tests.sh 42.1 KB
Newer Older
1 2
#!/bin/sh
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
4
#
5 6 7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 9 10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
Evan Hunt's avatar
Evan Hunt committed
11

12
# shellcheck source=conf.sh
13
SYSTEMTESTTOP=..
14
. "$SYSTEMTESTTOP/conf.sh"
Evan Hunt's avatar
Evan Hunt committed
15

16 17
set -e

Evan Hunt's avatar
Evan Hunt committed
18 19
status=0
n=0
20

21
sendcmd() {
22
    "$PERL" "$SYSTEMTESTTOP/send.pl" "${1}" "$EXTRAPORT1"
23 24 25 26 27 28 29 30 31 32
}

dig_with_opts() {
    "$DIG" -p "$PORT" "$@"
}

mdig_with_opts() {
    "$MDIG" -p "$PORT" "$@"
}

Mark Andrews's avatar
Mark Andrews committed
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
# Check if response in file $1 has the correct TTL range.
# The response record must have RRtype $2 and class IN (CLASS1).
# Maximum TTL is given by $3.  This works in most cases where TTL is
# the second word on the line.  TTL position can be adjusted with
# setting the position $4, but that requires updating this function.
check_ttl_range() {
    file=$1
    pos=$4

    case "$pos" in
    "3")
    awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
    ;;
    *)
    awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
    ;;
    esac

   result=$?
   [ $result -eq 0 ] || echo_i "ttl check failed"
   return $result
}

56 57
# using delv insecure mode as not testing dnssec here
delv_with_opts() {
Evan Hunt's avatar
Evan Hunt committed
58
    "$DELV" +noroot -p "$PORT" "$@"
59 60 61
}

KEYID="$(cat ns2/keyid)"
62 63
KEYDATA="$(< ns2/keydata sed -e 's/+/[+]/g')"
NOSPLIT="$(< ns2/keydata sed -e 's/+/[+]/g' -e 's/ //g')"
64

Evan Hunt's avatar
Evan Hunt committed
65 66 67 68 69
HAS_PYYAML=0
if [ -n "$PYTHON" ] ; then
	$PYTHON -c "import yaml" 2> /dev/null && HAS_PYYAML=1
fi

70
if [ -x "$DIG" ] ; then
71

72
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
73
  echo_i "checking dig short form works ($n)"
74
  ret=0
75 76 77 78
  dig_with_opts @10.53.0.3 +short a a.example > dig.out.test$n || ret=1
  test "$(wc -l < dig.out.test$n)" -eq 1 || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
79

80
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
81
  echo_i "checking dig split width works ($n)"
82
  ret=0
83
  dig_with_opts @10.53.0.3 +split=4 -t sshfp foo.example > dig.out.test$n || ret=1
84
  grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
85
  check_ttl_range dig.out.test$n "SSHFP" 300 || ret=1
86 87
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
88

89
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
90
  echo_i "checking dig +unknownformat works ($n)"
91
  ret=0
92
  dig_with_opts @10.53.0.3 +unknownformat a a.example > dig.out.test$n || ret=1
93
  grep "CLASS1[ 	][ 	]*TYPE1[ 	][ 	]*\\\\# 4 0A000001" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
94
  check_ttl_range dig.out.test$n "TYPE1" 300 || ret=1
95 96
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
97

98
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
99
  echo_i "checking dig with reverse lookup works ($n)"
100
  ret=0
101
  dig_with_opts @10.53.0.3 -x 127.0.0.1 > dig.out.test$n 2>&1 || ret=1
102
  # doesn't matter if has answer
103
  grep -i "127\\.in-addr\\.arpa\\." < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
104
  check_ttl_range dig.out.test$n "SOA" 86400 || ret=1
105 106
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
107

108
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
109
  echo_i "checking dig over TCP works ($n)"
110
  ret=0
111
  dig_with_opts +tcp @10.53.0.3 a a.example > dig.out.test$n || ret=1
112
  grep "10\\.0\\.0\\.1$" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
113
  check_ttl_range dig.out.test$n "A" 300 || ret=1
114 115
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
116

117
  n=$((n+1))
118
  echo_i "checking dig +multi +norrcomments works for DNSKEY (when default is rrcomments)($n)"
Evan Hunt's avatar
Evan Hunt committed
119
  ret=0
120 121
  dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t DNSKEY dnskey.example > dig.out.test$n || ret=1
  grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" dig.out.test$n > /dev/null && ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
122
  check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
123 124
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
125

126
  n=$((n+1))
127
  echo_i "checking dig +multi +norrcomments works for SOA (when default is rrcomments)($n)"
Evan Hunt's avatar
Evan Hunt committed
128
  ret=0
129 130
  dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t SOA example > dig.out.test$n || ret=1
  grep "; serial" dig.out.test$n > /dev/null && ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
131
  check_ttl_range dig.out.test$n "SOA" 300 || ret=1
132 133
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
134

135
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
136
  echo_i "checking dig +rrcomments works for DNSKEY($n)"
Evan Hunt's avatar
Evan Hunt committed
137
  ret=0
138 139
  dig_with_opts +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
  grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
140
  check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
141 142
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
143

144
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
145
  echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
Evan Hunt's avatar
Evan Hunt committed
146
  ret=0
147 148 149 150
  dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
  grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" < dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
151

152
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
153
  echo_i "checking dig +short +nosplit works($n)"
154
  ret=0
155 156 157 158
  dig_with_opts +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1
  grep "$NOSPLIT" < dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
159

160
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
161
  echo_i "checking dig +short +rrcomments works($n)"
162
  ret=0
163
  dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
164
  grep -q "$KEYDATA  ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" < dig.out.test$n || ret=1
165 166
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
167

168
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
169
  echo_i "checking dig multi flag is local($n)"
170
  ret=0
171 172 173 174 175 176 177 178 179 180 181 182
  dig_with_opts +tcp @10.53.0.3 -t DNSKEY dnskey.example +nomulti dnskey.example +nomulti > dig.out.nn.$n || ret=1
  dig_with_opts +tcp @10.53.0.3 -t DNSKEY dnskey.example +multi dnskey.example +nomulti > dig.out.mn.$n || ret=1
  dig_with_opts +tcp @10.53.0.3 -t DNSKEY dnskey.example +nomulti dnskey.example +multi > dig.out.nm.$n || ret=1
  dig_with_opts +tcp @10.53.0.3 -t DNSKEY dnskey.example +multi dnskey.example +multi > dig.out.mm.$n || ret=1
  lcnn=$(wc -l < dig.out.nn.$n)
  lcmn=$(wc -l < dig.out.mn.$n)
  lcnm=$(wc -l < dig.out.nm.$n)
  lcmm=$(wc -l < dig.out.mm.$n)
  test "$lcmm" -ge "$lcnm" || ret=1
  test "$lcmm" -ge "$lcmn" || ret=1
  test "$lcnm" -ge "$lcnn" || ret=1
  test "$lcmn" -ge "$lcnn" || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
183 184 185 186
  check_ttl_range dig.out.nn.$n "DNSKEY" 300 || ret=1
  check_ttl_range dig.out.mn.$n "DNSKEY" 300 || ret=1
  check_ttl_range dig.out.nm.$n "DNSKEY" 300 || ret=1
  check_ttl_range dig.out.mm.$n "DNSKEY" 300 || ret=1
187 188 189 190
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
191
  echo_i "checking dig +noheader-only works ($n)"
192
  ret=0
193
  dig_with_opts +tcp @10.53.0.3 +noheader-only A example > dig.out.test$n || ret=1
194
  grep "Got answer:" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
195
  check_ttl_range dig.out.test$n "SOA" 300 || ret=1
196 197
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
198

199
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
200
  echo_i "checking dig +short +rrcomments works($n)"
201
  ret=0
202
  dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
203
  grep -q "$KEYDATA  ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" < dig.out.test$n || ret=1
204 205
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
206

207
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
208
  echo_i "checking dig +header-only works ($n)"
209
  ret=0
210
  dig_with_opts +tcp @10.53.0.3 +header-only example > dig.out.test$n || ret=1
211 212
  grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
  grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1
213 214
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
215

216
  n=$((n+1))
217 218
  echo_i "checking dig +raflag works ($n)"
  ret=0
219
  dig_with_opts +tcp @10.53.0.3 +raflag +qr example > dig.out.test$n || ret=1
220 221
  grep "^;; flags: rd ra ad; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
  grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
222
  check_ttl_range dig.out.test$n "SOA" 300 || ret=1
223 224
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
225

226
  n=$((n+1))
227 228
  echo_i "checking dig +tcflag works ($n)"
  ret=0
229
  dig_with_opts +tcp @10.53.0.3 +tcflag +qr example > dig.out.test$n || ret=1
230 231
  grep "^;; flags: tc rd ad; QUERY: 1, ANSWER: 0" < dig.out.test$n > /dev/null || ret=1
  grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
232
  check_ttl_range dig.out.test$n "SOA" 300 || ret=1
233 234
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
235

236
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
237
  echo_i "checking dig +header-only works (with class and type set) ($n)"
238
  ret=0
239
  dig_with_opts +tcp @10.53.0.3 +header-only -c IN -t A example > dig.out.test$n || ret=1
240 241
  grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
  grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1
242 243
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
244

245
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
246
  echo_i "checking dig +zflag works, and that BIND properly ignores it ($n)"
247
  ret=0
248
  dig_with_opts +tcp @10.53.0.3 +zflag +qr A example > dig.out.test$n || ret=1
249 250
  sed -n '/Sending:/,/Got answer:/p' dig.out.test$n | grep "^;; flags: rd ad; MBZ: 0x4;" > /dev/null || ret=1
  sed -n '/Got answer:/,/AUTHORITY SECTION:/p' dig.out.test$n | grep "^;; flags: qr rd ra; QUERY: 1" > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
251
  check_ttl_range dig.out.test$n "SOA" 300 || ret=1
252 253
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
254

255
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
256
  echo_i "checking dig +qr +ednsopt=08 does not cause an INSIST failure ($n)"
257
  ret=0
258
  dig_with_opts @10.53.0.3 +ednsopt=08 +qr a a.example > dig.out.test$n || ret=1
259 260
  grep "INSIST" < dig.out.test$n > /dev/null && ret=1
  grep "FORMERR" < dig.out.test$n > /dev/null || ret=1
261 262
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
263

Matthijs Mekking's avatar
Matthijs Mekking committed
264
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
265
  echo_i "checking dig +ttlunits works ($n)"
266
  ret=0
267
  dig_with_opts +tcp @10.53.0.2 +ttlunits A weeks.example > dig.out.test$n || ret=1
268
  grep "^weeks.example.		3w" < dig.out.test$n > /dev/null || ret=1
269
  dig_with_opts +tcp @10.53.0.2 +ttlunits A days.example > dig.out.test$n || ret=1
270
  grep "^days.example.		3d" < dig.out.test$n > /dev/null || ret=1
271
  dig_with_opts +tcp @10.53.0.2 +ttlunits A hours.example > dig.out.test$n || ret=1
272
  grep "^hours.example.		3h" < dig.out.test$n > /dev/null || ret=1
273
  dig_with_opts +tcp @10.53.0.2 +ttlunits A minutes.example > dig.out.test$n || ret=1
274
  grep "^minutes.example.	45m" < dig.out.test$n > /dev/null || ret=1
275
  dig_with_opts +tcp @10.53.0.2 +ttlunits A seconds.example > dig.out.test$n || ret=1
276
  grep "^seconds.example.	45s" < dig.out.test$n > /dev/null || ret=1
277 278
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
279

280
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
281
  echo_i "checking dig respects precedence of options with +ttlunits ($n)"
282
  ret=0
283
  dig_with_opts +tcp @10.53.0.2 +ttlunits +nottlid A weeks.example > dig.out.test$n || ret=1
284
  grep "^weeks.example.		IN" < dig.out.test$n > /dev/null || ret=1
285
  dig_with_opts +tcp @10.53.0.2 +nottlid +ttlunits A weeks.example > dig.out.test$n || ret=1
286
  grep "^weeks.example.		3w" < dig.out.test$n > /dev/null || ret=1
287
  dig_with_opts +tcp @10.53.0.2 +nottlid +nottlunits A weeks.example > dig.out.test$n || ret=1
288
  grep "^weeks.example.		1814400" < dig.out.test$n > /dev/null || ret=1
289 290
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
291

292
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
293
  echo_i "checking dig preserves origin on TCP retries ($n)"
294 295
  ret=0
  # Ask ans4 to still accept TCP connections, but not respond to queries
296
  echo "//" | sendcmd 10.53.0.4
297 298
  dig_with_opts -d +tcp @10.53.0.4 +retry=1 +time=1 +domain=bar foo > dig.out.test$n 2>&1 && ret=1
  test "$(grep -c "trying origin bar" dig.out.test$n)" -eq 2 || ret=1
299
  grep "using root origin" < dig.out.test$n > /dev/null && ret=1
300 301
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
302

303
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
304
  echo_i "checking dig -6 -4 ($n)"
305
  ret=0
306
  dig_with_opts +tcp @10.53.0.2 -4 -6 A a.example > dig.out.test$n 2>&1 && ret=1
307
  grep "only one of -4 and -6 allowed" < dig.out.test$n > /dev/null || ret=1
308 309
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
310

311
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
312
  echo_i "checking dig @IPv6addr -4 A a.example ($n)"
313
  if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null
314 315
  then
    ret=0
316
    dig_with_opts +tcp @fd92:7065:b8e:ffff::2 -4 A a.example > dig.out.test$n 2>&1 && ret=1
317
    grep "address family not supported" < dig.out.test$n > /dev/null || ret=1
318 319
    if [ $ret -ne 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
320
  else
Evan Hunt's avatar
Evan Hunt committed
321
    echo_i "IPv6 unavailable; skipping"
322
  fi
Evan Hunt's avatar
Evan Hunt committed
323

324
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
325
  echo_i "checking dig @IPv4addr -6 +mapped A a.example ($n)"
326
  if "$TESTSOCK6" fd92:7065:b8e:ffff::2 2>/dev/null && [ "$(uname -s)" != "OpenBSD" ]
327 328 329
  then
    ret=0
    ret=0
330 331 332 333
    dig_with_opts +tcp @10.53.0.2 -6 +mapped A a.example > dig.out.test$n 2>&1 || ret=1
    grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null || ret=1
    if [ $ret -ne 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
334
  else
Evan Hunt's avatar
Evan Hunt committed
335
    echo_i "IPv6 or IPv4-to-IPv6 mapping unavailable; skipping"
336
  fi
337

338
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
339
  echo_i "checking dig +tcp @IPv4addr -6 +nomapped A a.example ($n)"
340
  if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null
341 342 343
  then
    ret=0
    ret=0
344 345 346 347
    dig_with_opts +tcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1
    grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null && ret=1
    if [ $ret -ne 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
348
  else
Evan Hunt's avatar
Evan Hunt committed
349
    echo_i "IPv6 unavailable; skipping"
350
  fi
351
  n=$((n+1))
352

Evan Hunt's avatar
Evan Hunt committed
353
  echo_i "checking dig +notcp @IPv4addr -6 +nomapped A a.example ($n)"
354
  if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null
355 356 357
  then
    ret=0
    ret=0
358 359 360 361
    dig_with_opts +notcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1
    grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null && ret=1
    if [ $ret -ne 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
362
  else
Evan Hunt's avatar
Evan Hunt committed
363
    echo_i "IPv6 unavailable; skipping"
364
  fi
Evan Hunt's avatar
Evan Hunt committed
365

366
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
367
  echo_i "checking dig +subnet ($n)"
368
  ret=0
369
  dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1
370
  grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
371
  check_ttl_range dig.out.test$n "A" 300 || ret=1
372 373
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
374

375
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
376
  echo_i "checking dig +subnet +subnet ($n)"
377
  ret=0
378
  dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1
379
  grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
380
  check_ttl_range dig.out.test$n "A" 300 || ret=1
381 382
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
383

384
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
385
  echo_i "checking dig +subnet with various prefix lengths ($n)"
386 387
  ret=0
  for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24; do
388
      dig_with_opts +tcp @10.53.0.2 +subnet=255.255.255.255/$i A a.example > dig.out.$i.test$n 2>&1 || ret=1
389 390 391 392 393 394 395 396 397 398 399 400 401 402 403
      case $i in
      1|9|17) octet=128 ;;
      2|10|18) octet=192 ;;
      3|11|19) octet=224 ;;
      4|12|20) octet=240 ;;
      5|13|21) octet=248 ;;
      6|14|22) octet=252 ;;
      7|15|23) octet=254 ;;
      8|16|24) octet=255 ;;
      esac
      case $i in
      1|2|3|4|5|6|7|8) addr="${octet}.0.0.0";;
      9|10|11|12|13|14|15|16) addr="255.${octet}.0.0";;
      17|18|19|20|21|22|23|24) addr="255.255.${octet}.0" ;;
      esac
404 405
      grep "FORMERR" < dig.out.$i.test$n > /dev/null && ret=1
      grep "CLIENT-SUBNET: $addr/$i/0" < dig.out.$i.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
406
      check_ttl_range dig.out.$i.test$n "A" 300 || ret=1
407
  done
408 409
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
410

411
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
412
  echo_i "checking dig +subnet=0/0 ($n)"
413
  ret=0
414
  dig_with_opts +tcp @10.53.0.2 +subnet=0/0 A a.example > dig.out.test$n 2>&1 || ret=1
415 416 417
  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
  grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
418
  check_ttl_range dig.out.test$n "A" 300 || ret=1
419 420
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
421

422
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
423
  echo_i "checking dig +subnet=0 ($n)"
424
  ret=0
425
  dig_with_opts +tcp @10.53.0.2 +subnet=0 A a.example > dig.out.test$n 2>&1 || ret=1
426 427 428
  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
  grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
429
  check_ttl_range dig.out.test$n "A" 300 || ret=1
430 431
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
432

433
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
434
  echo_i "checking dig +subnet=::/0 ($n)"
435
  ret=0
436
  dig_with_opts +tcp @10.53.0.2 +subnet=::/0 A a.example > dig.out.test$n 2>&1 || ret=1
437 438 439
  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
  grep "CLIENT-SUBNET: ::/0/0" < dig.out.test$n > /dev/null || ret=1
  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
440
  check_ttl_range dig.out.test$n "A" 300 || ret=1
441 442
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
443

444
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
445
  echo_i "checking dig +ednsopt=8:00000000 (family=0, source=0, scope=0) ($n)"
446
  ret=0
447
  dig_with_opts +tcp @10.53.0.2 +ednsopt=8:00000000 A a.example > dig.out.test$n 2>&1 || ret=1
448
  grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
449
  grep "CLIENT-SUBNET: 0/0/0" < dig.out.test$n > /dev/null || ret=1
450
  grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
451
  check_ttl_range dig.out.test$n "A" 300 || ret=1
452 453
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
454

455
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
456
  echo_i "checking dig +ednsopt=8:00030000 (family=3, source=0, scope=0) ($n)"
457
  ret=0
458
  dig_with_opts +qr +tcp @10.53.0.2 +ednsopt=8:00030000 A a.example > dig.out.test$n 2>&1 || ret=1
459 460
  grep "status: FORMERR" < dig.out.test$n > /dev/null || ret=1
  grep "CLIENT-SUBNET: 00 03 00 00" < dig.out.test$n > /dev/null || ret=1
461 462 463
  test "$(grep -c "CLIENT-SUBNET: 00 03 00 00" dig.out.test$n)" -eq 1 || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
464

465
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
466
  echo_i "checking dig +subnet with prefix lengths between byte boundaries ($n)"
467 468
  ret=0
  for p in 9 10 11 12 13 14 15; do
469
    dig_with_opts +tcp @10.53.0.2 +subnet=10.53/$p A a.example > dig.out.test.$p.$n 2>&1 || ret=1
470 471
    grep "FORMERR" < dig.out.test.$p.$n > /dev/null && ret=1
    grep "CLIENT-SUBNET.*/$p/0" < dig.out.test.$p.$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
472
    check_ttl_range dig.out.test.$p.$n "A" 300 || ret=1
473
  done
474 475
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
Evan Hunt's avatar
Evan Hunt committed
476

477
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
478
  echo_i "checking dig +sp works as an abbreviated form of split ($n)"
479
  ret=0
480
  dig_with_opts @10.53.0.3 +sp=4 -t sshfp foo.example > dig.out.test$n || ret=1
481
  grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
482
  check_ttl_range dig.out.test$n "SSHFP" 300 || ret=1
483 484
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
485

486
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
487
  echo_i "checking dig -c works ($n)"
488
  ret=0
489
  dig_with_opts @10.53.0.3 -c CHAOS -t txt version.bind > dig.out.test$n || ret=1
490
  grep "version.bind.		0	CH	TXT" < dig.out.test$n > /dev/null || ret=1
491 492
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
493

494
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
495
  echo_i "checking dig +dscp ($n)"
496
  ret=0
497 498 499
  dig_with_opts @10.53.0.3 +dscp=32 a a.example > /dev/null 2>&1 || ret=1
  dig_with_opts @10.53.0.3 +dscp=-1 a a.example > /dev/null 2>&1 && ret=1
  dig_with_opts @10.53.0.3 +dscp=64 a a.example > /dev/null 2>&1 && ret=1
500 501
  #TODO add a check to make sure dig is actually setting the dscp on the query
  #we might have to add better logging to named for this
502 503
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
504

505
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
506
  echo_i "checking dig +ednsopt with option number ($n)"
507
  ret=0
508
  dig_with_opts @10.53.0.3 +ednsopt=3 a.example > dig.out.test$n 2>&1 || ret=1
509
  grep 'NSID: .* ("ns3")' dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
510
  check_ttl_range dig.out.test$n "A" 300 || ret=1
511 512
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
513

514
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
515
  echo_i "checking dig +ednsopt with option name ($n)"
516
  ret=0
517
  dig_with_opts @10.53.0.3 +ednsopt=nsid a.example > dig.out.test$n 2>&1 || ret=1
518
  grep 'NSID: .* ("ns3")' dig.out.test$n > /dev/null || ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
519
  check_ttl_range dig.out.test$n "A" 300 || ret=1
520 521
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
522

523 524 525 526 527 528 529 530
  n=$((n+1))
  echo_i "checking ednsopt LLQ prints as expected ($n)"
  ret=0
  dig_with_opts @10.53.0.3 +ednsopt=llq:0001000200001234567812345678fefefefe +qr a.example > dig.out.test$n 2>&1 || ret=1
  grep 'LLQ: Version: 1, Opcode: 2, Error: 0, Identifier: 1311768465173141112, Lifetime: 4278124286$' dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

531
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
532
  echo_i "checking that dig warns about .local queries ($n)"
533
  ret=0
534
  dig_with_opts @10.53.0.3 local soa > dig.out.test$n 2>&1 || ret=1
535
  grep ";; WARNING: .local is reserved for Multicast DNS" dig.out.test$n > /dev/null || ret=1
536 537
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
538

539
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
540
  echo_i "check that dig processes +ednsopt=key-tag and FORMERR is returned ($n)"
541
  dig_with_opts @10.53.0.3 +ednsopt=key-tag a.example +qr > dig.out.test$n 2>&1 || ret=1
542
  grep "; KEY-TAG$" dig.out.test$n > /dev/null || ret=1
543
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
544 545
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
546

547
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
548
  echo_i "check that dig processes +ednsopt=key-tag:<value-list> ($n)"
549
  dig_with_opts @10.53.0.3 +ednsopt=key-tag:00010002 a.example +qr > dig.out.test$n 2>&1 || ret=1
550
  grep "; KEY-TAG: 1, 2$" dig.out.test$n > /dev/null || ret=1
551
  grep "status: FORMERR" dig.out.test$n > /dev/null && ret=1
Matthijs Mekking's avatar
Matthijs Mekking committed
552
  check_ttl_range dig.out.test$n "A" 300 || ret=1
553 554
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
555

556
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
557
  echo_i "check that dig processes +ednsopt=key-tag:<malformed-value-list> and FORMERR is returned ($n)"
558
  ret=0
559
  dig_with_opts @10.53.0.3 +ednsopt=key-tag:0001000201 a.example +qr > dig.out.test$n 2>&1 || ret=1
560
  grep "; KEY-TAG: 00 01 00 02 01" dig.out.test$n > /dev/null || ret=1
561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that dig processes +ednsopt=client-tag:value ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=client-tag:0001 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; CLIENT-TAG: 1$" dig.out.test$n > /dev/null || ret=1
  grep "status: FORMERR" dig.out.test$n > /dev/null && ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that FORMERR is returned for a too short client-tag ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=client-tag:01 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; CLIENT-TAG" dig.out.test$n > /dev/null || ret=1
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that FORMERR is returned for a too long client-tag ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=client-tag:000001 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; CLIENT-TAG" dig.out.test$n > /dev/null || ret=1
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that dig processes +ednsopt=server-tag:value ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=server-tag:0001 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; SERVER-TAG: 1$" dig.out.test$n > /dev/null || ret=1
  grep "status: FORMERR" dig.out.test$n > /dev/null && ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that FORMERR is returned for a too short server-tag ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=server-tag:01 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; SERVER-TAG" dig.out.test$n > /dev/null || ret=1
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that FORMERR is returned for a too long server-tag ($n)"
  dig_with_opts @10.53.0.3 +ednsopt=server-tag:000001 a.example +qr > dig.out.test$n 2>&1 || ret=1
  grep "; SERVER-TAG" dig.out.test$n > /dev/null || ret=1
609
  grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
610 611
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
612

613
  n=$((n+1))
614 615
  echo_i "check that dig handles malformed option '+ednsopt=:' gracefully ($n)"
  ret=0
616
  dig_with_opts @10.53.0.3 +ednsopt=: a.example > dig.out.test$n 2>&1 && ret=1
617
  grep "ednsopt no code point specified" dig.out.test$n > /dev/null || ret=1
618 619
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
620

621
  n=$((n+1))
Evan Hunt's avatar
Evan Hunt committed
622
  echo_i "check that dig gracefully handles bad escape in domain name ($n)"
623
  ret=0
624 625
  digstatus=0
  dig_with_opts @10.53.0.3 '\0.' > dig.out.test$n 2>&1 || digstatus=$?
626 627 628 629
  echo digstatus=$digstatus >> dig.out.test$n
  test $digstatus -eq 10 || ret=1
  grep REQUIRE dig.out.test$n > /dev/null && ret=1
  grep "is not a legal name (bad escape)" dig.out.test$n > /dev/null || ret=1
630 631
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
632

633
  n=$((n+1))
Mark Andrews's avatar
Mark Andrews committed
634 635
  echo_i "check that dig -q -m works ($n)"
  ret=0
636
  dig_with_opts @10.53.0.3 -q -m > dig.out.test$n 2>&1
637
  grep '^;-m\..*IN.*A$' dig.out.test$n > /dev/null || ret=1
Mark Andrews's avatar
Mark Andrews committed
638
  grep "Dump of all outstanding memory allocations" dig.out.test$n > /dev/null && ret=1
639 640
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (immediate -> immediate) ($n)"
  ret=0
  echo "no_response no_response" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (partial AXFR -> partial AXFR) ($n)"
  ret=0
  echo "partial_axfr partial_axfr" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (immediate -> partial AXFR) ($n)"
  ret=0
  echo "no_response partial_axfr" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (partial AXFR -> immediate) ($n)"
  ret=0
  echo "partial_axfr no_response" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (immediate -> complete AXFR) ($n)"
  ret=0
  echo "no_response complete_axfr" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 || ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "checking exit code for a retry upon TCP EOF (partial AXFR -> complete AXFR) ($n)"
  ret=0
  echo "partial_axfr complete_axfr" | sendcmd 10.53.0.5
  dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 || ret=1
  # Sanity check: ensure ans5 behaves as expected.
  [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724

  n=$((n+1))
  echo_i "check that dig +expandaaaa works ($n)"
  ret=0
  dig_with_opts @10.53.0.3 +expandaaaa AAAA ns2.example > dig.out.test$n 2>&1 || ret=1
  grep "ns2.example.*fd92:7065:0b8e:ffff:0000:0000:0000:0002" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that dig +noexpandaaaa works ($n)"
  ret=0
  dig_with_opts @10.53.0.3 +noexpandaaaa AAAA ns2.example > dig.out.test$n 2>&1 || ret=1
  grep "ns2.example.*fd92:7065:b8e:ffff::2" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))

  n=$((n+1))
  echo_i "check that dig default for +[no]expandaaa (+noexpandaaaa) works ($n)"
  ret=0
  dig_with_opts @10.53.0.3 AAAA ns2.example > dig.out.test$n 2>&1 || ret=1
  grep "ns2.example.*fd92:7065:b8e:ffff::2" dig.out.test$n > /dev/null || ret=1
  if [ $ret -ne 0 ]; then echo_i "failed"; fi
  status=$((status+ret))
725 726

  n=$((n+1))