1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=.. 15. $SYSTEMTESTTOP/conf.sh 16 17DIGOPTS="+tcp -p ${PORT}" 18 19status=0 20echo_i "check that the stub zone has been saved to disk" 21for i in 1 2 3 4 5 6 7 8 9 20 22do 23 [ -f ns3/child.example.st ] && break 24 sleep 1 25done 26[ -f ns3/child.example.st ] || { status=1; echo_i "failed"; } 27 28for pass in 1 2 29do 30 31echo_i "trying an axfr that should be denied (NOTAUTH) (pass=$pass)" 32ret=0 33$DIG $DIGOPTS child.example. @10.53.0.3 axfr > dig.out.ns3 || ret=1 34grep "; Transfer failed." dig.out.ns3 > /dev/null || ret=1 35[ $ret = 0 ] || { status=1; echo_i "failed"; } 36 37echo_i "look for stub zone data without recursion (should not be found) (pass=$pass)" 38for i in 1 2 3 4 5 6 7 8 9 39do 40 ret=0 41 $DIG $DIGOPTS +norec data.child.example. \ 42 @10.53.0.3 txt > dig.out.ns3 || ret=1 43 grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 44 [ $ret = 0 ] && break 45 sleep 1 46done 47digcomp knowngood.dig.out.norec dig.out.ns3 || ret=1 48[ $ret = 0 ] || { status=1; echo_i "failed"; } 49 50echo_i "look for stub zone data with recursion (should be found) (pass=$pass)" 51ret=0 52$DIG $DIGOPTS +noauth +noadd data.child.example. @10.53.0.3 txt > dig.out.ns3 || ret=1 53digcomp knowngood.dig.out.rec dig.out.ns3 || ret=1 54[ $ret = 0 ] || { status=1; echo_i "failed"; } 55 56[ $pass = 1 ] && { 57 echo_i "stopping stub server" 58 stop_server ns3 59 60 echo_i "re-starting stub server" 61 start_server --noclean --restart --port ${PORT} ns3 62} 63done 64 65echo_i "check that glue record is correctly transferred from master when minimal-responses is on" 66ret=0 67# First ensure that zone data was transfered. 68for i in 1 2 3 4 5 6 7; do 69 [ -f ns5/example.db ] && break 70 sleep 1 71done 72 73if [ -f ns5/example.db ]; then 74 # If NS glue wasn't transferred, this query would fail. 75 $DIG $DIGOPTS +nodnssec @10.53.0.5 target.example. txt > dig.out.ns5 || ret=1 76 grep 'target\.example.*TXT.*"test"' dig.out.ns5 > /dev/null || ret=1 77 # Ensure both ipv4 and ipv6 glue records were transferred. 78 grep -E 'ns4[[:space:]]+A[[:space:]]+10.53.0.4' ns5/example.db > /dev/null || ret=1 79 grep -E 'AAAA[[:space:]]+fd92:7065:b8e:ffff::4' ns5/example.db > /dev/null || ret=1 80 [ $ret = 0 ] || { status=1; echo_i "failed"; } 81else 82 status=1 83 echo_i "failed: stub zone transfer failed ns4(master) <---> ns5/example.db" 84fi 85 86echo_i "exit status: $status" 87[ $status -eq 0 ] || exit 1 88