1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" 19RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s" 20NS_PARAMS="-m record -c named.conf -d 99 -g -T maxcachesize=2097152" 21 22status=0 23n=0 24 25n=$((n + 1)) 26echo_i "testing basic zone transfer functionality (from primary) ($n)" 27tmp=0 28$DIG $DIGOPTS example. @10.53.0.2 axfr >dig.out.ns2.test$n || tmp=1 29grep "^;" dig.out.ns2.test$n | cat_i 30digcomp dig1.good dig.out.ns2.test$n || tmp=1 31if test $tmp != 0; then echo_i "failed"; fi 32status=$((status + tmp)) 33 34n=$((n + 1)) 35echo_i "testing basic zone transfer functionality (from secondary) ($n)" 36tmp=0 37# 38# Spin to allow the zone to transfer. 39# 40wait_for_xfer() { 41 ZONE=$1 42 SERVER=$2 43 $DIG $DIGOPTS $ZONE @$SERVER axfr >dig.out.test$n || return 1 44 grep "^;" dig.out.test$n >/dev/null && return 1 45 return 0 46} 47retry_quiet 25 wait_for_xfer example. 10.53.0.3 || tmp=1 48grep "^;" dig.out.test$n | cat_i 49digcomp dig1.good dig.out.test$n || tmp=1 50if test $tmp != 0; then echo_i "failed"; fi 51status=$((status + tmp)) 52 53n=$((n + 1)) 54echo_i "testing zone transfer functionality (fallback to DNS after DoT failed) ($n)" 55tmp=0 56retry_quiet 25 wait_for_xfer dot-fallback. 10.53.0.2 || tmp=1 57grep "^;" dig.out.test$n | cat_i 58digcomp dig3.good dig.out.test$n || tmp=1 59if test $tmp != 0; then echo_i "failed"; fi 60status=$((status + tmp)) 61 62n=$((n + 1)) 63echo_i "testing TSIG signed zone transfers ($n)" 64tmp=0 65$DIG $DIGOPTS tsigzone. @10.53.0.2 axfr -y "${DEFAULT_HMAC}:tsigzone.:1234abcd8765" >dig.out.ns2.test$n || tmp=1 66grep "^;" dig.out.ns2.test$n | cat_i 67 68# 69# Spin to allow the zone to transfer. 70# 71wait_for_xfer_tsig() { 72 $DIG $DIGOPTS tsigzone. @10.53.0.3 axfr -y "${DEFAULT_HMAC}:tsigzone.:1234abcd8765" >dig.out.ns3.test$n || return 1 73 grep "^;" dig.out.ns3.test$n >/dev/null && return 1 74 return 0 75} 76retry_quiet 25 wait_for_xfer_tsig || tmp=1 77grep "^;" dig.out.ns3.test$n | cat_i 78digcomp dig.out.ns2.test$n dig.out.ns3.test$n || tmp=1 79if test $tmp != 0; then echo_i "failed"; fi 80status=$((status + tmp)) 81 82echo_i "reload servers for in preparation for ixfr-from-differences tests" 83 84rndc_reload ns1 10.53.0.1 85rndc_reload ns2 10.53.0.2 86rndc_reload ns3 10.53.0.3 87rndc_reload ns6 10.53.0.6 88rndc_reload ns7 10.53.0.7 89 90sleep 2 91 92echo_i "updating primary zones for ixfr-from-differences tests" 93 94$PERL -i -p -e ' 95 s/0\.0\.0\.0/0.0.0.1/; 96 s/1397051952/1397051953/ 97' ns1/sec.db 98 99rndc_reload ns1 10.53.0.1 100 101$PERL -i -p -e ' 102 s/0\.0\.0\.0/0.0.0.1/; 103 s/1397051952/1397051953/ 104' ns2/example.db 105 106rndc_reload ns2 10.53.0.2 107 108$PERL -i -p -e ' 109 s/0\.0\.0\.0/0.0.0.1/; 110 s/1397051952/1397051953/ 111' ns6/primary.db 112 113rndc_reload ns6 10.53.0.6 114 115$PERL -i -p -e ' 116 s/0\.0\.0\.0/0.0.0.1/; 117 s/1397051952/1397051953/ 118' ns7/primary2.db 119 120rndc_reload ns7 10.53.0.7 121 122sleep 3 123 124n=$((n + 1)) 125echo_i "testing zone is dumped after successful transfer ($n)" 126tmp=0 127$DIG $DIGOPTS +noall +answer +multi @10.53.0.2 \ 128 secondary. soa >dig.out.ns2.test$n || tmp=1 129grep "1397051952 ; serial" dig.out.ns2.test$n >/dev/null 2>&1 || tmp=1 130grep "1397051952 ; serial" ns2/sec.db >/dev/null 2>&1 || tmp=1 131if test $tmp != 0; then echo_i "failed"; fi 132status=$((status + tmp)) 133 134n=$((n + 1)) 135echo_i "testing ixfr-from-differences yes; ($n)" 136tmp=0 137 138echo_i "wait for reloads..." 139wait_for_reloads() ( 140 $DIG $DIGOPTS @10.53.0.6 +noall +answer soa primary >dig.out.soa1.ns6.test$n 141 grep "1397051953" dig.out.soa1.ns6.test$n >/dev/null || return 1 142 $DIG $DIGOPTS @10.53.0.1 +noall +answer soa secondary >dig.out.soa2.ns1.test$n 143 grep "1397051953" dig.out.soa2.ns1.test$n >/dev/null || return 1 144 $DIG $DIGOPTS @10.53.0.2 +noall +answer soa example >dig.out.soa3.ns2.test$n 145 grep "1397051953" dig.out.soa3.ns2.test$n >/dev/null || return 1 146 return 0 147) 148retry_quiet 20 wait_for_reloads || tmp=1 149 150echo_i "wait for transfers..." 151wait_for_transfers() ( 152 a=0 b=0 c=0 d=0 153 $DIG $DIGOPTS @10.53.0.3 +noall +answer soa example >dig.out.soa1.ns3.test$n 154 grep "1397051953" dig.out.soa1.ns3.test$n >/dev/null && a=1 155 $DIG $DIGOPTS @10.53.0.3 +noall +answer soa primary >dig.out.soa2.ns3.test$n 156 grep "1397051953" dig.out.soa2.ns3.test$n >/dev/null && b=1 157 $DIG $DIGOPTS @10.53.0.6 +noall +answer soa secondary >dig.out.soa3.ns6.test$n 158 grep "1397051953" dig.out.soa3.ns6.test$n >/dev/null && c=1 159 [ $a -eq 1 -a $b -eq 1 -a $c -eq 1 ] && return 0 160 161 # re-notify if necessary 162 $RNDCCMD 10.53.0.6 notify primary 2>&1 | sed 's/^/ns6 /' | cat_i 163 $RNDCCMD 10.53.0.1 notify secondary 2>&1 | sed 's/^/ns1 /' | cat_i 164 $RNDCCMD 10.53.0.2 notify example 2>&1 | sed 's/^/ns2 /' | cat_i 165 return 1 166) 167retry_quiet 20 wait_for_transfers || tmp=1 168 169$DIG $DIGOPTS example. \ 170 @10.53.0.3 axfr >dig.out.ns3.test$n || tmp=1 171grep "^;" dig.out.ns3.test$n | cat_i 172 173digcomp dig2.good dig.out.ns3.test$n || tmp=1 174 175# ns3 has a journal iff it received an IXFR. 176test -f ns3/example.bk || tmp=1 177test -f ns3/example.bk.jnl || tmp=1 178 179if test $tmp != 0; then echo_i "failed"; fi 180status=$((status + tmp)) 181 182n=$((n + 1)) 183echo_i "testing ixfr-from-differences primary; (primary zone) ($n)" 184tmp=0 185 186$DIG $DIGOPTS primary. \ 187 @10.53.0.6 axfr >dig.out.ns6.test$n || tmp=1 188grep "^;" dig.out.ns6.test$n | cat_i 189 190$DIG $DIGOPTS primary. \ 191 @10.53.0.3 axfr >dig.out.ns3.test$n || tmp=1 192grep "^;" dig.out.ns3.test$n >/dev/null && cat_i <dig.out.ns3.test$n 193 194digcomp dig.out.ns6.test$n dig.out.ns3.test$n || tmp=1 195 196# ns3 has a journal iff it received an IXFR. 197test -f ns3/primary.bk || tmp=1 198test -f ns3/primary.bk.jnl || tmp=1 199 200if test $tmp != 0; then echo_i "failed"; fi 201status=$((status + tmp)) 202 203n=$((n + 1)) 204echo_i "testing ixfr-from-differences primary; (secondary zone) ($n)" 205tmp=0 206 207$DIG $DIGOPTS secondary. \ 208 @10.53.0.6 axfr >dig.out.ns6.test$n || tmp=1 209grep "^;" dig.out.ns6.test$n | cat_i 210 211$DIG $DIGOPTS secondary. \ 212 @10.53.0.1 axfr >dig.out.ns1.test$n || tmp=1 213grep "^;" dig.out.ns1.test$n | cat_i 214 215digcomp dig.out.ns6.test$n dig.out.ns1.test$n || tmp=1 216 217# ns6 has a journal iff it received an IXFR. 218test -f ns6/sec.bk || tmp=1 219test -f ns6/sec.bk.jnl && tmp=1 220 221if test $tmp != 0; then echo_i "failed"; fi 222status=$((status + tmp)) 223 224n=$((n + 1)) 225echo_i "testing ixfr-from-differences secondary; (secondary zone) ($n)" 226tmp=0 227 228# ns7 has a journal iff it generates an IXFR. 229test -f ns7/primary2.db || tmp=1 230test -f ns7/primary2.db.jnl && tmp=1 231 232if test $tmp != 0; then echo_i "failed"; fi 233status=$((status + tmp)) 234 235n=$((n + 1)) 236echo_i "testing ixfr-from-differences secondary; (secondary zone) ($n)" 237tmp=0 238 239$DIG $DIGOPTS secondary. \ 240 @10.53.0.1 axfr >dig.out.ns1.test$n || tmp=1 241grep "^;" dig.out.ns1.test$n | cat_i 242 243$DIG $DIGOPTS secondary. \ 244 @10.53.0.7 axfr >dig.out.ns7.test$n || tmp=1 245grep "^;" dig.out.ns7.test$n | cat_i 246 247digcomp dig.out.ns7.test$n dig.out.ns1.test$n || tmp=1 248 249# ns7 has a journal iff it generates an IXFR. 250test -f ns7/sec.bk || tmp=1 251test -f ns7/sec.bk.jnl || tmp=1 252 253if test $tmp != 0; then echo_i "failed"; fi 254status=$((status + tmp)) 255 256n=$((n + 1)) 257echo_i "check that a multi-message uncompressable zone transfers ($n)" 258$DIG axfr . -p ${PORT} @10.53.0.4 | grep SOA >axfr.out || tmp=1 259if test $(wc -l <axfr.out) != 2; then 260 echo_i "failed" 261 status=$((status + 1)) 262fi 263 264# now we test transfers with assorted TSIG glitches 265DIGCMD="$DIG $DIGOPTS @10.53.0.4" 266 267sendcmd() { 268 send 10.53.0.5 "$EXTRAPORT1" 269} 270 271echo_i "testing that incorrectly signed transfers will fail..." 272n=$((n + 1)) 273echo_i "initial correctly-signed transfer should succeed ($n)" 274 275sendcmd <ans5/goodaxfr 276 277# Initially, ns4 is not authoritative for anything. 278# Now that ans is up and running with the right data, we make ns4 279# a secondary for nil. 280 281cat <<EOF >>ns4/named.conf 282zone "nil" { 283 type secondary; 284 file "nil.db"; 285 primaries { 10.53.0.5 key tsig_key; }; 286}; 287EOF 288 289nextpart ns4/named.run >/dev/null 290 291rndc_reload ns4 10.53.0.4 292 293wait_for_soa() ( 294 $DIGCMD nil. SOA >dig.out.ns4.test$n 295 grep SOA dig.out.ns4.test$n >/dev/null 296) 297retry_quiet 10 wait_for_soa 298 299nextpart ns4/named.run | grep "Transfer status: success" >/dev/null || { 300 echo_i "failed: expected status was not logged" 301 status=$((status + 1)) 302} 303 304$DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { 305 echo_i "failed" 306 status=$((status + 1)) 307} 308 309n=$((n + 1)) 310echo_i "handle IXFR NOTIMP ($n)" 311 312sendcmd <ans5/ixfrnotimp 313 314$RNDCCMD 10.53.0.4 refresh nil | sed 's/^/ns4 /' | cat_i 315 316sleep 2 317 318nextpart ns4/named.run | grep "zone nil/IN: requesting IXFR from 10.53.0.5" >/dev/null || { 319 echo_i "failed: expected status was not logged" 320 status=$((status + 1)) 321} 322 323$DIGCMD nil. TXT | grep 'IXFR NOTIMP' >/dev/null || { 324 echo_i "failed" 325 status=$((status + 1)) 326} 327 328n=$((n + 1)) 329echo_i "unsigned transfer ($n)" 330 331sendcmd <ans5/unsigned 332sleep 1 333 334$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 335 336sleep 2 337 338nextpart ns4/named.run | grep "Transfer status: expected a TSIG or SIG(0)" >/dev/null || { 339 echo_i "failed: expected status was not logged" 340 status=$((status + 1)) 341} 342 343$DIGCMD nil. TXT | grep 'unsigned AXFR' >/dev/null && { 344 echo_i "failed" 345 status=$((status + 1)) 346} 347 348n=$((n + 1)) 349echo_i "bad keydata ($n)" 350 351sendcmd <ans5/badkeydata 352 353$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 354 355sleep 2 356 357nextpart ns4/named.run | grep "Transfer status: tsig verify failure" >/dev/null || { 358 echo_i "failed: expected status was not logged" 359 status=$((status + 1)) 360} 361 362$DIGCMD nil. TXT | grep 'bad keydata AXFR' >/dev/null && { 363 echo_i "failed" 364 status=$((status + 1)) 365} 366 367n=$((n + 1)) 368echo_i "partially-signed transfer ($n)" 369 370sendcmd <ans5/partial 371 372$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 373 374sleep 2 375 376nextpart ns4/named.run | grep "Transfer status: expected a TSIG or SIG(0)" >/dev/null || { 377 echo_i "failed: expected status was not logged" 378 status=$((status + 1)) 379} 380 381$DIGCMD nil. TXT | grep 'partially signed AXFR' >/dev/null && { 382 echo_i "failed" 383 status=$((status + 1)) 384} 385 386n=$((n + 1)) 387echo_i "unknown key ($n)" 388 389sendcmd <ans5/unknownkey 390 391$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 392 393sleep 2 394 395nextpart ns4/named.run | grep "tsig key 'tsig_key': key name and algorithm do not match" >/dev/null || { 396 echo_i "failed: expected status was not logged" 397 status=$((status + 1)) 398} 399 400$DIGCMD nil. TXT | grep 'unknown key AXFR' >/dev/null && { 401 echo_i "failed" 402 status=$((status + 1)) 403} 404 405n=$((n + 1)) 406echo_i "incorrect key ($n)" 407 408sendcmd <ans5/wrongkey 409 410$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 411 412sleep 2 413 414nextpart ns4/named.run | grep "tsig key 'tsig_key': key name and algorithm do not match" >/dev/null || { 415 echo_i "failed: expected status was not logged" 416 status=$((status + 1)) 417} 418 419$DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && { 420 echo_i "failed" 421 status=$((status + 1)) 422} 423 424n=$((n + 1)) 425echo_i "bad question section ($n)" 426 427sendcmd <ans5/wrongname 428 429$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 430 431sleep 2 432 433nextpart ns4/named.run | grep "question name mismatch" >/dev/null || { 434 echo_i "failed: expected status was not logged" 435 status=$((status + 1)) 436} 437 438$DIGCMD nil. TXT | grep 'wrong question AXFR' >/dev/null && { 439 echo_i "failed" 440 status=$((status + 1)) 441} 442 443n=$((n + 1)) 444echo_i "bad message id ($n)" 445 446sendcmd <ans5/badmessageid 447 448# Uncomment to see AXFR stream with mismatching IDs. 449# $DIG $DIGOPTS @10.53.0.5 -y "${DEFAULT_HMAC}:tsig_key:LSAnCU+Z" nil. AXFR +all 450 451$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 452 453sleep 2 454 455nextpart ns4/named.run | grep "Transfer status: unexpected error" >/dev/null || { 456 echo_i "failed: expected status was not logged" 457 status=$((status + 1)) 458} 459 460$DIGCMD nil. TXT | grep 'bad message id' >/dev/null && { 461 echo_i "failed" 462 status=$((status + 1)) 463} 464 465n=$((n + 1)) 466echo_i "mismatched SOA ($n)" 467 468sendcmd <ans5/soamismatch 469 470$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 471 472sleep 2 473 474nextpart ns4/named.run | grep "Transfer status: FORMERR" >/dev/null || { 475 echo_i "failed: expected status was not logged" 476 status=$((status + 1)) 477} 478 479$DIGCMD nil. TXT | grep 'SOA mismatch AXFR' >/dev/null && { 480 echo_i "failed" 481 status=$((status + 1)) 482} 483 484n=$((n + 1)) 485echo_i "handle EDNS NOTIMP ($n)" 486 487$RNDCCMD 10.53.0.4 null testing EDNS NOTIMP | sed 's/^/ns4 /' | cat_i 488 489sendcmd <ans5/ednsnotimp 490 491$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 492 493sleep 2 494 495nextpart ns4/named.run | grep "Transfer status: NOTIMP" >/dev/null || { 496 echo_i "failed: expected status was not logged" 497 status=$((status + 1)) 498} 499 500n=$((n + 1)) 501echo_i "handle EDNS FORMERR ($n)" 502 503$RNDCCMD 10.53.0.4 null testing EDNS FORMERR | sed 's/^/ns4 /' | cat_i 504 505sendcmd <ans5/ednsformerr 506 507$RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i 508 509sleep 10 510 511$DIGCMD nil. TXT | grep 'EDNS FORMERR' >/dev/null || { 512 echo_i "failed" 513 status=$((status + 1)) 514} 515 516n=$((n + 1)) 517echo_i "check that we ask for and got a EDNS EXPIRE response when transfering from a secondary ($n)" 518tmp=0 519msg="zone edns-expire/IN: zone transfer finished: success, expire=1814[0-4][0-9][0-9]" 520grep "$msg" ns7/named.run >/dev/null || tmp=1 521[ "$tmp" -ne 0 ] && echo_i "failed" 522status=$((status + tmp)) 523 524n=$((n + 1)) 525echo_i "check that we ask for and get a EDNS EXPIRE response when refreshing ($n)" 526# force a refresh query 527$RNDCCMD 10.53.0.7 refresh edns-expire 2>&1 | sed 's/^/ns7 /' | cat_i 528sleep 10 529 530# there may be multiple log entries so get the last one. 531expire=$(awk '/edns-expire\/IN: got EDNS EXPIRE of/ { x=$9 } END { print x }' ns7/named.run) 532test ${expire:-0} -gt 0 -a ${expire:-0} -lt 1814400 || { 533 echo_i "failed (expire=${expire:-0})" 534 status=$((status + 1)) 535} 536 537n=$((n + 1)) 538echo_i "test smaller transfer TCP message size ($n)" 539$DIG $DIGOPTS example. @10.53.0.8 axfr \ 540 -y "${DEFAULT_HMAC}:key1.:1234abcd8765" >dig.out.msgsize.test$n || status=1 541 542bytes=$(wc -c <dig.out.msgsize.test$n) 543if [ $bytes -ne 459357 ]; then 544 echo_i "failed axfr size check" 545 status=$((status + 1)) 546fi 547 548num_messages=$(cat ns8/named.run | grep "sending TCP message of" | wc -l) 549if [ $num_messages -le 300 ]; then 550 echo_i "failed transfer message count check" 551 status=$((status + 1)) 552fi 553 554n=$((n + 1)) 555echo_i "test mapped zone with out of zone data ($n)" 556tmp=0 557$DIG -p ${PORT} txt mapped @10.53.0.3 >dig.out.1.test$n 558grep "status: NOERROR," dig.out.1.test$n >/dev/null || tmp=1 559stop_server ns3 560start_server --noclean --restart --port ${PORT} ns3 561check_mapped() { 562 $DIG -p ${PORT} txt mapped @10.53.0.3 >dig.out.2.test$n 563 grep "status: NOERROR," dig.out.2.test$n >/dev/null || return 1 564 $DIG -p ${PORT} axfr mapped @10.53.0.3 >dig.out.3.test$n 565 digcomp knowngood.mapped dig.out.3.test$n || return 1 566 return 0 567} 568retry_quiet 10 check_mapped || tmp=1 569[ "$tmp" -ne 0 ] && echo_i "failed" 570status=$((status + tmp)) 571 572n=$((n + 1)) 573echo_i "test that a zone with too many records is rejected (AXFR) ($n)" 574tmp=0 575grep "'axfr-too-big/IN'.*: too many records" ns6/named.run >/dev/null || tmp=1 576if test $tmp != 0; then echo_i "failed"; fi 577status=$((status + tmp)) 578 579n=$((n + 1)) 580echo_i "test that a zone with too many records is rejected (IXFR) ($n)" 581tmp=0 582nextpart ns6/named.run >/dev/null 583$NSUPDATE <<EOF 584zone ixfr-too-big 585server 10.53.0.1 ${PORT} 586update add the-31st-record.ixfr-too-big 0 TXT this is it 587send 588EOF 589msg="'ixfr-too-big/IN' from 10.53.0.1#${PORT}: Transfer status: too many records" 590wait_for_log 10 "$msg" ns6/named.run || tmp=1 591if test $tmp != 0; then echo_i "failed"; fi 592status=$((status + tmp)) 593 594n=$((n + 1)) 595echo_i "checking whether dig calculates AXFR statistics correctly ($n)" 596tmp=0 597# Loop until the secondary server manages to transfer the "xfer-stats" zone so 598# that we can both check dig output and immediately proceed with the next test. 599# Use -b so that we can discern between incoming and outgoing transfers in ns3 600# logs later on. 601wait_for_xfer() ( 602 $DIG $DIGOPTS +edns +nocookie +noexpire +stat -b 10.53.0.2 @10.53.0.3 xfer-stats. AXFR >dig.out.ns3.test$n 603 grep "; Transfer failed" dig.out.ns3.test$n >/dev/null || return 0 604 return 1 605) 606if retry_quiet 10 wait_for_xfer; then 607 get_dig_xfer_stats dig.out.ns3.test$n >stats.dig 608 diff axfr-stats.good stats.dig || tmp=1 609else 610 echo_i "timed out waiting for zone transfer" 611fi 612if test $tmp != 0; then echo_i "failed"; fi 613status=$((status + tmp)) 614 615# Note: in the next two tests, we use ns3 logs for checking both incoming and 616# outgoing transfer statistics as ns3 is both a secondary server (for ns1) and a 617# primary server (for dig queries from the previous test) for "xfer-stats". 618n=$((n + 1)) 619echo_i "checking whether named calculates incoming AXFR statistics correctly ($n)" 620tmp=0 621get_named_xfer_stats ns3/named.run 10.53.0.1 xfer-stats "Transfer completed" >stats.incoming 622diff axfr-stats.good stats.incoming || tmp=1 623if test $tmp != 0; then echo_i "failed"; fi 624status=$((status + tmp)) 625 626n=$((n + 1)) 627echo_i "checking whether named calculates outgoing AXFR statistics correctly ($n)" 628tmp=0 629check_xfer_stats() { 630 get_named_xfer_stats ns3/named.run 10.53.0.2 xfer-stats "AXFR ended" >stats.outgoing 631 diff axfr-stats.good stats.outgoing >/dev/null 632} 633retry_quiet 10 check_xfer_stats || tmp=1 634if test $tmp != 0; then echo_i "failed"; fi 635status=$((status + tmp)) 636 637n=$((n + 1)) 638echo_i "test that transfer-source uses port option correctly ($n)" 639tmp=0 640grep "10.53.0.3#${EXTRAPORT1} (primary): query 'primary/SOA/IN' approved" ns6/named.run >/dev/null || tmp=1 641if test $tmp != 0; then echo_i "failed"; fi 642status=$((status + tmp)) 643 644wait_for_message() ( 645 nextpartpeek ns6/named.run >wait_for_message.$n 646 grep -F "$1" wait_for_message.$n >/dev/null 647) 648 649nextpart ns6/named.run >/dev/null 650 651n=$((n + 1)) 652echo_i "test that named tries the next primary in the list when the first one fails (XoT -> Do53) ($n)" 653tmp=0 654$RNDCCMD 10.53.0.6 retransfer xot-primary-try-next 2>&1 | sed 's/^/ns6 /' | cat_i 655msg="'xot-primary-try-next/IN' from 10.53.0.1#${PORT}: Transfer status: success" 656retry_quiet 60 wait_for_message "$msg" || tmp=1 657if test $tmp != 0; then echo_i "failed"; fi 658status=$((status + tmp)) 659 660nextpart ns6/named.run >/dev/null 661 662n=$((n + 1)) 663echo_i "test that named tries the next primary in the list when the first one is already marked as unreachable (XoT -> Do53) ($n)" 664tmp=0 665$RNDCCMD 10.53.0.6 retransfer xot-primary-try-next 2>&1 | sed 's/^/ns6 /' | cat_i 666msg="'xot-primary-try-next/IN' from 10.53.0.1#${PORT}: Transfer status: success" 667retry_quiet 60 wait_for_message "$msg" || tmp=1 668if test $tmp != 0; then echo_i "failed"; fi 669status=$((status + tmp)) 670 671# Restart ns1 with -T transferslowly 672stop_server ns1 673copy_setports ns1/named2.conf.in ns1/named.conf 674start_server --noclean --restart --port ${PORT} ns1 -- "-D xfer-ns1 $NS_PARAMS -T transferinsecs -T transferslowly" 675sleep 1 676 677nextpart ns6/named.run >/dev/null 678 679n=$((n + 1)) 680echo_i "test rndc retransfer -force ($n)" 681tmp=0 682$RNDCCMD 10.53.0.6 retransfer axfr-rndc-retransfer-force 2>&1 | sed 's/^/ns6 /' | cat_i 683# Wait for at least one message 684msg="'axfr-rndc-retransfer-force/IN' from 10.53.0.1#${PORT}: received" 685retry_quiet 5 wait_for_message "$msg" || tmp=1 686# Issue a retransfer-force command which should cancel the ongoing transfer and start a new one 687$RNDCCMD 10.53.0.6 retransfer -force axfr-rndc-retransfer-force 2>&1 | sed 's/^/ns6 /' | cat_i 688msg="'axfr-rndc-retransfer-force/IN' from 10.53.0.1#${PORT}: Transfer status: shutting down" 689retry_quiet 5 wait_for_message "$msg" || tmp=1 690# Wait for the new transfer to complete successfully 691msg="'axfr-rndc-retransfer-force/IN' from 10.53.0.1#${PORT}: Transfer status: success" 692retry_quiet 30 wait_for_message "$msg" || tmp=1 693if test $tmp != 0; then echo_i "failed"; fi 694status=$((status + tmp)) 695 696nextpart ns6/named.run >/dev/null 697 698n=$((n + 1)) 699echo_i "test max-transfer-time-in with 1 second timeout ($n)" 700$RNDCCMD 10.53.0.6 retransfer axfr-max-transfer-time 2>&1 | sed 's/^/ns6 /' | cat_i 701tmp=0 702retry_quiet 10 wait_for_message "maximum transfer time exceeded: timed out" || tmp=1 703status=$((status + tmp)) 704 705# Restart ns1 with -T transferstuck 706stop_server ns1 707copy_setports ns1/named3.conf.in ns1/named.conf 708start_server --noclean --restart --port ${PORT} ns1 -- "-D xfer-ns1 $NS_PARAMS -T transferinsecs -T transferstuck" 709sleep 1 710 711nextpart ns6/named.run >/dev/null 712 713n=$((n + 1)) 714echo_i "test max-transfer-idle-in with 50 seconds timeout ($n)" 715start=$(date +%s) 716$RNDCCMD 10.53.0.6 retransfer axfr-max-idle-time 2>&1 | sed 's/^/ns6 /' | cat_i 717tmp=0 718retry_quiet 60 wait_for_message "maximum idle time exceeded: timed out" || tmp=1 719if [ $tmp -eq 0 ]; then 720 now=$(date +%s) 721 diff=$((now - start)) 722 # we expect a timeout in 50 seconds 723 test $diff -lt 50 && tmp=1 724 test $diff -ge 59 && tmp=1 725 if test $tmp != 0; then echo_i "unexpected diff value: ${diff}"; fi 726fi 727status=$((status + tmp)) 728 729echo_i "exit status: $status" 730[ $status -eq 0 ] || exit 1 731