1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18DIGOPTS="-p ${PORT}" 19RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s" 20 21status=0 22n=0 23 24dotests() { 25 n=$((n + 1)) 26 echo_i "test with RT, single zone (+rec) ($n)" 27 ret=0 28 $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 >dig.out.$n || ret=1 29 if [ $ret -eq 1 ]; then 30 echo_i "failed" 31 status=$((status + 1)) 32 fi 33 34 n=$((n + 1)) 35 echo_i "test with RT, two zones (+rec) ($n)" 36 ret=0 37 $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 >dig.out.$n || ret=1 38 if [ $ret -eq 1 ]; then 39 echo_i "failed" 40 status=$((status + 1)) 41 fi 42 43 n=$((n + 1)) 44 echo_i "test with NAPTR, single zone (+rec) ($n)" 45 ret=0 46 $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 >dig.out.$n || ret=1 47 if [ $ret -eq 1 ]; then 48 echo_i "failed" 49 status=$((status + 1)) 50 fi 51 52 n=$((n + 1)) 53 echo_i "test with NAPTR, two zones (+rec) ($n)" 54 ret=0 55 $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 >dig.out.$n || ret=1 56 if [ $ret -eq 1 ]; then 57 echo_i "failed" 58 status=$((status + 1)) 59 fi 60 61 n=$((n + 1)) 62 echo_i "test with LP (+rec) ($n)" 63 ret=0 64 $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1 65 case $minimal in 66 no) 67 grep -w "NS" dig.out.$n >/dev/null || ret=1 68 grep -w "L64" dig.out.$n >/dev/null || ret=1 69 grep -w "L32" dig.out.$n >/dev/null || ret=1 70 ;; 71 yes) 72 grep -w "NS" dig.out.$n >/dev/null && ret=1 73 grep -w "L64" dig.out.$n >/dev/null && ret=1 74 grep -w "L32" dig.out.$n >/dev/null && ret=1 75 ;; 76 no-auth) 77 grep -w "NS" dig.out.$n >/dev/null && ret=1 78 grep -w "L64" dig.out.$n >/dev/null || ret=1 79 grep -w "L32" dig.out.$n >/dev/null || ret=1 80 ;; 81 no-auth-recursive) 82 grep -w "NS" dig.out.$n >/dev/null && ret=1 83 grep -w "L64" dig.out.$n >/dev/null || ret=1 84 grep -w "L32" dig.out.$n >/dev/null || ret=1 85 ;; 86 esac 87 if [ $ret -eq 1 ]; then 88 echo_i "failed" 89 status=$((status + 1)) 90 fi 91 92 n=$((n + 1)) 93 echo_i "test with NID (+rec) ($n)" 94 ret=0 95 $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 >dig.out.$n || ret=1 96 if [ $minimal = no ]; then 97 # change && to || when we support NID additional processing 98 grep -w "L64" dig.out.$n >/dev/null && ret=1 99 grep -w "L32" dig.out.$n >/dev/null && ret=1 100 else 101 grep -w "L64" dig.out.$n >/dev/null && ret=1 102 grep -w "L32" dig.out.$n >/dev/null && ret=1 103 fi 104 if [ $ret -eq 1 ]; then 105 echo_i "failed" 106 status=$((status + 1)) 107 fi 108 109 n=$((n + 1)) 110 echo_i "test with NID + LP (+rec) ($n)" 111 ret=0 112 $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1 113 if [ $minimal = no ]; then 114 # change && to || when we support NID additional processing 115 grep -w "LP" dig.out.$n >/dev/null && ret=1 116 grep -w "L64" dig.out.$n >/dev/null && ret=1 117 grep -w "L32" dig.out.$n >/dev/null && ret=1 118 else 119 grep -w "LP" dig.out.$n >/dev/null && ret=1 120 grep -w "L64" dig.out.$n >/dev/null && ret=1 121 grep -w "L32" dig.out.$n >/dev/null && ret=1 122 fi 123 if [ $ret -eq 1 ]; then 124 echo_i "failed" 125 status=$((status + 1)) 126 fi 127 128 n=$((n + 1)) 129 echo_i "test with RT, single zone (+norec) ($n)" 130 ret=0 131 $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 >dig.out.$n || ret=1 132 if [ $ret -eq 1 ]; then 133 echo_i "failed" 134 status=$((status + 1)) 135 fi 136 137 n=$((n + 1)) 138 echo_i "test with RT, two zones (+norec) ($n)" 139 ret=0 140 $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 >dig.out.$n || ret=1 141 if [ $ret -eq 1 ]; then 142 echo_i "failed" 143 status=$((status + 1)) 144 fi 145 146 n=$((n + 1)) 147 echo_i "test with NAPTR, single zone (+norec) ($n)" 148 ret=0 149 $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 >dig.out.$n || ret=1 150 if [ $ret -eq 1 ]; then 151 echo_i "failed" 152 status=$((status + 1)) 153 fi 154 155 n=$((n + 1)) 156 echo_i "test with NAPTR, two zones (+norec) ($n)" 157 ret=0 158 $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 >dig.out.$n || ret=1 159 if [ $ret -eq 1 ]; then 160 echo_i "failed" 161 status=$((status + 1)) 162 fi 163 164 n=$((n + 1)) 165 echo_i "test with LP (+norec) ($n)" 166 ret=0 167 $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1 168 case $minimal in 169 no) 170 grep -w "NS" dig.out.$n >/dev/null || ret=1 171 grep -w "L64" dig.out.$n >/dev/null || ret=1 172 grep -w "L32" dig.out.$n >/dev/null || ret=1 173 ;; 174 yes) 175 grep -w "NS" dig.out.$n >/dev/null && ret=1 176 grep -w "L64" dig.out.$n >/dev/null && ret=1 177 grep -w "L32" dig.out.$n >/dev/null && ret=1 178 ;; 179 no-auth) 180 grep -w "NS" dig.out.$n >/dev/null && ret=1 181 grep -w "L64" dig.out.$n >/dev/null || ret=1 182 grep -w "L32" dig.out.$n >/dev/null || ret=1 183 ;; 184 no-auth-recursive) 185 grep -w "NS" dig.out.$n >/dev/null || ret=1 186 grep -w "L64" dig.out.$n >/dev/null || ret=1 187 grep -w "L32" dig.out.$n >/dev/null || ret=1 188 ;; 189 esac 190 if [ $ret -eq 1 ]; then 191 echo_i "failed" 192 status=$((status + 1)) 193 fi 194 195 n=$((n + 1)) 196 echo_i "test with NID (+norec) ($n)" 197 ret=0 198 $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 >dig.out.$n || ret=1 199 if [ $minimal = no ]; then 200 # change && to || when we support NID additional processing 201 grep -w "L64" dig.out.$n >/dev/null && ret=1 202 grep -w "L32" dig.out.$n >/dev/null && ret=1 203 else 204 grep -w "L64" dig.out.$n >/dev/null && ret=1 205 grep -w "L32" dig.out.$n >/dev/null && ret=1 206 fi 207 if [ $ret -eq 1 ]; then 208 echo_i "failed" 209 status=$((status + 1)) 210 fi 211 212 n=$((n + 1)) 213 echo_i "test with NID + LP (+norec) ($n)" 214 ret=0 215 $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1 216 if [ $minimal = no ]; then 217 # change && to || when we support NID additional processing 218 grep -w "LP" dig.out.$n >/dev/null && ret=1 219 grep -w "L64" dig.out.$n >/dev/null && ret=1 220 grep -w "L32" dig.out.$n >/dev/null && ret=1 221 else 222 grep -w "LP" dig.out.$n >/dev/null && ret=1 223 grep -w "L64" dig.out.$n >/dev/null && ret=1 224 grep -w "L32" dig.out.$n >/dev/null && ret=1 225 fi 226 if [ $ret -eq 1 ]; then 227 echo_i "failed" 228 status=$((status + 1)) 229 fi 230 231 n=$((n + 1)) 232 echo_i "test with NS, root zone ($n)" 233 ret=0 234 $DIG $DIGOPTS -t NS . @10.53.0.1 >dig.out.$n || ret=1 235 # Always expect glue for root priming queries, regardless $minimal 236 grep 'ADDITIONAL: 3' dig.out.$n >/dev/null || ret=1 237 if [ $ret -eq 1 ]; then 238 echo_i "failed" 239 status=$((status + 1)) 240 fi 241 242 n=$((n + 1)) 243 echo_i "test with NS, non-root zone ($n)" 244 ret=0 245 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 >dig.out.$n || ret=1 246 case $minimal in 247 yes) 248 grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1 249 ;; 250 no) 251 grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1 252 ;; 253 no-auth) 254 grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1 255 ;; 256 no-auth-recursive) 257 grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1 258 ;; 259 esac 260 if [ $ret -eq 1 ]; then 261 echo_i "failed" 262 status=$((status + 1)) 263 fi 264} 265 266echo_i "testing with 'minimal-responses yes;'" 267minimal=yes 268dotests 269 270echo_i "reconfiguring server: minimal-responses no" 271copy_setports ns1/named2.conf.in ns1/named.conf 272rndc_reconfig ns1 10.53.0.1 273 274echo_i "testing with 'minimal-responses no;'" 275minimal=no 276dotests 277 278n=$((n + 1)) 279echo_i "testing with 'minimal-any no;' ($n)" 280ret=0 281$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 >dig.out.$n || ret=1 282grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2" dig.out.$n >/dev/null || ret=1 283if [ $ret -eq 1 ]; then 284 echo_i "failed" 285 status=$((status + 1)) 286fi 287 288echo_i "reconfiguring server: minimal-any yes" 289copy_setports ns1/named3.conf.in ns1/named.conf 290rndc_reconfig ns1 10.53.0.1 291 292n=$((n + 1)) 293echo_i "testing with 'minimal-any yes;' over UDP ($n)" 294ret=0 295$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1 296grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1 297if [ $ret -eq 1 ]; then 298 echo_i "failed" 299 status=$((status + 1)) 300fi 301n=$((n + 1)) 302 303echo_i "testing with 'minimal-any yes;' over TCP ($n)" 304ret=0 305$DIG $DIGOPTS -t ANY +tcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1 306grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1 307if [ $ret -eq 1 ]; then 308 echo_i "failed" 309 status=$((status + 1)) 310fi 311 312n=$((n + 1)) 313echo_i "testing with 'minimal-any yes;' over UDP ($n)" 314ret=0 315$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1 316grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1 317if [ $ret -eq 1 ]; then 318 echo_i "failed" 319 status=$((status + 1)) 320fi 321 322echo_i "testing with 'minimal-responses no-auth;'" 323minimal=no-auth 324dotests 325 326echo_i "reconfiguring server: minimal-responses no-auth-recursive" 327copy_setports ns1/named4.conf.in ns1/named.conf 328rndc_reconfig ns1 10.53.0.1 329 330echo_i "testing with 'minimal-responses no-auth-recursive;'" 331minimal=no-auth-recursive 332dotests 333 334n=$((n + 1)) 335echo_i "testing returning TLSA records with MX query ($n)" 336ret=0 337$DIG $DIGOPTS -t mx mx.example @10.53.0.1 >dig.out.$n || ret=1 338grep "mx\.example\..*MX.0 mail\.mx\.example" dig.out.$n >/dev/null || ret=1 339grep "mail\.mx\.example\..*A.1\.2\.3\.4" dig.out.$n >/dev/null || ret=1 340grep "_25\._tcp\.mail\.mx\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n >/dev/null || ret=1 341if [ $ret -eq 1 ]; then 342 echo_i "failed" 343 status=$((status + 1)) 344fi 345 346n=$((n + 1)) 347echo_i "testing returning TLSA records with SRV query ($n)" 348ret=0 349$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 >dig.out.$n || ret=1 350grep "_xmpp-client\._tcp\.srv\.example\..*SRV.1 0 5222 server\.srv\.example" dig.out.$n >/dev/null || ret=1 351grep "server\.srv\.example\..*A.1\.2\.3\.4" dig.out.$n >/dev/null || ret=1 352grep "_5222\._tcp\.server\.srv\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n >/dev/null || ret=1 353if [ $ret -eq 1 ]; then 354 echo_i "failed" 355 status=$((status + 1)) 356fi 357 358echo_i "reconfiguring server: minimal-responses no" 359copy_setports ns1/named2.conf.in ns1/named.conf 360rndc_reconfig ns1 10.53.0.1 361 362n=$((n + 1)) 363echo_i "testing NS handling in ANY responses (authoritative) ($n)" 364ret=0 365$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 >dig.out.$n || ret=1 366grep "AUTHORITY: 0" dig.out.$n >/dev/null || ret=1 367grep "NS[ ]*ns" dig.out.$n >/dev/null || ret=1 368if [ $ret -eq 1 ]; then 369 echo_i "failed" 370 status=$((status + 1)) 371fi 372 373n=$((n + 1)) 374echo_i "testing NS handling in ANY responses (recursive) ($n)" 375ret=0 376$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 >dig.out.$n || ret=1 377grep "AUTHORITY: 0" dig.out.$n >/dev/null || ret=1 378grep "NS[ ]*ns" dig.out.$n >/dev/null || ret=1 379if [ $ret -eq 1 ]; then 380 echo_i "failed" 381 status=$((status + 1)) 382fi 383 384n=$((n + 1)) 385echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)" 386ret=0 387$DIG $DIGOPTS -t NS rt.example @10.53.0.1 >dig.out.$n || ret=1 388grep "ADDITIONAL: 2" dig.out.$n >/dev/null || ret=1 389if [ $ret -eq 1 ]; then 390 echo_i "failed" 391 status=$((status + 1)) 392fi 393 394n=$((n + 1)) 395echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)" 396ret=0 397$DIG $DIGOPTS -t NS ex @10.53.0.3 >dig.out.$n || ret=1 398grep "ADDITIONAL: 3" dig.out.$n >/dev/null || ret=1 399if [ $ret -eq 1 ]; then 400 echo_i "failed" 401 status=$((status + 1)) 402fi 403 404echo_i "exit status: $status" 405[ $status -eq 0 ] || exit 1 406