1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18status=0 19n=1 20 21DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" 22 23wait_for_record() { 24 $DIG $DIGOPTS "$1" "$2" "$3" >"$4" || return 1 25 grep NOERROR "$4" >/dev/null || return 1 26 return 0 27} 28 29# Entry should exist. 30echo_i "check for failure from on zone load for 'check-names fail;' ($n)" 31ret=0 32$DIG $DIGOPTS fail.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1 33grep SERVFAIL dig.out.ns1.test$n >/dev/null || ret=1 34grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run >/dev/null || ret=1 35if [ $ret != 0 ]; then echo_i "failed"; fi 36status=$((status + ret)) 37n=$((n + 1)) 38 39# Entry should exist. 40echo_i "check for warnings from on zone load for 'check-names warn;' ($n)" 41ret=0 42grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run >/dev/null || ret=1 43if [ $ret != 0 ]; then echo_i "failed"; fi 44status=$((status + ret)) 45n=$((n + 1)) 46 47# Entry should not exist. 48echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)" 49ret=1 50grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0 51if [ $ret != 0 ]; then echo_i "failed"; fi 52status=$((status + ret)) 53n=$((n + 1)) 54 55# Entry should exist 56echo_i "check that 'check-names response warn;' works ($n)" 57ret=0 58$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1 59$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1 60digcomp dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 61grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run >/dev/null || ret=1 62if [ $ret != 0 ]; then echo_i "failed"; fi 63status=$((status + ret)) 64n=$((n + 1)) 65 66# Entry should exist 67echo_i "check that 'check-names response (owner) fails;' works ($n)" 68ret=0 69$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1 70$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1 71grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1 72grep REFUSED dig.out.ns3.test$n >/dev/null || ret=1 73grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run >/dev/null || ret=1 74if [ $ret != 0 ]; then echo_i "failed"; fi 75status=$((status + ret)) 76n=$((n + 1)) 77 78# Entry should exist 79echo_i "check that 'check-names response (rdata) fails;' works ($n)" 80ret=0 81$DIG $DIGOPTS mx.ignore.example. @10.53.0.1 MX >dig.out.ns1.test$n || ret=1 82$DIG $DIGOPTS mx.ignore.example. @10.53.0.3 MX >dig.out.ns3.test$n || ret=1 83grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1 84grep SERVFAIL dig.out.ns3.test$n >/dev/null || ret=1 85grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run >/dev/null || ret=1 86if [ $ret != 0 ]; then echo_i "failed"; fi 87status=$((status + ret)) 88n=$((n + 1)) 89 90echo_i "check that updates to 'check-names fail;' are rejected ($n)" 91ret=0 92not=1 93$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 || not=0 94check-names off 95server 10.53.0.1 ${PORT} 96update add xxx_xxx.fail.update. 600 A 10.10.10.1 97send 98END 99if [ $not != 0 ]; then ret=1; fi 100$DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1 101grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run >/dev/null || ret=1 102grep NXDOMAIN dig.out.ns1.test$n >/dev/null || ret=1 103if [ $ret != 0 ]; then echo_i "failed"; fi 104status=$((status + ret)) 105n=$((n + 1)) 106 107echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)" 108ret=0 109$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 || ret=1 110check-names off 111server 10.53.0.1 ${PORT} 112update add xxx_xxx.warn.update. 600 A 10.10.10.1 113send 114END 115$DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1 116grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run >/dev/null || ret=1 117grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1 118if [ $ret != 0 ]; then echo_i "failed"; fi 119status=$((status + ret)) 120n=$((n + 1)) 121 122echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)" 123ret=0 124not=1 125$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 || ret=1 126check-names off 127server 10.53.0.1 ${PORT} 128update add xxx_xxx.ignore.update. 600 A 10.10.10.1 129send 130END 131grep "xxx_xxx.ignore.update/A.*(check-names)" ns1/named.run >/dev/null || not=0 132if [ $not != 0 ]; then ret=1; fi 133$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1 134grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1 135if [ $ret != 0 ]; then echo_i "failed"; fi 136status=$((status + ret)) 137n=$((n + 1)) 138 139echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)" 140ret=0 141not=1 142$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 || ret=1 143check-names off 144server 10.53.0.4 ${PORT} 145update add xxx_xxx.primary-ignore.update. 600 A 10.10.10.1 146send 147END 148grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns4/named.run >/dev/null || not=0 149if [ $not != 0 ]; then ret=1; fi 150$DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A >dig.out.ns4.test$n || ret=1 151grep NOERROR dig.out.ns4.test$n >/dev/null || ret=1 152if [ $ret != 0 ]; then echo_i "failed"; fi 153status=$((status + ret)) 154n=$((n + 1)) 155 156echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)" 157ret=0 158not=1 159$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 || ret=1 160check-names off 161server 10.53.0.5 ${PORT} 162update add xxx_xxx.master-ignore.update. 600 A 10.10.10.1 163send 164END 165grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns5/named.run >/dev/null || not=0 166if [ $not != 0 ]; then ret=1; fi 167$DIG $DIGOPTS xxx_xxx.master-ignore.update @10.53.0.5 A >dig.out.ns5.test$n || ret=1 168grep NOERROR dig.out.ns5.test$n >/dev/null || ret=1 169if [ $ret != 0 ]; then echo_i "failed"; fi 170status=$((status + ret)) 171n=$((n + 1)) 172 173echo_i "check that updates to 'check-names secondary ignore;' succeed and are not logged ($n)" 174ret=0 175# takes a while for the transfer to succeed as ns5 (primary) is started after ns4 (secondary) 176# and the zone is still loading when we get to this point. 177retry_quiet 35 wait_for_record xxx_xxx.master-ignore.update @10.53.0.4 A dig.out.ns4.test$n || ret=1 178grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run >/dev/null && ret=1 179if [ $ret != 0 ]; then echo_i "failed"; fi 180status=$((status + ret)) 181n=$((n + 1)) 182 183echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)" 184ret=0 185retry_quiet 35 wait_for_record xxx_xxx.primary-ignore.update @10.53.0.5 A dig.out.ns5.test$n || ret=1 186grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns5/named.run >/dev/null && ret=1 187if [ $ret != 0 ]; then echo_i "failed"; fi 188status=$((status + ret)) 189n=$((n + 1)) 190 191echo_i "exit status: $status" 192[ $status -eq 0 ] || exit 1 193