1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2004, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# Copyright (C) 2000, 2001 Internet Software Consortium. 5*00b67f09SDavid van Moolenbroek# 6*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 7*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 8*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 9*00b67f09SDavid van Moolenbroek# 10*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 17*00b67f09SDavid van Moolenbroek 18*00b67f09SDavid van Moolenbroek# Id: tests.sh,v 1.22 2012/02/09 23:47:18 tbox Exp 19*00b67f09SDavid van Moolenbroek 20*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 21*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 22*00b67f09SDavid van Moolenbroek 23*00b67f09SDavid van Moolenbroekstatus=0 24*00b67f09SDavid van Moolenbroekn=0 25*00b67f09SDavid van Moolenbroek 26*00b67f09SDavid van Moolenbroekecho "I:checking non-cachable NXDOMAIN response handling" 27*00b67f09SDavid van Moolenbroekret=0 28*00b67f09SDavid van Moolenbroek$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 29*00b67f09SDavid van Moolenbroekgrep "status: NXDOMAIN" dig.out > /dev/null || ret=1 30*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 31*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 32*00b67f09SDavid van Moolenbroek 33*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 34*00b67f09SDavid van Moolenbroekecho "I:checking non-cachable NXDOMAIN response handling using dns_client" 35*00b67f09SDavid van Moolenbroek ret=0 36*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out || ret=1 37*00b67f09SDavid van Moolenbroek grep "resolution failed: ncache nxdomain" resolve.out > /dev/null || ret=1 38*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 39*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 40*00b67f09SDavid van Moolenbroekfi 41*00b67f09SDavid van Moolenbroek 42*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 43*00b67f09SDavid van Moolenbroekecho "I:checking that local bound address can be set (Can't query from a denied address)" 44*00b67f09SDavid van Moolenbroek ret=0 45*00b67f09SDavid van Moolenbroek ${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out || ret=1 46*00b67f09SDavid van Moolenbroek grep "resolution failed: failure" resolve.out > /dev/null || ret=1 47*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 48*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 49*00b67f09SDavid van Moolenbroek 50*00b67f09SDavid van Moolenbroekecho "I:checking that local bound address can be set (Can query from an allowed address)" 51*00b67f09SDavid van Moolenbroek ret=0 52*00b67f09SDavid van Moolenbroek ${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1 53*00b67f09SDavid van Moolenbroek grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 54*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 55*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 56*00b67f09SDavid van Moolenbroekfi 57*00b67f09SDavid van Moolenbroek 58*00b67f09SDavid van Moolenbroekecho "I:checking non-cachable NODATA response handling" 59*00b67f09SDavid van Moolenbroekret=0 60*00b67f09SDavid van Moolenbroek$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 61*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 62*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 63*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 64*00b67f09SDavid van Moolenbroek 65*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 66*00b67f09SDavid van Moolenbroek echo "I:checking non-cachable NODATA response handling using dns_client" 67*00b67f09SDavid van Moolenbroek ret=0 68*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out || ret=1 69*00b67f09SDavid van Moolenbroek grep "resolution failed: ncache nxrrset" resolve.out > /dev/null || ret=1 70*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 71*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 72*00b67f09SDavid van Moolenbroekfi 73*00b67f09SDavid van Moolenbroek 74*00b67f09SDavid van Moolenbroekecho "I:checking handling of bogus referrals" 75*00b67f09SDavid van Moolenbroek# If the server has the "INSIST(!external)" bug, this query will kill it. 76*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 77*00b67f09SDavid van Moolenbroek 78*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 79*00b67f09SDavid van Moolenbroek echo "I:checking handling of bogus referrals using dns_client" 80*00b67f09SDavid van Moolenbroek ret=0 81*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out || ret=1 82*00b67f09SDavid van Moolenbroek grep "resolution failed: failure" resolve.out > /dev/null || ret=1 83*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 84*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 85*00b67f09SDavid van Moolenbroekfi 86*00b67f09SDavid van Moolenbroek 87*00b67f09SDavid van Moolenbroekecho "I:check handling of cname + other data / 1" 88*00b67f09SDavid van Moolenbroek$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 89*00b67f09SDavid van Moolenbroek 90*00b67f09SDavid van Moolenbroekecho "I:check handling of cname + other data / 2" 91*00b67f09SDavid van Moolenbroek$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 92*00b67f09SDavid van Moolenbroek 93*00b67f09SDavid van Moolenbroekecho "I:check that server is still running" 94*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 95*00b67f09SDavid van Moolenbroek 96*00b67f09SDavid van Moolenbroekecho "I:checking answer IPv4 address filtering (deny)" 97*00b67f09SDavid van Moolenbroekret=0 98*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 99*00b67f09SDavid van Moolenbroekgrep "status: SERVFAIL" dig.out > /dev/null || ret=1 100*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 101*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 102*00b67f09SDavid van Moolenbroek 103*00b67f09SDavid van Moolenbroekecho "I:checking answer IPv6 address filtering (deny)" 104*00b67f09SDavid van Moolenbroekret=0 105*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out || ret=1 106*00b67f09SDavid van Moolenbroekgrep "status: SERVFAIL" dig.out > /dev/null || ret=1 107*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 108*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 109*00b67f09SDavid van Moolenbroek 110*00b67f09SDavid van Moolenbroekecho "I:checking answer IPv4 address filtering (accept)" 111*00b67f09SDavid van Moolenbroekret=0 112*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 113*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 114*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 115*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 116*00b67f09SDavid van Moolenbroek 117*00b67f09SDavid van Moolenbroek 118*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 119*00b67f09SDavid van Moolenbroek echo "I:checking answer IPv4 address filtering using dns_client (accept)" 120*00b67f09SDavid van Moolenbroek ret=0 121*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1 122*00b67f09SDavid van Moolenbroek grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 123*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 124*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 125*00b67f09SDavid van Moolenbroekfi 126*00b67f09SDavid van Moolenbroek 127*00b67f09SDavid van Moolenbroekecho "I:checking answer IPv6 address filtering (accept)" 128*00b67f09SDavid van Moolenbroekret=0 129*00b67f09SDavid van Moolenbroek$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out || ret=1 130*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 131*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 132*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 133*00b67f09SDavid van Moolenbroek 134*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 135*00b67f09SDavid van Moolenbroek echo "I:checking answer IPv6 address filtering using dns_client (accept)" 136*00b67f09SDavid van Moolenbroek ret=0 137*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out || ret=1 138*00b67f09SDavid van Moolenbroek grep "www.example.org..*.2001:db8:beef::1" resolve.out > /dev/null || ret=1 139*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 140*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 141*00b67f09SDavid van Moolenbroekfi 142*00b67f09SDavid van Moolenbroek 143*00b67f09SDavid van Moolenbroekecho "I:checking CNAME target filtering (deny)" 144*00b67f09SDavid van Moolenbroekret=0 145*00b67f09SDavid van Moolenbroek$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 146*00b67f09SDavid van Moolenbroekgrep "status: SERVFAIL" dig.out > /dev/null || ret=1 147*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 148*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 149*00b67f09SDavid van Moolenbroek 150*00b67f09SDavid van Moolenbroekecho "I:checking CNAME target filtering (accept)" 151*00b67f09SDavid van Moolenbroekret=0 152*00b67f09SDavid van Moolenbroek$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 153*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 154*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 155*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 156*00b67f09SDavid van Moolenbroek 157*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 158*00b67f09SDavid van Moolenbroek echo "I:checking CNAME target filtering using dns_client (accept)" 159*00b67f09SDavid van Moolenbroek ret=0 160*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out || ret=1 161*00b67f09SDavid van Moolenbroek grep "goodcname.example.net..*.goodcname.example.org." resolve.out > /dev/null || ret=1 162*00b67f09SDavid van Moolenbroek grep "goodcname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 163*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 164*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 165*00b67f09SDavid van Moolenbroekfi 166*00b67f09SDavid van Moolenbroek 167*00b67f09SDavid van Moolenbroekecho "I:checking CNAME target filtering (accept due to subdomain)" 168*00b67f09SDavid van Moolenbroekret=0 169*00b67f09SDavid van Moolenbroek$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 170*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 171*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 172*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 173*00b67f09SDavid van Moolenbroek 174*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 175*00b67f09SDavid van Moolenbroek echo "I:checking CNAME target filtering using dns_client (accept due to subdomain)" 176*00b67f09SDavid van Moolenbroek ret=0 177*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out || ret=1 178*00b67f09SDavid van Moolenbroek grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1 179*00b67f09SDavid van Moolenbroek grep "ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 180*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 181*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 182*00b67f09SDavid van Moolenbroekfi 183*00b67f09SDavid van Moolenbroek 184*00b67f09SDavid van Moolenbroekecho "I:checking DNAME target filtering (deny)" 185*00b67f09SDavid van Moolenbroekret=0 186*00b67f09SDavid van Moolenbroek$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 187*00b67f09SDavid van Moolenbroekgrep "status: SERVFAIL" dig.out > /dev/null || ret=1 188*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 189*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 190*00b67f09SDavid van Moolenbroek 191*00b67f09SDavid van Moolenbroekecho "I:checking DNAME target filtering (accept)" 192*00b67f09SDavid van Moolenbroekret=0 193*00b67f09SDavid van Moolenbroek$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 194*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 195*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 196*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 197*00b67f09SDavid van Moolenbroek 198*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 199*00b67f09SDavid van Moolenbroek echo "I:checking DNAME target filtering using dns_client (accept)" 200*00b67f09SDavid van Moolenbroek ret=0 201*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out || ret=1 202*00b67f09SDavid van Moolenbroek grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out > /dev/null || ret=1 203*00b67f09SDavid van Moolenbroek grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 204*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 205*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 206*00b67f09SDavid van Moolenbroekfi 207*00b67f09SDavid van Moolenbroek 208*00b67f09SDavid van Moolenbroekecho "I:checking DNAME target filtering (accept due to subdomain)" 209*00b67f09SDavid van Moolenbroekret=0 210*00b67f09SDavid van Moolenbroek$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1 211*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out > /dev/null || ret=1 212*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 213*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 214*00b67f09SDavid van Moolenbroek 215*00b67f09SDavid van Moolenbroekif [ -x ${RESOLVE} ] ; then 216*00b67f09SDavid van Moolenbroek echo "I:checking DNAME target filtering using dns_client (accept due to subdomain)" 217*00b67f09SDavid van Moolenbroek ret=0 218*00b67f09SDavid van Moolenbroek ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out || ret=1 219*00b67f09SDavid van Moolenbroek grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1 220*00b67f09SDavid van Moolenbroek grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1 221*00b67f09SDavid van Moolenbroek if [ $ret != 0 ]; then echo "I:failed"; fi 222*00b67f09SDavid van Moolenbroek status=`expr $status + $ret` 223*00b67f09SDavid van Moolenbroekfi 224*00b67f09SDavid van Moolenbroek 225*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 226*00b67f09SDavid van Moolenbroekecho "I: RT21594 regression test check setup ($n)" 227*00b67f09SDavid van Moolenbroekret=0 228*00b67f09SDavid van Moolenbroek# Check that "aa" is not being set by the authoritative server. 229*00b67f09SDavid van Moolenbroek$DIG +tcp . @10.53.0.4 soa -p 5300 > dig.ns4.out.${n} || ret=1 230*00b67f09SDavid van Moolenbroekgrep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1 231*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 232*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 233*00b67f09SDavid van Moolenbroek 234*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 235*00b67f09SDavid van Moolenbroekecho "I: RT21594 regression test positive answers ($n)" 236*00b67f09SDavid van Moolenbroekret=0 237*00b67f09SDavid van Moolenbroek# Check that resolver accepts the non-authoritative positive answers. 238*00b67f09SDavid van Moolenbroek$DIG +tcp . @10.53.0.5 soa -p 5300 > dig.ns5.out.${n} || ret=1 239*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1 240*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 241*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 242*00b67f09SDavid van Moolenbroek 243*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 244*00b67f09SDavid van Moolenbroekecho "I: RT21594 regression test NODATA answers ($n)" 245*00b67f09SDavid van Moolenbroekret=0 246*00b67f09SDavid van Moolenbroek# Check that resolver accepts the non-authoritative nodata answers. 247*00b67f09SDavid van Moolenbroek$DIG +tcp . @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1 248*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1 249*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 250*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 251*00b67f09SDavid van Moolenbroek 252*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 253*00b67f09SDavid van Moolenbroekecho "I: RT21594 regression test NXDOMAIN answers ($n)" 254*00b67f09SDavid van Moolenbroekret=0 255*00b67f09SDavid van Moolenbroek# Check that resolver accepts the non-authoritative positive answers. 256*00b67f09SDavid van Moolenbroek$DIG +tcp noexistant @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1 257*00b67f09SDavid van Moolenbroekgrep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1 258*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 259*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 260*00b67f09SDavid van Moolenbroek 261*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 262*00b67f09SDavid van Moolenbroekecho "I:check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)" 263*00b67f09SDavid van Moolenbroekret=0 264*00b67f09SDavid van Moolenbroek$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=1 265*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1 266*00b67f09SDavid van Moolenbroekif [ $ret = 1 ]; then echo "I:mx priming failed"; fi 267*00b67f09SDavid van Moolenbroek$NSUPDATE << EOF 268*00b67f09SDavid van Moolenbroekserver 10.53.0.6 5300 269*00b67f09SDavid van Moolenbroekzone example.net 270*00b67f09SDavid van Moolenbroekupdate delete mail.example.net A 271*00b67f09SDavid van Moolenbroekupdate add mail.example.net 0 AAAA ::1 272*00b67f09SDavid van Moolenbroeksend 273*00b67f09SDavid van MoolenbroekEOF 274*00b67f09SDavid van Moolenbroek$DIG +tcp a mail.example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2 275*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2 276*00b67f09SDavid van Moolenbroekgrep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2 277*00b67f09SDavid van Moolenbroekif [ $ret = 2 ]; then echo "I:ncache priming failed"; fi 278*00b67f09SDavid van Moolenbroek$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=3 279*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3 280*00b67f09SDavid van Moolenbroek$DIG +tcp rrsig mail.example.net +norec @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=4 281*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4 282*00b67f09SDavid van Moolenbroekgrep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4 283*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 284*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 285*00b67f09SDavid van Moolenbroek 286*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 287*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 288*00b67f09SDavid van Moolenbroek 289*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 290*00b67f09SDavid van Moolenbroekecho "I:checking that update a nameservers address has immediate effects ($n)" 291*00b67f09SDavid van Moolenbroekret=0 292*00b67f09SDavid van Moolenbroek$DIG +tcp TXT foo.moves @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1 293*00b67f09SDavid van Moolenbroekgrep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 294*00b67f09SDavid van Moolenbroek$NSUPDATE << EOF 295*00b67f09SDavid van Moolenbroekserver 10.53.0.7 5300 296*00b67f09SDavid van Moolenbroekzone server 297*00b67f09SDavid van Moolenbroekupdate delete ns.server A 298*00b67f09SDavid van Moolenbroekupdate add ns.server 300 A 10.53.0.4 299*00b67f09SDavid van Moolenbroeksend 300*00b67f09SDavid van MoolenbroekEOF 301*00b67f09SDavid van Moolenbroeksleep 1 302*00b67f09SDavid van Moolenbroek$DIG +tcp TXT bar.moves @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1 303*00b67f09SDavid van Moolenbroekgrep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1 304*00b67f09SDavid van Moolenbroek 305*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; status=1; fi 306*00b67f09SDavid van Moolenbroek 307*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 308*00b67f09SDavid van Moolenbroekecho "I:checking that update a nameservers glue has immediate effects ($n)" 309*00b67f09SDavid van Moolenbroekret=0 310*00b67f09SDavid van Moolenbroek$DIG +tcp TXT foo.child.server @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1 311*00b67f09SDavid van Moolenbroekgrep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 312*00b67f09SDavid van Moolenbroek$NSUPDATE << EOF 313*00b67f09SDavid van Moolenbroekserver 10.53.0.7 5300 314*00b67f09SDavid van Moolenbroekzone server 315*00b67f09SDavid van Moolenbroekupdate delete ns.child.server A 316*00b67f09SDavid van Moolenbroekupdate add ns.child.server 300 A 10.53.0.4 317*00b67f09SDavid van Moolenbroeksend 318*00b67f09SDavid van MoolenbroekEOF 319*00b67f09SDavid van Moolenbroeksleep 1 320*00b67f09SDavid van Moolenbroek$DIG +tcp TXT bar.child.server @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1 321*00b67f09SDavid van Moolenbroekgrep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1 322*00b67f09SDavid van Moolenbroek 323*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; status=1; fi 324*00b67f09SDavid van Moolenbroek 325*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 326*00b67f09SDavid van Moolenbroekecho "I:checking empty RFC 1918 reverse zones ($n)" 327*00b67f09SDavid van Moolenbroekret=0 328*00b67f09SDavid van Moolenbroek# Check that "aa" is being set by the resolver for RFC 1918 zones 329*00b67f09SDavid van Moolenbroek# except the one that has been deliberately disabled 330*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1 331*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1 332*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1 333*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1 334*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.16.1.1 > dig.ns4.out.3.${n} || ret=1 335*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1 336*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1 337*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1 338*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1 339*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1 340*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1 341*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1 342*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1 343*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1 344*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1 345*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1 346*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1 347*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1 348*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1 349*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1 350*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1 351*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1 352*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1 353*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1 354*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1 355*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1 356*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1 357*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1 358*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1 359*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1 360*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1 361*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1 362*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1 363*00b67f09SDavid van Moolenbroekgrep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1 364*00b67f09SDavid van Moolenbroek# but this one should NOT be authoritative 365*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1 366*00b67f09SDavid van Moolenbroekgrep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1 367*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; status=1; fi 368*00b67f09SDavid van Moolenbroek 369*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 370*00b67f09SDavid van Moolenbroekecho "I:checking that removal of a delegation is honoured ($n)" 371*00b67f09SDavid van Moolenbroekret=0 372*00b67f09SDavid van Moolenbroek$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n} 373*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; } 374*00b67f09SDavid van Moolenbroekcp ns4/tld2.db ns4/tld.db 375*00b67f09SDavid van Moolenbroek($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) | 376*00b67f09SDavid van Moolenbroeksed -e '/reload queued/d' -e 's/^/I:ns4 /' 377*00b67f09SDavid van Moolenbroekold= 378*00b67f09SDavid van Moolenbroekfor i in 0 1 2 3 4 5 6 7 8 9 379*00b67f09SDavid van Moolenbroekdo 380*00b67f09SDavid van Moolenbroek foo=0 381*00b67f09SDavid van Moolenbroek $DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null 382*00b67f09SDavid van Moolenbroek $DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n} 383*00b67f09SDavid van Moolenbroek grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1 384*00b67f09SDavid van Moolenbroek [ $foo = 0 ] && break 385*00b67f09SDavid van Moolenbroek $NSUPDATE << EOF 386*00b67f09SDavid van Moolenbroekserver 10.53.0.6 5300 387*00b67f09SDavid van Moolenbroekzone to-be-removed.tld 388*00b67f09SDavid van Moolenbroekupdate add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld 389*00b67f09SDavid van Moolenbroekupdate delete to-be-removed.tld NS ns${old}.to-be-removed.tld 390*00b67f09SDavid van Moolenbroeksend 391*00b67f09SDavid van MoolenbroekEOF 392*00b67f09SDavid van Moolenbroek old=$i 393*00b67f09SDavid van Moolenbroek sleep 1 394*00b67f09SDavid van Moolenbroekdone 395*00b67f09SDavid van Moolenbroek[ $ret = 0 ] && ret=$foo; 396*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; status=1; fi 397*00b67f09SDavid van Moolenbroek 398*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 399*00b67f09SDavid van Moolenbroekecho "I:check for improved error message with SOA mismatch ($n)" 400*00b67f09SDavid van Moolenbroekret=0 401*00b67f09SDavid van Moolenbroek$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1 402*00b67f09SDavid van Moolenbroekgrep "not subdomain of zone" ns1/named.run > /dev/null || ret=1 403*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 404*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 405*00b67f09SDavid van Moolenbroek 406*00b67f09SDavid van Moolenbroekcp ns7/named2.conf ns7/named.conf 407*00b67f09SDavid van Moolenbroek$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /' 408*00b67f09SDavid van Moolenbroek 409*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 410*00b67f09SDavid van Moolenbroekecho "I:check resolution on the listening port ($n)" 411*00b67f09SDavid van Moolenbroekret=0 412*00b67f09SDavid van Moolenbroek$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2 413*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1 414*00b67f09SDavid van Moolenbroekgrep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1 415*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi 416*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 417*00b67f09SDavid van Moolenbroek 418*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 419*00b67f09SDavid van Moolenbroekecho "I:check prefetch (${n})" 420*00b67f09SDavid van Moolenbroekret=0 421*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.1.${n} || ret=1 422*00b67f09SDavid van Moolenbroekttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}` 423*00b67f09SDavid van Moolenbroek# sleep so we are in prefetch range 424*00b67f09SDavid van Moolenbroeksleep ${ttl1:-0} 425*00b67f09SDavid van Moolenbroek# trigger prefetch 426*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.2.${n} || ret=1 427*00b67f09SDavid van Moolenbroekttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 428*00b67f09SDavid van Moolenbroeksleep 1 429*00b67f09SDavid van Moolenbroek# check that prefetch occured 430*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.3.${n} || ret=1 431*00b67f09SDavid van Moolenbroekttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}` 432*00b67f09SDavid van Moolenbroektest ${ttl:-0} -gt ${ttl2:-1} || ret=1 433*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 434*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 435*00b67f09SDavid van Moolenbroek 436*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 437*00b67f09SDavid van Moolenbroekecho "I:check prefetch disabled (${n})" 438*00b67f09SDavid van Moolenbroekret=0 439*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.1.${n} || ret=1 440*00b67f09SDavid van Moolenbroekttl1=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.1.${n}` 441*00b67f09SDavid van Moolenbroek# sleep so we are in expire range 442*00b67f09SDavid van Moolenbroeksleep ${ttl1:-0} 443*00b67f09SDavid van Moolenbroek# look for zero ttl, allow for one miss at getting zero ttl 444*00b67f09SDavid van Moolenbroekzerotonine="0 1 2 3 4 5 6 7 8 9" 445*00b67f09SDavid van Moolenbroekfor i in $zerotonine $zerotonine $zerotonine $zerotonine 446*00b67f09SDavid van Moolenbroekdo 447*00b67f09SDavid van Moolenbroek $DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.2.${n} || ret=1 448*00b67f09SDavid van Moolenbroek ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 449*00b67f09SDavid van Moolenbroek test ${ttl2:-1} -eq 0 && break 450*00b67f09SDavid van Moolenbroek $PERL -e 'select(undef, undef, undef, 0.05);' 451*00b67f09SDavid van Moolenbroekdone 452*00b67f09SDavid van Moolenbroektest ${ttl2:-1} -eq 0 || ret=1 453*00b67f09SDavid van Moolenbroek# delay so that any prefetched record will have a lower ttl than expected 454*00b67f09SDavid van Moolenbroeksleep 3 455*00b67f09SDavid van Moolenbroek# check that prefetch has not occured 456*00b67f09SDavid van Moolenbroek$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.3.${n} || ret=1 457*00b67f09SDavid van Moolenbroekttl=`awk '/"A" "short" "ttl"/ { print $2 - 1 }' dig.out.3.${n}` 458*00b67f09SDavid van Moolenbroektest ${ttl:-0} -eq ${ttl1:-1} || ret=1 459*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 460*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 461*00b67f09SDavid van Moolenbroek 462*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 463*00b67f09SDavid van Moolenbroekecho "I:check prefetch qtype * (${n})" 464*00b67f09SDavid van Moolenbroekret=0 465*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.1.${n} || ret=1 466*00b67f09SDavid van Moolenbroekttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}` 467*00b67f09SDavid van Moolenbroek# sleep so we are in prefetch range 468*00b67f09SDavid van Moolenbroeksleep ${ttl1:-0} 469*00b67f09SDavid van Moolenbroek# trigger prefetch 470*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.2.${n} || ret=1 471*00b67f09SDavid van Moolenbroekttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}` 472*00b67f09SDavid van Moolenbroeksleep 1 473*00b67f09SDavid van Moolenbroek# check that the nameserver is still alive 474*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.3.${n} || ret=1 475*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 476*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 477*00b67f09SDavid van Moolenbroek 478*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 479*00b67f09SDavid van Moolenbroekecho "I:check that E was logged on EDNS queries in the query log (${n})" 480*00b67f09SDavid van Moolenbroekret=0 481*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1 482*00b67f09SDavid van Moolenbroekgrep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1 483*00b67f09SDavid van Moolenbroek$DIG @10.53.0.5 -p 5300 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1 484*00b67f09SDavid van Moolenbroekgrep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1 485*00b67f09SDavid van Moolenbroekgrep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1 486*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 487*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 488*00b67f09SDavid van Moolenbroek 489*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 490*00b67f09SDavid van Moolenbroekecho "I:check that '-t aaaa' in .digrc does not have unexpected side effects ($n)" 491*00b67f09SDavid van Moolenbroekret=0 492*00b67f09SDavid van Moolenbroekecho "-t aaaa" > .digrc 493*00b67f09SDavid van Moolenbroekenv HOME=`pwd` $DIG @10.53.0.4 -p 5300 . > dig.out.1.${n} || ret=1 494*00b67f09SDavid van Moolenbroekenv HOME=`pwd` $DIG @10.53.0.4 -p 5300 . A > dig.out.2.${n} || ret=1 495*00b67f09SDavid van Moolenbroekenv HOME=`pwd` $DIG @10.53.0.4 -p 5300 -x 127.0.0.1 > dig.out.3.${n} || ret=1 496*00b67f09SDavid van Moolenbroekgrep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1 497*00b67f09SDavid van Moolenbroekgrep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1 498*00b67f09SDavid van Moolenbroekgrep 'extra type option' dig.out.2.${n} > /dev/null && ret=1 499*00b67f09SDavid van Moolenbroekgrep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1 500*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 501*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 502*00b67f09SDavid van Moolenbroek 503*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 504*00b67f09SDavid van Moolenbroekecho "I:check that CNAME nameserver is logged correctly (${n})" 505*00b67f09SDavid van Moolenbroekret=0 506*00b67f09SDavid van Moolenbroek$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 507*00b67f09SDavid van Moolenbroekgrep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1 508*00b67f09SDavid van Moolenbroekgrep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1 509*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 510*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 511*00b67f09SDavid van Moolenbroek 512*00b67f09SDavid van Moolenbroekecho "I:exit status: $status" 513*00b67f09SDavid van Moolenbroekexit $status 514