1#! /bin/sh 2# 3# Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17set -e 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22QPERF=`$SHELL qperf.sh` 23 24$SHELL clean.sh 25 26# set up test policy zones. 27# bl is the main test zone 28# bl-2 is used to check competing zones. 29# bl-{given,disabled,passthru,no-data,nxdomain,cname,wildcard,garden, 30# drop,tcp-only} are used to check policy overrides in named.conf. 31# NO-OP is an obsolete synonym for PASSHTRU 32for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do 33 sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db 34done 35 36# sign the root and a zone in ns2 37test -r $RANDFILE || $GENRANDOM 400 $RANDFILE 38 39# $1=directory, $2=domain name, $3=input zone file, $4=output file 40signzone () { 41 KEYNAME=`$KEYGEN -q -r $RANDFILE -b 512 -K $1 $2` 42 cat $1/$3 $1/$KEYNAME.key > $1/tmp 43 $SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null 44 sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf 45 rm dsset-$2 $1/tmp 46} 47signzone ns2 tld2s. base-tld2s.db tld2s.db 48 49 50# Performance and a few other checks. 51cat <<EOF >ns5/rpz-switch 52response-policy { 53 zone "bl0"; zone "bl1"; zone "bl2"; zone "bl3"; zone "bl4"; 54 zone "bl5"; zone "bl6"; zone "bl7"; zone "bl8"; zone "bl9"; 55 zone "bl10"; zone "bl11"; zone "bl12"; zone "bl13"; zone "bl14"; 56 zone "bl15"; zone "bl16"; zone "bl17"; zone "bl18"; zone "bl19"; 57 } recursive-only no 58 max-policy-ttl 90 59 break-dnssec yes 60 qname-wait-recurse no 61 ; 62EOF 63 64cat <<EOF >ns5/example.db 65\$TTL 300 66@ SOA . hostmaster.ns.example.tld5. ( 1 3600 1200 604800 60 ) 67 NS ns 68 NS ns1 69ns A 10.53.0.5 70ns1 A 10.53.0.5 71EOF 72 73cat <<EOF >ns5/bl.db 74\$TTL 300 75@ SOA . hostmaster.ns.blperf. ( 1 3600 1200 604800 60 ) 76 NS ns.tld5. 77 78; for "qname-wait-recurse no" in #35 test1 79x.servfail A 35.35.35.35 80; for "recursive-only no" in #8 test5 81a3-5.tld2 CNAME . 82; for "break-dnssec" in #9 & #10 test5 83a3-5.tld2s CNAME . 84; for "max-policy-ttl 90" in #17 test5 85a3-17.tld2 500 A 17.17.17.17 86 87; dummy NSDNAME policy to trigger lookups 88ns1.x.rpz-nsdname CNAME . 89EOF 90 91if test -n "$QPERF"; then 92 # Do not build the full zones if we will not use them. 93 $PERL -e 'for ($val = 1; $val <= 65535; ++$val) { 94 printf("host-%05d\tA 192.168.%d.%d\n", $val, $val/256, $val%256); 95 }' >>ns5/example.db 96 97 echo >>ns5/bl.db 98 echo "; rewrite some names" >>ns5/bl.db 99 $PERL -e 'for ($val = 2; $val <= 65535; $val += 69) { 100 printf("host-%05d.example.tld5\tCNAME\t.\n", $val); 101 }' >>ns5/bl.db 102 103 echo >>ns5/bl.db 104 echo "; rewrite with some not entirely trivial patricia trees" >>ns5/bl.db 105 $PERL -e 'for ($val = 3; $val <= 65535; $val += 69) { 106 printf("32.%d.%d.168.192.rpz-ip \tCNAME\t.\n", 107 $val%256, $val/256); 108 }' >>ns5/bl.db 109fi 110 111# some psuedo-random queryperf requests 112$PERL -e 'for ($cnt = $val = 1; $cnt <= 3000; ++$cnt) { 113 printf("host-%05d.example.tld5 A\n", $val); 114 $val = ($val * 9 + 32771) % 65536; 115 }' >ns5/requests 116 117cp ns2/bl.tld2.db.in ns2/bl.tld2.db 118cp ns5/empty.db.in ns5/empty.db 119cp ns5/empty.db.in ns5/policy2.db 120