1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=.. 15. $SYSTEMTESTTOP/conf.sh 16 17status=0 18n=0 19 20DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie" 21RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" 22 23newtest() { 24 n=`expr $n + 1` 25 echo_i "${1} (${n})" 26 ret=0 27} 28 29test_update() { 30 host="$1" 31 type="$2" 32 cmd="$3" 33 digout="$4" 34 should_fail="$5" 35 36 cat <<EOF > ns1/update.txt 37server 10.53.0.1 ${PORT} 38update add $host $cmd 39send 40EOF 41 42 newtest "testing update for $host $type $cmd${comment:+ }$comment" 43 $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || { 44 [ "$should_fail" ] || \ 45 echo_i "update failed for $host $type $cmd" 46 return 1 47 } 48 49 out=`$DIG $DIGOPTS -t $type -q $host | egrep "^$host"` 50 lines=`echo "$out" | grep "$digout" | wc -l` 51 [ $lines -eq 1 ] || { 52 [ "$should_fail" ] || \ 53 echo_i "dig output incorrect for $host $type $cmd: $out" 54 return 1 55 } 56 return 0 57} 58 59test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 60status=`expr $status + $ret` 61 62test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1 63status=`expr $status + $ret` 64 65test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 66status=`expr $status + $ret` 67 68test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 69status=`expr $status + $ret` 70 71newtest "testing nxrrset" 72$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n 73grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 74grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1 75status=`expr $status + $ret` 76 77newtest "testing prerequisites are checked correctly" 78cat > ns1/update.txt << EOF 79server 10.53.0.1 ${PORT} 80prereq nxdomain testdc3.example.nil 81update add testdc3.example.nil 86500 in a 10.53.0.12 82send 83EOF 84$NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1 85out=`$DIG $DIGOPTS +short a testdc3.example.nil` 86[ "$out" = "10.53.0.12" ] && ret=1 87[ "$ret" -eq 0 ] || echo_i "failed" 88status=`expr $status + $ret` 89 90newtest "testing passing client info into DLZ driver" 91out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'` 92addr=`eval echo "$out" | cut -f1 -d'#'` 93[ "$addr" = "10.53.0.1" ] || ret=1 94[ "$ret" -eq 0 ] || echo_i "failed" 95status=`expr $status + $ret` 96 97newtest "testing DLZ driver is cleaned up on reload" 98rndc_reload ns1 10.53.0.1 99for i in 0 1 2 3 4 5 6 7 8 9; do 100 ret=0 101 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 102 [ "$ret" -eq 0 ] && break 103 sleep 1 104done 105[ "$ret" -eq 0 ] || echo_i "failed" 106status=`expr $status + $ret` 107 108newtest "testing multiple DLZ drivers" 109test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 110status=`expr $status + $ret` 111 112newtest "testing AXFR from DLZ drivers" 113$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n 114lines=`cat dig.out.example.ns1.test$n | wc -l` 115[ ${lines:-0} -eq 4 ] || ret=1 116$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n 117lines=`cat dig.out.alternate.ns1.test$n | wc -l` 118[ ${lines:-0} -eq 5 ] || ret=1 119[ "$ret" -eq 0 ] || echo_i "failed" 120status=`expr $status + $ret` 121 122newtest "testing AXFR denied from DLZ drivers" 123$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n 124grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1 125$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n 126grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1 127[ "$ret" -eq 0 ] || echo_i "failed" 128status=`expr $status + $ret` 129 130newtest "testing AXFR denied based on view ACL" 131# 10.53.0.1 should be disallowed 132$DIG $DIGOPTS -b 10.53.0.1 +noall +answer axfr example.org > dig.out.example.ns1.test$n.1 133grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1 134# 10.53.0.2 should be allowed 135$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2 136grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1 137[ "$ret" -eq 0 ] || echo_i "failed" 138status=`expr $status + $ret` 139 140newtest "testing unsearched/unregistered DLZ zone is not found" 141$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n 142grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1 143[ "$ret" -eq 0 ] || echo_i "failed" 144status=`expr $status + $ret` 145 146newtest "testing unsearched/registered DLZ zone is found" 147$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n 148grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 149[ "$ret" -eq 0 ] || echo_i "failed" 150status=`expr $status + $ret` 151 152newtest "testing unsearched/registered DLZ zone is found" 153$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n 154grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 155[ "$ret" -eq 0 ] || echo_i "failed" 156status=`expr $status + $ret` 157 158newtest "testing correct behavior with findzone returning ISC_R_NOMORE" 159$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1 160# we should only find one logged lookup per searched DLZ database 161lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l` 162[ $lines -eq 1 ] || ret=1 163lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l` 164[ $lines -eq 1 ] || ret=1 165[ "$ret" -eq 0 ] || echo_i "failed" 166status=`expr $status + $ret` 167 168newtest "testing findzone can return different results per client" 169$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1 170# we should only find one logged lookup per searched DLZ database 171lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 172[ $lines -eq 1 ] || ret=1 173lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 174[ $lines -eq 1 ] || ret=1 175$DIG $DIGOPTS -b 10.53.0.2 +noall a test.example.net > /dev/null 2>&1 || ret=1 176# we should find several logged lookups this time 177lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` 178[ $lines -gt 2 ] || ret=1 179lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` 180[ $lines -gt 2 ] || ret=1 181[ "$ret" -eq 0 ] || echo_i "failed" 182status=`expr $status + $ret` 183 184newtest "testing zone returning oversized data" 185$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1 186grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 187[ "$ret" -eq 0 ] || echo_i "failed" 188status=`expr $status + $ret` 189 190newtest "testing zone returning oversized data at zone origin" 191$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1 192grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 193[ "$ret" -eq 0 ] || echo_i "failed" 194status=`expr $status + $ret` 195 196newtest "checking redirected lookup for nonexistent name" 197$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1 198grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 199grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 200grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 201if [ $ret != 0 ]; then echo_i "failed"; fi 202status=`expr $status + $ret` 203 204newtest "checking no redirected lookup for nonexistent type" 205$DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1 206grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 207grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 208if [ $ret != 0 ]; then echo_i "failed"; fi 209status=`expr $status + $ret` 210 211newtest "checking redirected lookup for a long nonexistent name" 212$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1 213grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 214grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1 215grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 216lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l` 217[ "$lookups" -eq 1 ] || ret=1 218if [ $ret != 0 ]; then echo_i "failed"; fi 219status=`expr $status + $ret` 220 221newtest "checking ECS data is passed to driver in clientinfo" 222$DIG $DIGOPTS +short +subnet=192.0/16 source-addr.example.nil txt > dig.out.ns1.test$n.1 || ret=1 223grep "192.0.0.0/16/0" dig.out.ns1.test$n.1 > /dev/null || ret=1 224$DIG $DIGOPTS +short source-addr.example.nil txt > dig.out.ns1.test$n.2 || ret=1 225grep "not.*present" dig.out.ns1.test$n.2 > /dev/null || ret=1 226if [ $ret != 0 ]; then echo_i "failed"; fi 227status=`expr $status + $ret` 228 229echo_i "exit status: $status" 230[ $status -eq 0 ] || exit 1 231