)" +ret=0 + +grep "zone spf/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.spf' found SPF/TXT" ns1/named.run > /dev/null || ret=1 +grep "'y.spf' found SPF/SPF" ns1/named.run > /dev/null || ret=1 +grep "'spf' found SPF/" ns1/named.run > /dev/null && ret=1 + +grep "zone warn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.warn' found SPF/TXT" ns1/named.run > /dev/null || ret=1 +grep "'y.warn' found SPF/SPF" ns1/named.run > /dev/null || ret=1 +grep "'warn' found SPF/" ns1/named.run > /dev/null && ret=1 + +grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 +grep "'x.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'y.nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +grep "'nowarn' found SPF/" ns1/named.run > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/unknown/clean.sh b/bin/tests/system/unknown/clean.sh index 22be4cbc..d86a869b 100644 --- a/bin/tests/system/unknown/clean.sh +++ b/bin/tests/system/unknown/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -17,7 +17,7 @@ # $Id: clean.sh,v 1.7 2007/09/26 03:22:44 marka Exp $ -rm -f dig.out +rm -f dig.out check.out rm -f */named.memstats rm -f */*.bk rm -f */*.bk.* diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh index 69d78715..55c7ca6d 100644 --- a/bin/tests/system/unknown/tests.sh +++ b/bin/tests/system/unknown/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -179,12 +179,21 @@ echo '"#" "2" "0145"' | diff - dig.out || ret=1 [ $ret = 0 ] || echo "I: failed" status=`expr $status + $ret` -echo "I:check that '"'TXT \# text'"' is not treated as the unknown escape sequence" +echo "I:check that 'TXT \# text' is not treated as the unknown escape sequence" ret=0 $DIG $DIGOPTS @10.53.0.1 +tcp +short txt9.example txt > dig.out echo '"#" "text"' | diff - dig.out || ret=1 [ $ret = 0 ] || echo "I: failed" status=`expr $status + $ret` +echo "I:check that 'TYPE353 \# cat' produces 'not a valid number'" +ret=0 +$CHECKZONE nan.bad zones/nan.bad > check.out 2>&1 +grep "not a valid number" check.out > /dev/null || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + + + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/unknown/zones/nan.bad b/bin/tests/system/unknown/zones/nan.bad new file mode 100644 index 00000000..26d9f37f --- /dev/null +++ b/bin/tests/system/unknown/zones/nan.bad @@ -0,0 +1,15 @@ +; Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +@ 0 IN TYPE353 \# cat 010101010101010101 diff --git a/bin/tests/task_test.c b/bin/tests/task_test.c index e3ff26b5..4a22ca48 100644 --- a/bin/tests/task_test.c +++ b/bin/tests/task_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -69,9 +69,13 @@ main(int argc, char *argv[]) { isc_timer_t *ti1, *ti2; struct isc_interval interval; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tests/timer_test.c b/bin/tests/timer_test.c index 2825dc58..06205b7d 100644 --- a/bin/tests/timer_test.c +++ b/bin/tests/timer_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -102,9 +102,13 @@ main(int argc, char *argv[]) { isc_time_t expires, now; isc_interval_t interval; - if (argc > 1) + if (argc > 1) { workers = atoi(argv[1]); - else + if (workers < 1) + workers = 1; + if (workers > 8192) + workers = 8192; + } else workers = 2; printf("%d workers\n", workers); diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8 index c02ed03f..6364e54d 100644 --- a/bin/tools/isc-hmac-fixup.8 +++ b/bin/tools/isc-hmac-fixup.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -23,7 +23,7 @@ .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9" +.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -57,5 +57,5 @@ RFC 2104. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook index c298a858..cc723733 100644 --- a/bin/tools/isc-hmac-fixup.docbook +++ b/bin/tools/isc-hmac-fixup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>