1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14# shellcheck source=conf.sh 15SYSTEMTESTTOP=.. 16. "$SYSTEMTESTTOP/conf.sh" 17 18set -e 19 20status=0 21n=0 22 23rm -f dig.out.* 24 25dig_with_opts() { 26 "$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@" 27} 28 29rndc_with_opts() { 30 "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@" 31} 32 33echo_i "checking DNSSEC SERVFAIL is cached ($n)" 34ret=0 35dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 36rndc_dumpdb ns5 -all 37awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db.test$n > sfcache.$n 38grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1 39n=$((n+1)) 40if [ $ret != 0 ]; then echo_i "failed"; fi 41status=$((status+ret)) 42 43echo_i "checking SERVFAIL is returned from cache ($n)" 44ret=0 45dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 46grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 47n=$((n+1)) 48if [ $ret != 0 ]; then echo_i "failed"; fi 49status=$((status+ret)) 50 51echo_i "checking that +cd bypasses cache check ($n)" 52ret=0 53dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 54grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1 55n=$((n+1)) 56if [ $ret != 0 ]; then echo_i "failed"; fi 57status=$((status+ret)) 58 59echo_i "switching to non-dnssec SERVFAIL tests" 60ret=0 61rndc_with_opts 10.53.0.5 flush 2>&1 | sed 's/^/I:ns5 /' 62rndc_dumpdb ns5 -all 63mv ns5/named_dump.db.test$n ns5/named_dump.db.test$n.1 64awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db.test$n.1 > sfcache.$n.1 65[ -s "sfcache.$n.1" ] && ret=1 66echo_i "checking SERVFAIL is cached ($n)" 67dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 68rndc_dumpdb ns5 -all 69mv ns5/named_dump.db.test$n ns5/named_dump.db.test$n.2 70awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db.test$n.2 > sfcache.$n.2 71grep "^; bar.example2/A" sfcache.$n.2 > /dev/null || ret=1 72n=$((n+1)) 73if [ $ret != 0 ]; then echo_i "failed"; fi 74status=$((status+ret)) 75 76echo_i "checking SERVFAIL is returned from cache ($n)" 77ret=0 78nextpart ns5/named.run > /dev/null 79dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 80grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 81nextpart ns5/named.run > ns5/named.run.part$n 82grep 'servfail cache hit bar.example2/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1 83n=$((n+1)) 84if [ $ret != 0 ]; then echo_i "failed"; fi 85status=$((status+ret)) 86 87echo_i "checking cache is bypassed with +cd query ($n)" 88ret=0 89dig_with_opts +cd bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 90grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 91nextpart ns5/named.run > ns5/named.run.part$n 92grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1 93n=$((n+1)) 94if [ $ret != 0 ]; then echo_i "failed"; fi 95status=$((status+ret)) 96 97echo_i "checking cache is used for subsequent +cd query ($n)" 98ret=0 99dig_with_opts +dnssec bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 100grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 101nextpart ns5/named.run > ns5/named.run.part$n 102grep 'servfail cache hit bar.example2/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1 103n=$((n+1)) 104if [ $ret != 0 ]; then echo_i "failed"; fi 105status=$((status+ret)) 106 107echo_i "exit status: $status" 108[ $status -eq 0 ] || exit 1 109