1#! /bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12# touch dnsrps-off to not test with DNSRPS 13 14set -e 15 16SYSTEMTESTTOP=.. 17. $SYSTEMTESTTOP/conf.sh 18 19QPERF=`$SHELL qperf.sh` 20 21USAGE="$0: [-DNx]" 22DEBUG= 23while getopts "DNx" c; do 24 case $c in 25 x) set -x; DEBUG=-x ;; 26 D) TEST_DNSRPS="-D" ;; 27 N) PARTIAL=-P ;; 28 *) echo "$USAGE" 1>&2; exit 1 ;; 29 esac 30done 31shift `expr $OPTIND - 1 || true` 32if test "$#" -ne 0; then 33 echo "$USAGE" 1>&2 34 exit 1 35fi 36 37if [ ${NOCLEAN:-unset} = unset ]; then 38 $SHELL clean.sh $PARTIAL $DEBUG 39fi 40 41for dir in ns*; do 42 touch $dir/named.run 43 nextpart $dir/named.run > /dev/null 44done 45 46copy_setports ns1/named.conf.in ns1/named.conf 47copy_setports ns2/named.conf.in ns2/named.conf 48copy_setports ns3/named.conf.in ns3/named.conf 49copy_setports ns4/named.conf.in ns4/named.conf 50copy_setports ns5/named.conf.in ns5/named.conf 51copy_setports ns6/named.conf.in ns6/named.conf 52copy_setports ns7/named.conf.in ns7/named.conf 53copy_setports ns8/named.conf.in ns8/named.conf 54copy_setports ns9/named.conf.in ns9/named.conf 55 56copy_setports dnsrpzd.conf.in dnsrpzd.conf 57 58# decide whether to test DNSRPS 59# Note that dnsrps.conf and dnsrps-slave.conf are included in named.conf 60# and differ from dnsrpz.conf which is used by dnsrpzd. 61$SHELL ../ckdnsrps.sh -A $TEST_DNSRPS $DEBUG 62test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS= 63 64# set up test policy zones. 65# bl is the main test zone 66# bl-2 is used to check competing zones. 67# bl-{given,disabled,passthru,no-data,nxdomain,cname,wildcard,garden, 68# drop,tcp-only} are used to check policy overrides in named.conf. 69# NO-OP is an obsolete synonym for PASSHTRU 70for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do 71 sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db 72done 73# bl zones are dynamically updated. Add one zone that is updated manually. 74cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db 75cp ns8/manual-update-rpz.db.in ns8/manual-update-rpz.db 76 77cp ns3/mixed-case-rpz-1.db.in ns3/mixed-case-rpz.db 78 79# a zone that expires quickly and then can't be refreshed 80cp ns5/fast-expire.db.in ns5/fast-expire.db 81cp ns5/expire.conf.in ns5/expire.conf 82 83# $1=directory 84# $2=domain name 85# $3=input zone file 86# $4=output file 87signzone () { 88 KEYNAME=`$KEYGEN -q -a rsasha256 -K $1 $2` 89 cat $1/$3 $1/$KEYNAME.key > $1/tmp 90 $SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null 91 sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trust-anchors {"\1" static-key \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf 92 DSFILENAME=dsset-${2}${TP} 93 rm $DSFILENAME $1/tmp 94} 95signzone ns2 tld2s base-tld2s.db tld2s.db 96 97# Performance and a few other checks. 98cat <<EOF >ns5/rpz-switch 99response-policy { 100 zone "bl0"; zone "bl1"; zone "bl2"; zone "bl3"; zone "bl4"; 101 zone "bl5"; zone "bl6"; zone "bl7"; zone "bl8"; zone "bl9"; 102 zone "bl10"; zone "bl11"; zone "bl12"; zone "bl13"; zone "bl14"; 103 zone "bl15"; zone "bl16"; zone "bl17"; zone "bl18"; zone "bl19"; 104 } recursive-only no 105 qname-wait-recurse no 106 nsip-enable yes 107 nsdname-enable yes 108 max-policy-ttl 90 109 break-dnssec yes 110 ; 111EOF 112 113cat <<EOF >ns5/example.db 114\$TTL 300 115@ SOA . hostmaster.ns.example.tld5. ( 1 3600 1200 604800 60 ) 116 NS ns 117 NS ns1 118ns A 10.53.0.5 119ns1 A 10.53.0.5 120EOF 121 122cat <<EOF >ns5/bl.db 123\$TTL 300 124@ SOA . hostmaster.ns.blperf. ( 1 3600 1200 604800 60 ) 125 NS ns.tld5. 126 127; for "qname-wait-recurse no" in #35 test1 128x.servfail A 35.35.35.35 129; for "recursive-only no" in #8 test5 130a3-5.tld2 CNAME . 131; for "break-dnssec" in #9 & #10 test5 132a3-5.tld2s CNAME . 133; for "max-policy-ttl 90" in #17 test5 134a3-17.tld2 500 A 17.17.17.17 135 136; dummy NSDNAME policy to trigger lookups 137ns1.x.rpz-nsdname CNAME . 138EOF 139 140if test -n "$QPERF"; then 141 # Do not build the full zones if we will not use them. 142 $PERL -e 'for ($val = 1; $val <= 65535; ++$val) { 143 printf("host-%05d\tA 192.168.%d.%d\n", $val, $val/256, $val%256); 144 }' >>ns5/example.db 145 146 echo >>ns5/bl.db 147 echo "; rewrite some names" >>ns5/bl.db 148 $PERL -e 'for ($val = 2; $val <= 65535; $val += 69) { 149 printf("host-%05d.example.tld5\tCNAME\t.\n", $val); 150 }' >>ns5/bl.db 151 152 echo >>ns5/bl.db 153 echo "; rewrite with some not entirely trivial patricia trees" >>ns5/bl.db 154 $PERL -e 'for ($val = 3; $val <= 65535; $val += 69) { 155 printf("32.%d.%d.168.192.rpz-ip \tCNAME\t.\n", 156 $val%256, $val/256); 157 }' >>ns5/bl.db 158fi 159 160# some psuedo-random queryperf requests 161$PERL -e 'for ($cnt = $val = 1; $cnt <= 3000; ++$cnt) { 162 printf("host-%05d.example.tld5 A\n", $val); 163 $val = ($val * 9 + 32771) % 65536; 164 }' >ns5/requests 165 166cp ns2/bl.tld2.db.in ns2/bl.tld2.db 167cp ns5/empty.db.in ns5/empty.db 168cp ns5/empty.db.in ns5/policy2.db 169 170# Run dnsrpzd to get the license and prime the static policy zones 171if test -n "$TEST_DNSRPS"; then 172 DNSRPZD="`../rpz/dnsrps -p`" 173 cd ns3 174 "$DNSRPZ" -D../dnsrpzd.rpzf -S../dnsrpzd.sock -C../dnsrpzd.conf \ 175 -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 176fi 177