xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/geoip2/tests.sh (revision 8aaca124c0ad52af9550477f296b63debc7b4c98) 
1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14set -e
15
16. ../conf.sh
17
18status=0
19n=0
20
21rm -f dig.out.*
22
23DIGOPTS="+tcp +short -p ${PORT} @10.53.0.2"
24DIGOPTS6="+tcp +short -p ${PORT} @fd92:7065:b8e:ffff::2 -6"
25RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s"
26
27for conf in conf/good*.conf; do
28  n=$((n + 1))
29  echo_i "checking that $conf is accepted ($n)"
30  ret=0
31  $CHECKCONF "$conf" || ret=1
32  if [ $ret != 0 ]; then echo_i "failed"; fi
33  status=$((status + ret))
34done
35
36for conf in conf/bad*.conf; do
37  n=$((n + 1))
38  echo_i "checking that $conf is rejected ($n)"
39  ret=0
40  $CHECKCONF "$conf" >/dev/null && ret=1
41  if [ $ret != 0 ]; then echo_i "failed"; fi
42  status=$((status + ret))
43done
44
45n=$((n + 1))
46echo_i "checking Country database by code using IPv4 ($n)"
47ret=0
48lret=0
49for i in 1 2 3 4 5 6 7; do
50  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
51  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
52  [ "$i" = "$j" ] || lret=1
53  [ $lret -eq 1 ] && break
54done
55[ $lret -eq 1 ] && ret=1
56[ $ret -eq 0 ] || echo_i "failed"
57status=$((status + ret))
58
59if testsock6 fd92:7065:b8e:ffff::3; then
60  n=$((n + 1))
61  echo_i "checking Country database by code using IPv6 ($n)"
62  ret=0
63  lret=0
64  for i in 1 2 3 4 5 6 7; do
65    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
66    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
67    [ "$i" = "$j" ] || lret=1
68    [ $lret -eq 1 ] && break
69  done
70  [ $lret -eq 1 ] && ret=1
71  [ $ret -eq 0 ] || echo_i "failed"
72  status=$((status + ret))
73else
74  echo_i "IPv6 unavailable; skipping IPv6 country code test"
75fi
76
77echo_i "reloading server"
78copy_setports ns2/named2.conf.in ns2/named.conf
79$CHECKCONF ns2/named.conf | cat_i
80rndc_reload ns2 10.53.0.2
81sleep 3
82
83n=$((n + 1))
84echo_i "checking Country database with nested ACLs using IPv4 ($n)"
85ret=0
86lret=0
87for i in 1 2 3 4 5 6 7; do
88  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
89  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
90  [ "$i" = "$j" ] || lret=1
91  [ $lret -eq 1 ] && break
92done
93[ $lret -eq 1 ] && ret=1
94[ $ret -eq 0 ] || echo_i "failed"
95status=$((status + ret))
96
97if testsock6 fd92:7065:b8e:ffff::3; then
98  n=$((n + 1))
99  echo_i "checking Country database with nested ACLs using IPv6 ($n)"
100  ret=0
101  lret=0
102  for i in 1 2 3 4 5 6 7; do
103    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
104    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
105    [ "$i" = "$j" ] || lret=1
106    [ $lret -eq 1 ] && break
107  done
108  [ $lret -eq 1 ] && ret=1
109  [ $ret -eq 0 ] || echo_i "failed"
110  status=$((status + ret))
111else
112  echo_i "IPv6 unavailable; skipping IPv6 country nested ACL test"
113fi
114
115echo_i "reloading server"
116copy_setports ns2/named3.conf.in ns2/named.conf
117$CHECKCONF ns2/named.conf | cat_i
118rndc_reload ns2 10.53.0.2
119sleep 3
120
121n=$((n + 1))
122echo_i "checking Country database by name using IPv4 ($n)"
123ret=0
124lret=0
125for i in 1 2 3 4 5 6 7; do
126  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
127  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
128  [ "$i" = "$j" ] || lret=1
129  [ $lret -eq 1 ] && break
130done
131[ $lret -eq 1 ] && ret=1
132[ $ret -eq 0 ] || echo_i "failed"
133status=$((status + ret))
134
135if testsock6 fd92:7065:b8e:ffff::3; then
136  n=$((n + 1))
137  echo_i "checking Country database by name using IPv6 ($n)"
138  ret=0
139  lret=0
140  for i in 1 2 3 4 5 6 7; do
141    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
142    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
143    [ "$i" = "$j" ] || lret=1
144    [ $lret -eq 1 ] && break
145  done
146  [ $lret -eq 1 ] && ret=1
147  [ $ret -eq 0 ] || echo_i "failed"
148  status=$((status + ret))
149else
150  echo_i "IPv6 unavailable; skipping IPv6 country name test"
151fi
152
153echo_i "reloading server"
154copy_setports ns2/named4.conf.in ns2/named.conf
155$CHECKCONF ns2/named.conf | cat_i
156rndc_reload ns2 10.53.0.2
157sleep 3
158
159n=$((n + 1))
160echo_i "checking Country database by continent code using IPv4 ($n)"
161ret=0
162lret=0
163# deliberately skipping 4 and 6 as they have duplicate continents
164for i in 1 2 3 5 7; do
165  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
166  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
167  [ "$i" = "$j" ] || lret=1
168  [ $lret -eq 1 ] && break
169done
170[ $lret -eq 1 ] && ret=1
171[ $ret -eq 0 ] || echo_i "failed"
172status=$((status + ret))
173
174if testsock6 fd92:7065:b8e:ffff::3; then
175  n=$((n + 1))
176  echo_i "checking Country database by continent code using IPv6 ($n)"
177  ret=0
178  lret=0
179  # deliberately skipping 4 and 6 as they have duplicate continents
180  for i in 1 2 3 5 7; do
181    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
182    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
183    [ "$i" = "$j" ] || lret=1
184    [ $lret -eq 1 ] && break
185  done
186  [ $lret -eq 1 ] && ret=1
187  [ $ret -eq 0 ] || echo_i "failed"
188  status=$((status + ret))
189else
190  echo_i "IPv6 unavailable; skipping IPv6 continent code test"
191fi
192
193echo_i "reloading server"
194copy_setports ns2/named5.conf.in ns2/named.conf
195$CHECKCONF ns2/named.conf | cat_i
196rndc_reload ns2 10.53.0.2
197sleep 3
198
199n=$((n + 1))
200echo_i "checking City database by region code using IPv4 ($n)"
201ret=0
202lret=0
203# skipping 2 on purpose here; it has the same region code as 1
204for i in 1 3 4 5 6 7; do
205  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
206  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
207  [ "$i" = "$j" ] || lret=1
208  [ $lret -eq 1 ] && break
209done
210[ $lret -eq 1 ] && ret=1
211[ $ret -eq 0 ] || echo_i "failed"
212status=$((status + ret))
213
214if testsock6 fd92:7065:b8e:ffff::3; then
215  n=$((n + 1))
216  echo_i "checking City database by region code using IPv6 ($n)"
217  ret=0
218  lret=0
219  # skipping 2 on purpose here; it has the same region code as 1
220  for i in 1 3 4 5 6 7; do
221    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
222    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
223    [ "$i" = "$j" ] || lret=1
224    [ $lret -eq 1 ] && break
225  done
226  [ $lret -eq 1 ] && ret=1
227  [ $ret -eq 0 ] || echo_i "failed"
228  status=$((status + ret))
229else
230  echo_i "IPv6 unavailable; skipping IPv6 region code test"
231fi
232
233n=$((n + 1))
234echo_i "reloading server"
235copy_setports ns2/named6.conf.in ns2/named.conf
236$CHECKCONF ns2/named.conf | cat_i
237rndc_reload ns2 10.53.0.2
238sleep 3
239
240n=$((n + 1))
241echo_i "checking City database by city name using IPv4 ($n)"
242ret=0
243lret=0
244for i in 1 2 3 4 5 6 7; do
245  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
246  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
247  [ "$i" = "$j" ] || lret=1
248  [ $lret -eq 1 ] && break
249done
250[ $lret -eq 1 ] && ret=1
251[ $ret -eq 0 ] || echo_i "failed"
252status=$((status + ret))
253
254if testsock6 fd92:7065:b8e:ffff::3; then
255  n=$((n + 1))
256  echo_i "checking City database by city name using IPv6 ($n)"
257  ret=0
258  lret=0
259  for i in 1 2 3 4 5 6 7; do
260    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
261    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
262    [ "$i" = "$j" ] || lret=1
263    [ $lret -eq 1 ] && break
264  done
265  [ $lret -eq 1 ] && ret=1
266  [ $ret -eq 0 ] || echo_i "failed"
267  status=$((status + ret))
268else
269  echo_i "IPv6 unavailable; skipping IPv6 city test"
270fi
271
272echo_i "reloading server"
273copy_setports ns2/named7.conf.in ns2/named.conf
274$CHECKCONF ns2/named.conf | cat_i
275rndc_reload ns2 10.53.0.2
276sleep 3
277
278n=$((n + 1))
279echo_i "checking ISP database using IPv4 ($n)"
280ret=0
281lret=0
282for i in 1 2 3 4 5 6 7; do
283  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
284  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
285  [ "$i" = "$j" ] || lret=1
286  [ $lret -eq 1 ] && break
287done
288[ $lret -eq 1 ] && ret=1
289[ $ret -eq 0 ] || echo_i "failed"
290status=$((status + ret))
291
292if testsock6 fd92:7065:b8e:ffff::3; then
293  n=$((n + 1))
294  echo_i "checking ISP database using IPv6 ($n)"
295  ret=0
296  lret=0
297  for i in 1 2 3 4 5 6 7; do
298    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
299    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
300    [ "$i" = "$j" ] || lret=1
301    [ $lret -eq 1 ] && break
302  done
303  [ $lret -eq 1 ] && ret=1
304  [ $ret -eq 0 ] || echo_i "failed"
305  status=$((status + ret))
306else
307  echo_i "IPv6 unavailable; skipping IPv6 ISP test"
308fi
309
310echo_i "reloading server"
311copy_setports ns2/named8.conf.in ns2/named.conf
312$CHECKCONF ns2/named.conf | cat_i
313rndc_reload ns2 10.53.0.2
314sleep 3
315
316n=$((n + 1))
317echo_i "checking ASN database by org name using IPv4 ($n)"
318ret=0
319lret=0
320for i in 1 2 3 4 5 6 7; do
321  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
322  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
323  [ "$i" = "$j" ] || lret=1
324  [ $lret -eq 1 ] && break
325done
326[ $lret -eq 1 ] && ret=1
327[ $ret -eq 0 ] || echo_i "failed"
328status=$((status + ret))
329
330if testsock6 fd92:7065:b8e:ffff::3; then
331  n=$((n + 1))
332  echo_i "checking ASN database by org name using IPv6 ($n)"
333  ret=0
334  lret=0
335  for i in 1 2 3 4 5 6 7; do
336    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
337    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
338    [ "$i" = "$j" ] || lret=1
339    [ $lret -eq 1 ] && break
340  done
341  [ $lret -eq 1 ] && ret=1
342  [ $ret -eq 0 ] || echo_i "failed"
343  status=$((status + ret))
344else
345  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
346fi
347
348echo_i "reloading server"
349copy_setports ns2/named9.conf.in ns2/named.conf
350$CHECKCONF ns2/named.conf | cat_i
351rndc_reload ns2 10.53.0.2
352sleep 3
353
354n=$((n + 1))
355echo_i "checking GeoIP6 ASN database, ASNNNN only, using IPv4 ($n)"
356ret=0
357lret=0
358for i in 1 2 3 4 5 6 7; do
359  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
360  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
361  [ "$i" = "$j" ] || lret=1
362  [ $lret -eq 1 ] && break
363done
364[ $lret -eq 1 ] && ret=1
365[ $ret -eq 0 ] || echo_i "failed"
366status=$((status + ret))
367
368if testsock6 fd92:7065:b8e:ffff::3; then
369  n=$((n + 1))
370  echo_i "checking ASN database, ASNNNN only, using IPv6 ($n)"
371  ret=0
372  lret=0
373  for i in 1 2 3 4 5 6 7; do
374    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
375    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
376    [ "$i" = "$j" ] || lret=1
377    [ $lret -eq 1 ] && break
378  done
379  [ $lret -eq 1 ] && ret=1
380  [ $ret -eq 0 ] || echo_i "failed"
381  status=$((status + ret))
382else
383  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
384fi
385
386echo_i "reloading server"
387copy_setports ns2/named10.conf.in ns2/named.conf
388$CHECKCONF ns2/named.conf | cat_i
389rndc_reload ns2 10.53.0.2
390sleep 3
391
392n=$((n + 1))
393echo_i "checking GeoIP6 ASN database, NNNN only, using IPv4 ($n)"
394ret=0
395lret=0
396for i in 1 2 3 4 5 6 7; do
397  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
398  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
399  [ "$i" = "$j" ] || lret=1
400  [ $lret -eq 1 ] && break
401done
402[ $lret -eq 1 ] && ret=1
403[ $ret -eq 0 ] || echo_i "failed"
404status=$((status + ret))
405
406if testsock6 fd92:7065:b8e:ffff::3; then
407  n=$((n + 1))
408  echo_i "checking ASN database, NNNN only, using IPv6 ($n)"
409  ret=0
410  lret=0
411  for i in 1 2 3 4 5 6 7; do
412    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
413    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
414    [ "$i" = "$j" ] || lret=1
415    [ $lret -eq 1 ] && break
416  done
417  [ $lret -eq 1 ] && ret=1
418  [ $ret -eq 0 ] || echo_i "failed"
419  status=$((status + ret))
420else
421  echo_i "IPv6 unavailable; skipping IPv6 ASN test"
422fi
423
424echo_i "reloading server"
425copy_setports ns2/named11.conf.in ns2/named.conf
426$CHECKCONF ns2/named.conf | cat_i
427rndc_reload ns2 10.53.0.2
428sleep 3
429
430n=$((n + 1))
431echo_i "checking Domain database using IPv4 ($n)"
432ret=0
433lret=0
434for i in 1 2 3 4 5 6 7; do
435  $DIG $DIGOPTS txt example -b 10.53.0.$i >dig.out.ns2.test$n.$i || lret=1
436  j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
437  [ "$i" = "$j" ] || lret=1
438  [ $lret -eq 1 ] && break
439done
440[ $lret -eq 1 ] && ret=1
441[ $ret -eq 0 ] || echo_i "failed"
442status=$((status + ret))
443
444if testsock6 fd92:7065:b8e:ffff::3; then
445  n=$((n + 1))
446  echo_i "checking Domain database using IPv6 ($n)"
447  ret=0
448  lret=0
449  for i in 1 2 3 4 5 6 7; do
450    $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i >dig.out.ns2.test$n.$i || lret=1
451    j=$(cat dig.out.ns2.test$n.$i | tr -d '"')
452    [ "$i" = "$j" ] || lret=1
453    [ $lret -eq 1 ] && break
454  done
455  [ $lret -eq 1 ] && ret=1
456  [ $ret -eq 0 ] || echo_i "failed"
457  status=$((status + ret))
458else
459  echo_i "IPv6 unavailable; skipping IPv6 Domain test"
460fi
461
462echo_i "reloading server"
463copy_setports ns2/named12.conf.in ns2/named.conf
464$CHECKCONF ns2/named.conf | cat_i
465rndc_reload ns2 10.53.0.2
466sleep 3
467
468n=$((n + 1))
469echo_i "checking geoip blackhole ACL ($n)"
470ret=0
471$DIG $DIGOPTS txt example -b 10.53.0.7 >dig.out.ns2.test$n || ret=1
472$RNDCCMD 10.53.0.2 status 2>&1 >rndc.out.ns2.test$n || ret=1
473[ $ret -eq 0 ] || echo_i "failed"
474status=$((status + ret))
475
476echo_i "exit status: $status"
477[ $status -eq 0 ] || exit 1
478