tests.sh 19.5 KB
Newer Older
Michael Sawyer's avatar
Michael Sawyer committed
1 2
#!/bin/sh
#
Tinderbox User's avatar
Tinderbox User committed
3
# Copyright (C) 2004, 2007, 2009-2014  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4 5 6 7 8 9 10 11 12 13 14 15 16
# Copyright (C) 2000, 2001  Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
Mark Andrews's avatar
Mark Andrews committed
17

18
# $Id: tests.sh,v 1.42 2011/12/16 23:01:17 each Exp $
Michael Sawyer's avatar
Michael Sawyer committed
19 20 21 22 23

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

status=0
24
n=0
Michael Sawyer's avatar
Michael Sawyer committed
25

26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
# wait for zone transfer to complete
tries=0
while true; do
    if [ $tries -eq 10 ]
    then
        exit 1
    fi

    if grep "example.nil/IN.*Transfer completed" ns2/named.run > /dev/null
    then
        break
    else
        echo "I:zones are not fully loaded, waiting..."
        tries=`expr $tries + 1`
        sleep 1
    fi
done

Evan Hunt's avatar
Evan Hunt committed
44
ret=0
45
echo "I:fetching first copy of zone before update"
Michael Sawyer's avatar
Michael Sawyer committed
46
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
47 48
	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
49

Evan Hunt's avatar
Evan Hunt committed
50
ret=0
51
echo "I:fetching second copy of zone before update"
Michael Sawyer's avatar
Michael Sawyer committed
52
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
53 54
	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
55

Evan Hunt's avatar
Evan Hunt committed
56
ret=0
57
echo "I:comparing pre-update copies to known good data"
Evan Hunt's avatar
Evan Hunt committed
58 59 60
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || ret=1
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
61

Evan Hunt's avatar
Evan Hunt committed
62
ret=0
63
echo "I:updating zone"
64
# nsupdate will print a ">" prompt to stdout as it gets each input line.
Evan Hunt's avatar
Evan Hunt committed
65
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
66 67
server 10.53.0.1 5300
update add updated.example.nil. 600 A 10.10.10.1
68 69
add updated.example.nil. 600 TXT Foo
delete t.example.nil.
70 71

END
Evan Hunt's avatar
Evan Hunt committed
72 73
[ $ret = 0 ] || { echo I:failed; status=1; }

74 75
echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5
Michael Sawyer's avatar
Michael Sawyer committed
76

Evan Hunt's avatar
Evan Hunt committed
77
ret=0
78
echo "I:fetching first copy of zone after update"
Michael Sawyer's avatar
Michael Sawyer committed
79
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
80 81
	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
82

Evan Hunt's avatar
Evan Hunt committed
83
ret=0
84
echo "I:fetching second copy of zone after update"
Michael Sawyer's avatar
Michael Sawyer committed
85
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
86 87
	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
88

Evan Hunt's avatar
Evan Hunt committed
89
ret=0
90
echo "I:comparing post-update copies to known good data"
Evan Hunt's avatar
Evan Hunt committed
91 92 93
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
Michael Sawyer's avatar
Michael Sawyer committed
94

Evan Hunt's avatar
Evan Hunt committed
95
ret=0
96
echo "I:testing local update policy"
Evan Hunt's avatar
Evan Hunt committed
97 98 99
pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
[ -z "$pre" ] || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
100

Evan Hunt's avatar
Evan Hunt committed
101
ret=0
102 103
echo "I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
Evan Hunt's avatar
Evan Hunt committed
104
$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || ret=1
105 106 107 108
zone other.nil.
update add new.other.nil. 600 IN A 10.10.10.1
send
END
Evan Hunt's avatar
Evan Hunt committed
109
[ $ret = 0 ] || { echo I:failed; status=1; }
110 111 112 113

echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5

Evan Hunt's avatar
Evan Hunt committed
114
ret=0
115
echo "I:checking result of update"
Evan Hunt's avatar
Evan Hunt committed
116 117 118
post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
[ "$post" = "10.10.10.1" ] || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
119

Evan Hunt's avatar
Evan Hunt committed
120
ret=0
121
echo "I:comparing post-update copy to known good data"
Evan Hunt's avatar
Evan Hunt committed
122 123
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
124

Evan Hunt's avatar
Evan Hunt committed
125
ret=0
126 127
echo "I:testing zone consistency checks"
# inserting an NS record without a corresponding A or AAAA record should fail
Evan Hunt's avatar
Evan Hunt committed
128
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1
129 130 131
update add other.nil. 600 in ns ns3.other.nil.
send
END
Evan Hunt's avatar
Evan Hunt committed
132
grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1
133
# ...but should work if an A record is inserted first:
Evan Hunt's avatar
Evan Hunt committed
134
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
135 136 137 138 139
update add ns4.other.nil 600 in a 10.53.0.1
send
update add other.nil. 600 in ns ns4.other.nil.
send
END
Evan Hunt's avatar
Evan Hunt committed
140
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
141
# ...or if an AAAA record does:
Evan Hunt's avatar
Evan Hunt committed
142
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
143 144 145 146 147
update add ns5.other.nil 600 in aaaa 2001:db8::1
send
update add other.nil. 600 in ns ns5.other.nil.
send
END
Evan Hunt's avatar
Evan Hunt committed
148
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
149
# ...or if the NS and A/AAAA are inserted together:
Evan Hunt's avatar
Evan Hunt committed
150
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
151 152 153 154
update add other.nil. 600 in ns ns6.other.nil.
update add ns6.other.nil 600 in a 10.53.0.1
send
END
Evan Hunt's avatar
Evan Hunt committed
155 156
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
157 158 159 160

echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5

Evan Hunt's avatar
Evan Hunt committed
161
ret=0
162
echo "I:checking result of update"
Evan Hunt's avatar
Evan Hunt committed
163 164 165 166 167 168
$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || ret=1
grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1
grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
169

170 171
ret=0
echo "I:check SIG(0) key is accepted"
172
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx`
173
echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
174
[ $ret = 0 ] || { echo I:failed; status=1; }
175

176 177 178 179 180 181 182 183 184
n=`expr $n + 1`
ret=0
echo "I:check TYPE=0 update is rejected by nsupdate ($n)"
$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1
    server 10.53.0.1 5300
    ttl 300
    update add example.nil. in type0 ""
    send
END
Evan Hunt's avatar
Evan Hunt committed
185 186
grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
187 188 189

n=`expr $n + 1`
ret=0
Evan Hunt's avatar
Evan Hunt committed
190 191
echo "I:check TYPE=0 prerequisite is handled ($n)"
$NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1
192 193 194 195 196 197
    server 10.53.0.1 5300
    prereq nxrrset example.nil. type0
    send
END
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
198
[ $ret = 0 ] || { echo I:failed; status=1; }
199 200 201 202 203 204 205 206

n=`expr $n + 1`
ret=0
echo "I:check that TYPE=0 update is handled ($n)"
echo "a0e4280000010000000100000000060001c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
207
[ $ret = 0 ] || { echo I:failed; status=1; }
208 209 210 211 212 213 214

n=`expr $n + 1`
echo "I:check that TYPE=0 additional data is handled ($n)"
echo "a0e4280000010000000000010000060001c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
215
[ $ret = 0 ] || { echo I:failed; status=1; }
216

217 218 219 220 221 222
n=`expr $n + 1`
echo "I:check that update to undefined class is handled ($n)"
echo "a0e4280000010001000000000000060101c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
223
[ $ret = 0 ] || { echo I:failed; status=1; }
224

225 226 227 228 229 230 231 232 233 234 235
n=`expr $n + 1`
echo "I:check that address family mismatch is handled ($n)"
$NSUPDATE <<END > /dev/null 2>&1 && ret=1
server ::1
local 127.0.0.1
update add 600 txt.example.nil in txt "test"
send
END
[ $ret = 0 ] || { echo I:failed; status=1; }


236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
n=`expr $n + 1`
echo "I:check that unixtime serial number is correctly generated ($n)"
oldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
$NSUPDATE <<END > /dev/null 2>&1 || ret=1
    server 10.53.0.1 5300
    ttl 600
    update add new.unixtime.nil in a 1.2.3.4
    send
END
now=`$PERL -e 'print time()."\n";'`
sleep 1
serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
[ "$oldserial" -ne "$serial" ] || ret=1
# allow up to 2 seconds difference between the serial
# number and the unix epoch date but no more
$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1
Evan Hunt's avatar
Evan Hunt committed
252
[ $ret = 0 ] || { echo I:failed; status=1; }
253

254 255 256 257 258 259 260 261
if $PERL -e 'use Net::DNS;' 2>/dev/null
then
    echo "I:running update.pl test"
    $PERL update_test.pl -s 10.53.0.1 -p 5300 update.nil. || status=1
else
    echo "I:The second part of this test requires the Net::DNS library." >&2
fi

Evan Hunt's avatar
Evan Hunt committed
262
ret=0
263 264
echo "I:fetching first copy of test zone"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
265 266
	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
267 268 269

echo "I:fetching second copy of test zone"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
270 271
	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
272

Evan Hunt's avatar
Evan Hunt committed
273
ret=0
274
echo "I:comparing zones"
Evan Hunt's avatar
Evan Hunt committed
275 276
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
277

278
echo "I:SIGKILL and restart server ns1"
279 280 281 282
cd ns1
kill -KILL `cat named.pid`
rm named.pid
cd ..
283 284
sleep 10
if 
285
	$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
286 287 288 289 290 291
then
	echo "I:restarted server ns1"	
else
	echo "I:could not restart server ns1"
	exit 1
fi
292
sleep 10
293

Evan Hunt's avatar
Evan Hunt committed
294
ret=0
295 296
echo "I:fetching ns1 after hard restart"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
Evan Hunt's avatar
Evan Hunt committed
297 298
	@10.53.0.1 axfr -p 5300 > dig.out.ns1.after || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
299

Evan Hunt's avatar
Evan Hunt committed
300
ret=0
301
echo "I:comparing zones"
Evan Hunt's avatar
Evan Hunt committed
302 303
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
304

305 306
echo "I:begin RT #482 regression test"

Evan Hunt's avatar
Evan Hunt committed
307
ret=0
308
echo "I:update master"
Evan Hunt's avatar
Evan Hunt committed
309
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
310 311 312 313 314 315
server 10.53.0.1 5300
update add updated2.example.nil. 600 A 10.10.10.2
update add updated2.example.nil. 600 TXT Bar
update delete c.example.nil.
send
END
Evan Hunt's avatar
Evan Hunt committed
316
[ $ret = 0 ] || { echo I:failed; status=1; }
317 318 319 320 321 322 323 324

sleep 5

echo "I:SIGHUP slave"
kill -HUP `cat ns2/named.pid`

sleep 5

Evan Hunt's avatar
Evan Hunt committed
325
ret=0
326
echo "I:update master again"
Evan Hunt's avatar
Evan Hunt committed
327
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
328 329 330
server 10.53.0.1 5300
update add updated3.example.nil. 600 A 10.10.10.3
update add updated3.example.nil. 600 TXT Zap
331
del d.example.nil.
332 333
send
END
Evan Hunt's avatar
Evan Hunt committed
334
[ $ret = 0 ] || { echo I:failed; status=1; }
335 336 337 338 339 340 341 342

sleep 5

echo "I:SIGHUP slave again"
kill -HUP `cat ns2/named.pid`

sleep 5

Evan Hunt's avatar
Evan Hunt committed
343
echo "I:check to 'out of sync' message"
344 345
if grep "out of sync" ns2/named.run
then
Evan Hunt's avatar
Evan Hunt committed
346
	echo "I: failed (found 'out of sync')"
347 348 349 350 351
	status=1
fi

echo "I:end RT #482 regression test"

352 353
n=`expr $n + 1`
ret=0
Evan Hunt's avatar
Evan Hunt committed
354
echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)"
355 356 357 358 359 360 361 362 363 364 365 366 367 368
$NSUPDATE << EOF
server 10.53.0.3 5300
update add example 3600 nsec3param 1 0 0 -
send
EOF

sleep 1

# the zone is not signed.  The nsec3param records should be removed.
# this also proves that the server is still running.
$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\
	@10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
369
[ $ret = 0 ] || { echo I:failed; status=1; }
370 371 372

n=`expr $n + 1`
ret=0
Evan Hunt's avatar
Evan Hunt committed
373
echo "I:change the NSEC3PARAM ttl via update ($n)"
374 375 376 377 378 379 380 381 382 383 384 385 386
$NSUPDATE << EOF
server 10.53.0.3 5300
update add nsec3param.test 3600 NSEC3PARAM 1 0 1 -
send
EOF

sleep 1

$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
        @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1
grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
387
[ $ret = 0 ] || { echo I:failed; status=1; }
388 389 390

n=`expr $n + 1`
ret=0
Evan Hunt's avatar
Evan Hunt committed
391
echo "I:add a new the NSEC3PARAM via update ($n)"
392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408
$NSUPDATE << EOF
server 10.53.0.3 5300
update add nsec3param.test 3600 NSEC3PARAM 1 0 4 -
send
EOF

sleep 1

$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
        @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
grep "ANSWER: 2" dig.out.ns3.$n > /dev/null || ret=1
grep "NSEC3PARAM 1 0 4 -" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi

n=`expr $n + 1`
ret=0
Evan Hunt's avatar
Evan Hunt committed
409
echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)"
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435
$NSUPDATE << EOF
server 10.53.0.3 5300
update delete nsec3param.test NSEC3PARAM
update add nsec3param.test 7200 NSEC3PARAM 1 0 5 -
send
EOF

sleep 1

$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
        @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1
grep "7200.*NSEC3PARAM 1 0 5 -" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
$JOURNALPRINT ns3/nsec3param.test.db.signed.jnl > jp.out.ns3.$n
# intermediate TTL changes.
grep "add nsec3param.test.	7200	IN	NSEC3PARAM 1 0 4 -" jp.out.ns3.$n > /dev/null || ret=1
grep "add nsec3param.test.	7200	IN	NSEC3PARAM 1 0 1 -" jp.out.ns3.$n > /dev/null || ret=1
# delayed adds and deletes.
grep "add nsec3param.test.	0	IN	TYPE65534 .# 6 000180000500" jp.out.ns3.$n > /dev/null || ret=1
grep "add nsec3param.test.	0	IN	TYPE65534 .# 6 000140000100" jp.out.ns3.$n > /dev/null || ret=1
grep "add nsec3param.test.	0	IN	TYPE65534 .# 6 000140000400" jp.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi



436
echo "I:testing that rndc stop updates the master file"
Evan Hunt's avatar
Evan Hunt committed
437
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
438 439 440 441 442
server 10.53.0.1 5300
update add updated4.example.nil. 600 A 10.10.10.3
send
END
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1
Andreas Gustafsson's avatar
updated  
Andreas Gustafsson committed
443 444 445
# Removing the journal file and restarting the server means
# that the data served by the new server process are exactly
# those dumped to the master file by "rndc stop".
446
rm -f ns1/*jnl
447
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
448 449
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\
	@10.53.0.1 a -p 5300 > dig.out.ns1 || status=1
Evan Hunt's avatar
Evan Hunt committed
450 451
$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
452

453 454 455 456 457 458 459 460 461
ret=0
echo "I:check that 'nsupdate -l' with a missing keyfile reports the missing file"
$NSUPDATE -l -p 5300 -k ns1/nonexistant.key 2> nsupdate.out < /dev/null
grep ns1/nonexistant.key nsupdate.out > /dev/null || ret=1
if test $ret -ne 0
then
echo "I:failed"; status=1
fi

462 463 464 465 466 467 468 469 470 471 472 473 474
n=`expr $n + 1`
ret=0
echo "I:check that changes to the DNSKEY RRset TTL do not have side effects ($n)"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \
        @10.53.0.3 -p 5300 dnskey | \
	sed -n 's/\(.*\)10.IN/update add \1600 IN/p' |
	(echo server 10.53.0.3 5300; cat - ; echo send ) |
$NSUPDATE 

$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \
	@10.53.0.3 -p 5300 any > dig.out.ns3.$n

grep "600.*DNSKEY" dig.out.ns3.$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
475
grep TYPE65534 dig.out.ns3.$n > /dev/null && ret=1
476 477 478 479
if test $ret -ne 0
then
echo "I:failed"; status=1
fi
480

481 482 483 484 485 486 487 488 489 490 491 492
n=`expr $n + 1`
ret=0
echo "I:check notify with TSIG worked ($n)"
# if the alternate view received a notify--meaning, the notify was
# validly signed by "altkey"--then the zonefile update.alt.bk will
# will have been created.
[ -f ns2/update.alt.bk ] || ret=1
if [ $ret -ne 0 ]; then
    echo "I:failed"
    status=1
fi

493 494 495 496 497 498 499 500 501 502
n=`expr $n + 1`
ret=0
echo "I:check type list options ($n)"
$NSUPDATE -T > typelist.out.T.${n} || { ret=1; echo "I: nsupdate -T failed"; }
$NSUPDATE -P > typelist.out.P.${n} || { ret=1; echo "I: nsupdate -P failed"; }
$NSUPDATE -TP > typelist.out.TP.${n} || { ret=1; echo "I: nsupdate -TP failed"; }
grep ANY typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-T)"; }
grep ANY typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-P)"; }
grep ANY typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-TP)"; }
grep KEYDATA typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-T)"; }
503 504
grep KEYDATA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-P)"; }
grep KEYDATA typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-TP)"; }
505 506 507 508 509 510 511 512
grep AAAA typelist.out.T.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-T)"; }
grep AAAA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: AAAA found (-P)"; }
grep AAAA typelist.out.TP.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-TP)"; }
if [ $ret -ne 0 ]; then
    echo "I:failed"
    status=1
fi

513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535
n=`expr $n + 1`
ret=0
echo "I:check command list ($n)"
(
while read cmd 
do
    echo "$cmd" | $NSUPDATE  > /dev/null 2>&1
    if test $? -gt 1 ; then
	echo "I: failed ($cmd)"
	ret=1
    fi
    echo "$cmd " | $NSUPDATE  > /dev/null 2>&1
    if test $? -gt 1 ; then
	echo "I: failed ($cmd)"
	ret=1
    fi
done
exit $ret
) < commandlist || ret=1
if [ $ret -ne 0 ]; then
    status=1
fi

536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554
n=`expr $n + 1`
ret=0
echo "I:check TSIG key algorithms ($n)"
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
    $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add ${alg}.keytests.nil. 600 A 10.10.10.3
send
END
done
sleep 2
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
    $DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
done
if [ $ret -ne 0 ]; then
    echo "I:failed"
    status=1
fi

Evan Hunt's avatar
Evan Hunt committed
555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571
n=`expr $n + 1`
ret=0
echo "I:check that ttl is capped by max-ttl ($n)"
$NSUPDATE <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add cap.max-ttl.nil. 600 A 10.10.10.3
update add nocap.max-ttl.nil. 150 A 10.10.10.3
send
END
sleep 2
$DIG @10.53.0.1 -p 5300  cap.max-ttl.nil | grep "^cap.max-ttl.nil.	300" > /dev/null 2>&1 || ret=1
$DIG @10.53.0.1 -p 5300  nocap.max-ttl.nil | grep "^nocap.max-ttl.nil.	150" > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
    echo "I:failed"
    status=1
fi

572 573 574 575 576 577 578 579 580 581 582 583
n=`expr $n + 1`
ret=0
echo "I:add a record which is truncated when logged. ($n)"
$NSUPDATE verylarge || ret=1
$DIG +tcp @10.53.0.1 -p 5300 txt txt.update.nil > dig.out.ns1.test$n
grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
grep "adding an RR at 'txt.update.nil' TXT .* \[TRUNCATED\]"  ns1/named.run > /dev/null || ret=1
if [ $ret -ne 0 ]; then
    echo "I:failed"
    status=1
fi

584 585 586 587 588 589 590 591 592
n=`expr $n + 1`
echo "I:check that yyyymmddvv serial number is correctly generated ($n)"
oldserial=`$DIG +short yyyymmddvv.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
$NSUPDATE <<END > /dev/null 2>&1 || ret=1
    server 10.53.0.1 5300
    ttl 600
    update add new.yyyymmddvv.nil in a 1.2.3.4
    send
END
Mark Andrews's avatar
Mark Andrews committed
593
now=`$PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];'`
594 595 596 597 598 599
sleep 1
serial=`$DIG +short yyyymmddvv.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
[ "$oldserial" -ne "$serial" ] || ret=1
[ "$serial" -eq "$now" ] || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }

600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625
n=`expr $n + 1`
echo "I:send many simultaneous updates via a update forwarder ($n)"
ret=0
for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
do
(
    for j in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
    do
    (
	$NSUPDATE << EOF
server 10.53.0.3 5300
zone many.test
update add $i-$j.many.test 0 IN A 1.2.3.4
send
EOF
    ) &
    done
    wait
) &
done
wait
dig axfr many.test @10.53.0.1 -p 5300 > dig.out.test$n
lines=`awk '$4 == "A" { l++ } END { print l }' dig.out.test$n`
test ${lines:-0} -eq 289 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }

626
echo "I:exit status: $status"
Michael Sawyer's avatar
Michael Sawyer committed
627
exit $status