tests.sh 33 KB
Newer Older
1 2
#!/bin/sh
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
#
5 6 7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 9 10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
Mark Andrews's avatar
Mark Andrews committed
11

12 13
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
Evan Hunt's avatar
Evan Hunt committed
14 15 16 17 18
echo .

DIGOPTS="-p ${PORT}"
RESOLVOPTS="-p ${PORT}"
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
19 20

status=0
21
n=0
22

Mark Andrews's avatar
Mark Andrews committed
23
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
24
echo_i "checking non-cachable NXDOMAIN response handling ($n)"
25
ret=0
Evan Hunt's avatar
Evan Hunt committed
26
$DIG $DIGOPTS +tcp nxdomain.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
27
grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
28
if [ $ret != 0 ]; then echo_i "failed"; fi
29 30
status=`expr $status + $ret`

31
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
32
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
33
   echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)"
34
   ret=0
Evan Hunt's avatar
Evan Hunt committed
35
   $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
36
   grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
37
   if [ $ret != 0 ]; then echo_i "failed"; fi
38 39 40
   status=`expr $status + $ret`
fi

41
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
42
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
43
   echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)"
44
   ret=0
Evan Hunt's avatar
Evan Hunt committed
45
   ${RESOLVE} -b 10.53.0.8 $RESOLVOPTS -t a -s 10.53.0.1 www.example.org 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
46
   grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
47
   if [ $ret != 0 ]; then echo_i "failed"; fi
48 49
   status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
50
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
51
   echo_i "checking that local bound address can be set (Can query from an allowed address) ($n)"
52
   ret=0
Evan Hunt's avatar
Evan Hunt committed
53
   ${RESOLVE} -b 10.53.0.1 $RESOLVOPTS -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
54
   grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
55
   if [ $ret != 0 ]; then echo_i "failed"; fi
56 57 58
   status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
59
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
60
echo_i "checking non-cachable NODATA response handling ($n)"
61
ret=0
Evan Hunt's avatar
Evan Hunt committed
62
$DIG $DIGOPTS +tcp nodata.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
63
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
64
if [ $ret != 0 ]; then echo_i "failed"; fi
65
status=`expr $status + $ret`
66

67
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
68
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
69
    echo_i "checking non-cachable NODATA response handling using dns_client ($n)"
70
    ret=0
Evan Hunt's avatar
Evan Hunt committed
71
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
72
    grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
73
    if [ $ret != 0 ]; then echo_i "failed"; fi
74 75 76
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
77
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
78
echo_i "checking handling of bogus referrals ($n)"
79
# If the server has the "INSIST(!external)" bug, this query will kill it.
Evan Hunt's avatar
Evan Hunt committed
80
$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
81

82
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
83
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
84
    echo_i "checking handling of bogus referrals using dns_client ($n)"
85
    ret=0
Evan Hunt's avatar
Evan Hunt committed
86
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
87
    grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
88
    if [ $ret != 0 ]; then echo_i "failed"; fi
89 90 91
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
92
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
93 94
echo_i "check handling of cname + other data / 1 ($n)"
$DIG $DIGOPTS +tcp cname1.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
95

Mark Andrews's avatar
Mark Andrews committed
96
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
97 98
echo_i "check handling of cname + other data / 2 ($n)"
$DIG $DIGOPTS +tcp cname2.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
99

Mark Andrews's avatar
Mark Andrews committed
100
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
101 102
echo_i "check that server is still running ($n)"
$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
103

Mark Andrews's avatar
Mark Andrews committed
104
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
105
echo_i "checking answer IPv4 address filtering (deny) ($n)"
106
ret=0
Evan Hunt's avatar
Evan Hunt committed
107
$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
108
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
109
if [ $ret != 0 ]; then echo_i "failed"; fi
110 111
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
112
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
113
echo_i "checking answer IPv6 address filtering (deny) ($n)"
114
ret=0
Evan Hunt's avatar
Evan Hunt committed
115
$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
116
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
117
if [ $ret != 0 ]; then echo_i "failed"; fi
118 119
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
120
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
121
echo_i "checking answer IPv4 address filtering (accept) ($n)"
122
ret=0
Evan Hunt's avatar
Evan Hunt committed
123
$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
124
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
125
if [ $ret != 0 ]; then echo_i "failed"; fi
126 127
status=`expr $status + $ret`

128

129
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
130
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
131
    echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)"
132
    ret=0
Evan Hunt's avatar
Evan Hunt committed
133
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
134
    grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
135
    if [ $ret != 0 ]; then echo_i "failed"; fi
136 137 138
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
139
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
140
echo_i "checking answer IPv6 address filtering (accept) ($n)"
141
ret=0
Evan Hunt's avatar
Evan Hunt committed
142
$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
143
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
144
if [ $ret != 0 ]; then echo_i "failed"; fi
145 146
status=`expr $status + $ret`

147
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
148
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
149
    echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)"
150
    ret=0
Evan Hunt's avatar
Evan Hunt committed
151
    $RESOLVE $RESOLVOPTS -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
152
    grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
153
    if [ $ret != 0 ]; then echo_i "failed"; fi
154 155 156
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
157
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
158
echo_i "checking CNAME target filtering (deny) ($n)"
159
ret=0
Evan Hunt's avatar
Evan Hunt committed
160
$DIG $DIGOPTS +tcp badcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
161
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
162
if [ $ret != 0 ]; then echo_i "failed"; fi
163 164
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
165
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
166
echo_i "checking CNAME target filtering (accept) ($n)"
167
ret=0
Evan Hunt's avatar
Evan Hunt committed
168
$DIG $DIGOPTS +tcp goodcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
169
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
170
if [ $ret != 0 ]; then echo_i "failed"; fi
171 172
status=`expr $status + $ret`

173
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
174
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
175
    echo_i "checking CNAME target filtering using dns_client (accept) ($n)"
176
    ret=0
Evan Hunt's avatar
Evan Hunt committed
177
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
178 179
    grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
180
    if [ $ret != 0 ]; then echo_i "failed"; fi
181 182 183
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
184
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
185
echo_i "checking CNAME target filtering (accept due to subdomain) ($n)"
186
ret=0
Evan Hunt's avatar
Evan Hunt committed
187
$DIG $DIGOPTS +tcp cname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
188
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
189
if [ $ret != 0 ]; then echo_i "failed"; fi
190 191
status=`expr $status + $ret`

192
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
193
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
194
    echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
195
    ret=0
Evan Hunt's avatar
Evan Hunt committed
196
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
197 198
    grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
199
    if [ $ret != 0 ]; then echo_i "failed"; fi
200 201 202
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
203
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
204
echo_i "checking DNAME target filtering (deny) ($n)"
205
ret=0
Evan Hunt's avatar
Evan Hunt committed
206
$DIG $DIGOPTS +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
207
grep "DNAME target foo.baddname.example.org denied for foo.baddname.example.net/IN" ns1/named.run >/dev/null || ret=1
Mark Andrews's avatar
Mark Andrews committed
208
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
209
if [ $ret != 0 ]; then echo_i "failed"; fi
210 211
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
212
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
213
echo_i "checking DNAME target filtering (accept) ($n)"
214
ret=0
Evan Hunt's avatar
Evan Hunt committed
215
$DIG $DIGOPTS +tcp foo.gooddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
216
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
217
if [ $ret != 0 ]; then echo_i "failed"; fi
218 219
status=`expr $status + $ret`

220
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
221
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
222
    echo_i "checking DNAME target filtering using dns_client (accept) ($n)"
223
    ret=0
Evan Hunt's avatar
Evan Hunt committed
224
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
225 226
    grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
227
    if [ $ret != 0 ]; then echo_i "failed"; fi
228 229 230
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
231
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
232
echo_i "checking DNAME target filtering (accept due to subdomain) ($n)"
233
ret=0
Evan Hunt's avatar
Evan Hunt committed
234
$DIG $DIGOPTS +tcp www.dname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
235
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
236
if [ $ret != 0 ]; then echo_i "failed"; fi
237 238
status=`expr $status + $ret`

239
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
240
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
241
    echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
242
    ret=0
Evan Hunt's avatar
Evan Hunt committed
243
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
244 245
    grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
246
    if [ $ret != 0 ]; then echo_i "failed"; fi
247 248 249
    status=`expr $status + $ret`
fi

250 251 252 253 254 255 256 257 258
n=`expr $n + 1`
echo_i "check that the resolver accepts a referral response with a non-empty ANSWER section ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
grep "status: NOERROR" dig.ns1.out.${n} > /dev/null || ret=1
grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

259
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
260
echo_i "RT21594 regression test check setup ($n)"
261 262
ret=0
# Check that "aa" is not being set by the authoritative server.
Evan Hunt's avatar
Evan Hunt committed
263
$DIG $DIGOPTS +tcp . @10.53.0.4 soa > dig.ns4.out.${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
264
grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
265
if [ $ret != 0 ]; then echo_i "failed"; fi
266 267 268
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
269
echo_i "RT21594 regression test positive answers ($n)"
270 271
ret=0
# Check that resolver accepts the non-authoritative positive answers.
Evan Hunt's avatar
Evan Hunt committed
272
$DIG $DIGOPTS +tcp . @10.53.0.5 soa > dig.ns5.out.${n} || ret=1
273
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
274
if [ $ret != 0 ]; then echo_i "failed"; fi
275 276 277
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
278
echo_i "RT21594 regression test NODATA answers ($n)"
279 280
ret=0
# Check that resolver accepts the non-authoritative nodata answers.
Evan Hunt's avatar
Evan Hunt committed
281
$DIG $DIGOPTS +tcp . @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
282
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
283
if [ $ret != 0 ]; then echo_i "failed"; fi
284 285 286
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
287
echo_i "RT21594 regression test NXDOMAIN answers ($n)"
288 289
ret=0
# Check that resolver accepts the non-authoritative positive answers.
Evan Hunt's avatar
Evan Hunt committed
290
$DIG $DIGOPTS +tcp noexistant @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
291
grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
292
if [ $ret != 0 ]; then echo_i "failed"; fi
293
status=`expr $status + $ret`
294

295
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
296
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
297
ret=0
Evan Hunt's avatar
Evan Hunt committed
298
$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=1
299
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
300
if [ $ret = 1 ]; then echo_i "mx priming failed"; fi
301
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
302
server 10.53.0.6 ${PORT}
303 304 305 306 307
zone example.net
update delete mail.example.net A
update add mail.example.net 0 AAAA ::1
send
EOF
Evan Hunt's avatar
Evan Hunt committed
308
$DIG $DIGOPTS +tcp a mail.example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
309 310
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
Evan Hunt's avatar
Evan Hunt committed
311 312
if [ $ret = 2 ]; then echo_i "ncache priming failed"; fi
$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=3
313
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
Evan Hunt's avatar
Evan Hunt committed
314
$DIG $DIGOPTS +tcp rrsig mail.example.net +norec @10.53.0.7 > dig.ns7.out.${n}  || ret=4
315 316
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
Evan Hunt's avatar
Evan Hunt committed
317
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
318 319
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
320
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
321 322 323
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
324
echo_i "checking that update a nameservers address has immediate effects ($n)"
325
ret=0
Evan Hunt's avatar
Evan Hunt committed
326 327
$DIG $DIGOPTS +tcp TXT foo.moves @10.53.0.7 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
328
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
329
server 10.53.0.7 ${PORT}
330 331 332 333 334 335
zone server
update delete ns.server A
update add ns.server 300 A 10.53.0.4
send
EOF
sleep 1
Evan Hunt's avatar
Evan Hunt committed
336
$DIG $DIGOPTS +tcp TXT bar.moves @10.53.0.7 > dig.ns7.bar.${n} || ret=1
337 338
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

Evan Hunt's avatar
Evan Hunt committed
339
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
340 341

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
342
echo_i "checking that update a nameservers glue has immediate effects ($n)"
343
ret=0
Evan Hunt's avatar
Evan Hunt committed
344 345
$DIG $DIGOPTS +tcp TXT foo.child.server @10.53.0.7 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
346
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
347
server 10.53.0.7 ${PORT}
348 349 350 351 352 353
zone server
update delete ns.child.server A
update add ns.child.server 300 A 10.53.0.4
send
EOF
sleep 1
Evan Hunt's avatar
Evan Hunt committed
354
$DIG $DIGOPTS +tcp TXT bar.child.server @10.53.0.7 > dig.ns7.bar.${n} || ret=1
355 356
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

Evan Hunt's avatar
Evan Hunt committed
357
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
358

359
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
360
echo_i "checking empty RFC 1918 reverse zones ($n)"
361 362 363
ret=0
# Check that "aa" is being set by the resolver for RFC 1918 zones
# except the one that has been deliberately disabled
Evan Hunt's avatar
Evan Hunt committed
364
$DIG $DIGOPTS @10.53.0.7 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
365
grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
366
$DIG $DIGOPTS @10.53.0.7 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
367
grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
368
$DIG $DIGOPTS @10.53.0.7 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
369
grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
370
$DIG $DIGOPTS @10.53.0.7 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
371
grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
372
$DIG $DIGOPTS @10.53.0.7 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
373
grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
374
$DIG $DIGOPTS @10.53.0.7 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
375
grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
376
$DIG $DIGOPTS @10.53.0.7 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
377
grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
378
$DIG $DIGOPTS @10.53.0.7 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
379
grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
380
$DIG $DIGOPTS @10.53.0.7 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
381
grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
382
$DIG $DIGOPTS @10.53.0.7 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
383
grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
384
$DIG $DIGOPTS @10.53.0.7 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
385
grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
386
$DIG $DIGOPTS @10.53.0.7 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
387
grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
388
$DIG $DIGOPTS @10.53.0.7 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
389
grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
390
$DIG $DIGOPTS @10.53.0.7 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
391
grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
392
$DIG $DIGOPTS @10.53.0.7 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
393
grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
394
$DIG $DIGOPTS @10.53.0.7 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
395
grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
396
$DIG $DIGOPTS @10.53.0.7 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
397 398
grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
# but this one should NOT be authoritative
Evan Hunt's avatar
Evan Hunt committed
399
$DIG $DIGOPTS @10.53.0.7 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
400
grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
401
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
402

403
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
404
echo_i "checking that removal of a delegation is honoured ($n)"
405
ret=0
Evan Hunt's avatar
Evan Hunt committed
406 407
$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo_i "priming failed"; }
408
cp ns4/tld2.db ns4/tld.db
409
rndc_reload ns4 10.53.0.4 tld
410 411 412 413
old=
for i in 0 1 2 3 4 5 6 7 8 9
do
	foo=0
Evan Hunt's avatar
Evan Hunt committed
414 415
	$DIG $DIGOPTS @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
	$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
416 417 418
	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
	[ $foo = 0 ] && break
	$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
419
server 10.53.0.6 ${PORT}
420 421 422 423 424 425 426 427
zone to-be-removed.tld
update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
send
EOF
	old=$i
	sleep 1
done
Evan Hunt's avatar
Evan Hunt committed
428 429
[ $ret = 0 ] && ret=$foo;
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
430

431
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
432
echo_i "check for improved error message with SOA mismatch ($n)"
433
ret=0
Evan Hunt's avatar
Evan Hunt committed
434
$DIG $DIGOPTS @10.53.0.1 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
435
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
436
if [ $ret != 0 ]; then echo_i "failed"; fi
437 438
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
439 440
copy_setports ns7/named2.conf.in ns7/named.conf
$RNDCCMD 10.53.0.7 reconfig 2>&1 | sed 's/^/ns7 /' | cat_i
441

442
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
443
echo_i "check resolution on the listening port ($n)"
444
ret=0
Evan Hunt's avatar
Evan Hunt committed
445
$DIG $DIGOPTS +tcp +tries=2 +time=5 mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
446 447
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
448
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
449
status=`expr $status + $ret`
450 451

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
452
echo_i "check prefetch (${n})"
453
ret=0
Evan Hunt's avatar
Evan Hunt committed
454
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.1.${n} || ret=1
455 456 457 458
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
459
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.2.${n} || ret=1
460 461 462
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
# check that prefetch occured
Evan Hunt's avatar
Evan Hunt committed
463
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.3.${n} || ret=1
464 465
ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}`
test ${ttl:-0} -gt ${ttl2:-1} || ret=1
Evan Hunt's avatar
Evan Hunt committed
466
if [ $ret != 0 ]; then echo_i "failed"; fi
467 468
status=`expr $status + $ret`

469
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
470
echo_i "check prefetch of validated DS's RRSIG TTL is updated (${n})"
471
ret=0
Evan Hunt's avatar
Evan Hunt committed
472
$DIG $DIGOPTS +dnssec @10.53.0.5 ds.example.net ds > dig.out.1.${n} || ret=1
473
dsttl1=`awk '$4 == "DS" && $7 == "2" { print $2 - 2 }' dig.out.1.${n}`
474
# sleep so we are in prefetch range
475
sleep ${dsttl1:-0}
476
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
477
$DIG $DIGOPTS @10.53.0.5 ds.example.net ds > dig.out.2.${n} || ret=1
478
dsttl2=`awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.2.${n}`
479 480
sleep 1
# check that prefetch occured
Evan Hunt's avatar
Evan Hunt committed
481
$DIG $DIGOPTS @10.53.0.5 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
482
dsttl=`awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.3.${n}`
483
sigttl=`awk '$4 == "RRSIG" && $5 == "DS" { print $2 }' dig.out.3.${n}`
484 485
test ${dsttl:-0} -gt ${dsttl2:-1} || ret=1
test ${sigttl:-0} -gt ${dsttl2:-1} || ret=1
486
test ${dsttl:-0} -eq ${sigttl:-1} || ret=1
Evan Hunt's avatar
Evan Hunt committed
487
if [ $ret != 0 ]; then echo_i "failed"; fi
488 489
status=`expr $status + $ret`

490
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
491
echo_i "check prefetch disabled (${n})"
492
ret=0
Evan Hunt's avatar
Evan Hunt committed
493
$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.1.${n} || ret=1
494
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
495 496
# sleep so we are in expire range
sleep ${ttl1:-0}
497
# look for ttl = 1, allow for one miss at getting zero ttl
498 499
zerotonine="0 1 2 3 4 5 6 7 8 9"
for i in $zerotonine $zerotonine $zerotonine $zerotonine
Evan Hunt's avatar
Evan Hunt committed
500 501
do
	$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.2.${n} || ret=1
502
	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
503
	test ${ttl2:-2} -eq 1 && break
Evan Hunt's avatar
Evan Hunt committed
504
	$PERL -e 'select(undef, undef, undef, 0.05);'
505
done
506
test ${ttl2:-2} -eq 1 || ret=1
507 508 509
# delay so that any prefetched record will have a lower ttl than expected
sleep 3
# check that prefetch has not occured
Evan Hunt's avatar
Evan Hunt committed
510
$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.3.${n} || ret=1
511
ttl=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.3.${n}`
512
test ${ttl:-0} -eq ${ttl1:-1} || ret=1
Evan Hunt's avatar
Evan Hunt committed
513
if [ $ret != 0 ]; then echo_i "failed"; fi
514
status=`expr $status + $ret`
515

516
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
517
echo_i "check prefetch qtype * (${n})"
518
ret=0
Evan Hunt's avatar
Evan Hunt committed
519
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.1.${n} || ret=1
520 521 522 523
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
524
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.2.${n} || ret=1
525 526 527
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
# check that the nameserver is still alive
Evan Hunt's avatar
Evan Hunt committed
528 529
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.3.${n} || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
530 531
status=`expr $status + $ret`

532
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
533
echo_i "check that E was logged on EDNS queries in the query log (${n})"
534
ret=0
Evan Hunt's avatar
Evan Hunt committed
535
$DIG $DIGOPTS @10.53.0.5 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
536
grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
537
$DIG $DIGOPTS @10.53.0.5 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
538 539
grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
540
if [ $ret != 0 ]; then echo_i "failed"; fi
541 542
status=`expr $status + $ret`

543
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
544
echo_i "check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
545 546
ret=0
echo "-t aaaa" > .digrc
Evan Hunt's avatar
Evan Hunt committed
547 548 549
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . > dig.out.1.${n} || ret=1
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . A > dig.out.2.${n} || ret=1
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 -x 127.0.0.1 > dig.out.3.${n} || ret=1
550 551 552 553
grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
554
if [ $ret != 0 ]; then echo_i "failed"; fi
555 556
status=`expr $status + $ret`

557
edns=`$FEATURETEST --edns-version`
558 559

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
560
echo_i "check that EDNS version is logged (${n})"
561
ret=0
Evan Hunt's avatar
Evan Hunt committed
562
$DIG $DIGOPTS @10.53.0.5 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
563 564
grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run > /dev/null || ret=1
if test ${edns:-0} != 0; then
Evan Hunt's avatar
Evan Hunt committed
565
    $DIG $DIGOPTS @10.53.0.5 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
566 567
    grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run > /dev/null || ret=1
fi
Evan Hunt's avatar
Evan Hunt committed
568
if [ $ret != 0 ]; then echo_i "failed"; fi
569 570 571 572
status=`expr $status + $ret`

if test ${edns:-0} != 0; then
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
573
    echo_i "check that edns-version is honoured (${n})"
574
    ret=0
Evan Hunt's avatar
Evan Hunt committed
575
    $DIG $DIGOPTS @10.53.0.5 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
576
    grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
577
    $DIG $DIGOPTS @10.53.0.5 +edns edns-version.tld > dig.out.2.${n} || ret=1
578
    grep "query: edns-version.tld IN A -E(0)" ns7/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
579
    if [ $ret != 0 ]; then echo_i "failed"; fi
580 581 582
    status=`expr $status + $ret`
fi

583
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
584
echo_i "check that CNAME nameserver is logged correctly (${n})"
585
ret=0
Evan Hunt's avatar
Evan Hunt committed
586
$DIG $DIGOPTS soa all-cnames @10.53.0.5 > dig.out.ns5.test${n} || ret=1
587 588
grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
589
if [ $ret != 0 ]; then echo_i "failed"; fi
590 591
status=`expr $status + $ret`

592
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
593
echo_i "check that unexpected opcodes are handled correctly (${n})"
594
ret=0
Evan Hunt's avatar
Evan Hunt committed
595
$DIG $DIGOPTS soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
596
grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1
597 598 599 600 601 602
grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1
grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
603
if [ $ret != 0 ]; then echo_i "failed"; fi
604 605
status=`expr $status + $ret`

606
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
607
echo_i "check that EDNS client subnet with non-zeroed bits is handled correctly (${n})"
608 609
ret=0
# 0001 (IPv4) 1f (31 significant bits) 00 (0) ffffffff (255.255.255.255)
Evan Hunt's avatar
Evan Hunt committed
610
$DIG $DIGOPTS soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
611 612
grep "status: FORMERR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "; EDNS: version:" dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
613
if [ $ret != 0 ]; then echo_i "failed"; fi
614 615 616
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
617
echo_i "check that dig +subnet zeros address bits correctly (${n})"
618
ret=0
Evan Hunt's avatar
Evan Hunt committed
619
$DIG $DIGOPTS soa . @10.53.0.5 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
620 621
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
622
if [ $ret != 0 ]; then echo_i "failed"; fi
623 624
status=`expr $status + $ret`

625
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
626
echo_i "check that SOA query returns data for delegation-only apex (${n})"
627
ret=0
Evan Hunt's avatar
Evan Hunt committed
628
$DIG $DIGOPTS soa delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
629 630
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
631
if [ $ret != 0 ]; then echo_i "failed"; fi
632 633 634 635
status=`expr $status + $ret`
n=`expr $n + 1`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
636
echo_i "check that NS query returns data for delegation-only apex (${n})"
637
ret=0
Evan Hunt's avatar
Evan Hunt committed
638
$DIG $DIGOPTS ns delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
639 640
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
641
if [ $ret != 0 ]; then echo_i "failed"; fi
642 643 644
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
645
echo_i "check that A query returns data for delegation-only A apex (${n})"
646
ret=0
Evan Hunt's avatar
Evan Hunt committed
647
$DIG $DIGOPTS a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
648 649
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
650
if [ $ret != 0 ]; then echo_i "failed"; fi
651 652 653
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
654
echo_i "check that CDS query returns data for delegation-only apex (${n})"
655
ret=0
Evan Hunt's avatar
Evan Hunt committed
656
$DIG $DIGOPTS cds delegation-only @10.53.0.5 > dig.out.ns5.test${n} ||