tests.sh 35.2 KB
Newer Older
1 2
#!/bin/sh
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
#
5 6 7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 9 10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
Mark Andrews's avatar
Mark Andrews committed
11

12
. $SYSTEMTESTTOP/conf.sh
Evan Hunt's avatar
Evan Hunt committed
13 14 15 16 17
echo .

DIGOPTS="-p ${PORT}"
RESOLVOPTS="-p ${PORT}"
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
18 19

status=0
20
n=0
21

Mark Andrews's avatar
Mark Andrews committed
22
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
23
echo_i "checking non-cachable NXDOMAIN response handling ($n)"
24
ret=0
Evan Hunt's avatar
Evan Hunt committed
25
$DIG $DIGOPTS +tcp nxdomain.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
26
grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
27
if [ $ret != 0 ]; then echo_i "failed"; fi
28 29
status=`expr $status + $ret`

30
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
31
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
32
   echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)"
33
   ret=0
Evan Hunt's avatar
Evan Hunt committed
34
   $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
35
   grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
36
   if [ $ret != 0 ]; then echo_i "failed"; fi
37 38 39
   status=`expr $status + $ret`
fi

40
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
41
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
42
   echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)"
43
   ret=0
Evan Hunt's avatar
Evan Hunt committed
44
   ${RESOLVE} -b 10.53.0.8 $RESOLVOPTS -t a -s 10.53.0.1 www.example.org 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
45
   grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
46
   if [ $ret != 0 ]; then echo_i "failed"; fi
47 48
   status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
49
   n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
50
   echo_i "checking that local bound address can be set (Can query from an allowed address) ($n)"
51
   ret=0
Evan Hunt's avatar
Evan Hunt committed
52
   ${RESOLVE} -b 10.53.0.1 $RESOLVOPTS -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
53
   grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
54
   if [ $ret != 0 ]; then echo_i "failed"; fi
55 56 57
   status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
58
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
59
echo_i "checking non-cachable NODATA response handling ($n)"
60
ret=0
Evan Hunt's avatar
Evan Hunt committed
61
$DIG $DIGOPTS +tcp nodata.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
62
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
63
if [ $ret != 0 ]; then echo_i "failed"; fi
64
status=`expr $status + $ret`
65

66
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
67
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
68
    echo_i "checking non-cachable NODATA response handling using dns_client ($n)"
69
    ret=0
Evan Hunt's avatar
Evan Hunt committed
70
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
71
    grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
72
    if [ $ret != 0 ]; then echo_i "failed"; fi
73 74 75
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
76
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
77
echo_i "checking handling of bogus referrals ($n)"
78
# If the server has the "INSIST(!external)" bug, this query will kill it.
Evan Hunt's avatar
Evan Hunt committed
79
$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
80

81
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
82
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
83
    echo_i "checking handling of bogus referrals using dns_client ($n)"
84
    ret=0
Evan Hunt's avatar
Evan Hunt committed
85
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
86
    grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
87
    if [ $ret != 0 ]; then echo_i "failed"; fi
88 89 90
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
91
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
92 93
echo_i "check handling of cname + other data / 1 ($n)"
$DIG $DIGOPTS +tcp cname1.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
94

Mark Andrews's avatar
Mark Andrews committed
95
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
96 97
echo_i "check handling of cname + other data / 2 ($n)"
$DIG $DIGOPTS +tcp cname2.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
98

Mark Andrews's avatar
Mark Andrews committed
99
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
100 101
echo_i "check that server is still running ($n)"
$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
102

Mark Andrews's avatar
Mark Andrews committed
103
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
104
echo_i "checking answer IPv4 address filtering (deny) ($n)"
105
ret=0
Evan Hunt's avatar
Evan Hunt committed
106
$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
107
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
108
if [ $ret != 0 ]; then echo_i "failed"; fi
109 110
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
111
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
112
echo_i "checking answer IPv6 address filtering (deny) ($n)"
113
ret=0
Evan Hunt's avatar
Evan Hunt committed
114
$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
115
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
116
if [ $ret != 0 ]; then echo_i "failed"; fi
117 118
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
119
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
120
echo_i "checking answer IPv4 address filtering (accept) ($n)"
121
ret=0
Evan Hunt's avatar
Evan Hunt committed
122
$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
123
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
124
if [ $ret != 0 ]; then echo_i "failed"; fi
125 126
status=`expr $status + $ret`

127

128
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
129
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
130
    echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)"
131
    ret=0
Evan Hunt's avatar
Evan Hunt committed
132
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
133
    grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
134
    if [ $ret != 0 ]; then echo_i "failed"; fi
135 136 137
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
138
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
139
echo_i "checking answer IPv6 address filtering (accept) ($n)"
140
ret=0
Evan Hunt's avatar
Evan Hunt committed
141
$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
142
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
143
if [ $ret != 0 ]; then echo_i "failed"; fi
144 145
status=`expr $status + $ret`

146
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
147
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
148
    echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)"
149
    ret=0
Evan Hunt's avatar
Evan Hunt committed
150
    $RESOLVE $RESOLVOPTS -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
151
    grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
152
    if [ $ret != 0 ]; then echo_i "failed"; fi
153 154 155
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
156
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
157
echo_i "checking CNAME target filtering (deny) ($n)"
158
ret=0
Evan Hunt's avatar
Evan Hunt committed
159
$DIG $DIGOPTS +tcp badcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
160
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
161
if [ $ret != 0 ]; then echo_i "failed"; fi
162 163
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
164
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
165
echo_i "checking CNAME target filtering (accept) ($n)"
166
ret=0
Evan Hunt's avatar
Evan Hunt committed
167
$DIG $DIGOPTS +tcp goodcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
168
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
169
if [ $ret != 0 ]; then echo_i "failed"; fi
170 171
status=`expr $status + $ret`

172
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
173
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
174
    echo_i "checking CNAME target filtering using dns_client (accept) ($n)"
175
    ret=0
Evan Hunt's avatar
Evan Hunt committed
176
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
177 178
    grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
179
    if [ $ret != 0 ]; then echo_i "failed"; fi
180 181 182
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
183
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
184
echo_i "checking CNAME target filtering (accept due to subdomain) ($n)"
185
ret=0
Evan Hunt's avatar
Evan Hunt committed
186
$DIG $DIGOPTS +tcp cname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
187
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
188
if [ $ret != 0 ]; then echo_i "failed"; fi
189 190
status=`expr $status + $ret`

191
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
192
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
193
    echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
194
    ret=0
Evan Hunt's avatar
Evan Hunt committed
195
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
196 197
    grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
198
    if [ $ret != 0 ]; then echo_i "failed"; fi
199 200 201
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
202
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
203
echo_i "checking DNAME target filtering (deny) ($n)"
204
ret=0
Evan Hunt's avatar
Evan Hunt committed
205
$DIG $DIGOPTS +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
206
grep "DNAME target foo.baddname.example.org denied for foo.baddname.example.net/IN" ns1/named.run >/dev/null || ret=1
Mark Andrews's avatar
Mark Andrews committed
207
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
208
if [ $ret != 0 ]; then echo_i "failed"; fi
209 210
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
211
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
212
echo_i "checking DNAME target filtering (accept) ($n)"
213
ret=0
Evan Hunt's avatar
Evan Hunt committed
214
$DIG $DIGOPTS +tcp foo.gooddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
215
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
216
if [ $ret != 0 ]; then echo_i "failed"; fi
217 218
status=`expr $status + $ret`

219
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
220
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
221
    echo_i "checking DNAME target filtering using dns_client (accept) ($n)"
222
    ret=0
Evan Hunt's avatar
Evan Hunt committed
223
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
224 225
    grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
226
    if [ $ret != 0 ]; then echo_i "failed"; fi
227 228 229
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
230
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
231
echo_i "checking DNAME target filtering (accept due to subdomain) ($n)"
232
ret=0
Evan Hunt's avatar
Evan Hunt committed
233
$DIG $DIGOPTS +tcp www.dname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
234
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
235
if [ $ret != 0 ]; then echo_i "failed"; fi
236 237
status=`expr $status + $ret`

238
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
239
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
240
    echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
241
    ret=0
Evan Hunt's avatar
Evan Hunt committed
242
    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
243 244
    grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
245
    if [ $ret != 0 ]; then echo_i "failed"; fi
246 247 248
    status=`expr $status + $ret`
fi

249 250 251 252 253 254 255 256
n=`expr $n + 1`
echo_i "check that the resolver accepts a referral response with a non-empty ANSWER section ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
grep "status: NOERROR" dig.ns1.out.${n} > /dev/null || ret=1
grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290

n=`expr $n + 1`
echo_i "check that the resolver limits the number of NS records it follows in a referral response ($n)"
# ns5 is the recusor being tested.  ns4 holds the sourcens zone containing names with varying numbers of NS
# records pointing to non-existent nameservers in the targetns zone on ns6.
ret=0
$RNDCCMD 10.53.0.5 flush || ret=1   # Ensure cache is empty before doing this test
for nscount in 1 2 3 4 5 6 7 8 9 10
do
        # Verify number of NS records at source server
        $DIG $DIGOPTS +norecurse @10.53.0.4 target${nscount}.sourcens ns > dig.ns4.out.${nscount}.${n}
        sourcerecs=`grep NS dig.ns4.out.${nscount}.${n} | grep -v ';' | wc -l`
        test $sourcerecs -eq $nscount || ret=1
        test $sourcerecs -eq $nscount || echo_i "NS count incorrect for target${nscount}.sourcens"
        # Expected queries = 2 * number of NS records, up to a maximum of 10.
        expected=`expr 2 \* $nscount`
        if [ $expected -gt 10 ]; then expected=10; fi
        # Work out the queries made by checking statistics on the target before and after the test
        $RNDCCMD 10.53.0.6 stats || ret=1
        initial_count=`awk '/responses sent/ {print $1}' ns6/named.stats`
        mv ns6/named.stats ns6/named.stats.initial.${nscount}.${n}
        $DIG $DIGOPTS @10.53.0.5 target${nscount}.sourcens A > dig.ns5.out.${nscount}.${n} || ret=1
        $RNDCCMD 10.53.0.6 stats || ret=1
        final_count=`awk '/responses sent/ {print $1}' ns6/named.stats`
        mv ns6/named.stats ns6/named.stats.final.${nscount}.${n}
        # Check number of queries during the test is as expected
        actual=`expr $final_count - $initial_count`
        if [ $actual -ne $expected ]; then
                echo_i "query count error: $nscount NS records: expected queries $expected, actual $actual"
                ret=1
        fi
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
291

292
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
293
echo_i "RT21594 regression test check setup ($n)"
294 295
ret=0
# Check that "aa" is not being set by the authoritative server.
Evan Hunt's avatar
Evan Hunt committed
296
$DIG $DIGOPTS +tcp . @10.53.0.4 soa > dig.ns4.out.${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
297
grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
298
if [ $ret != 0 ]; then echo_i "failed"; fi
299 300 301
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
302
echo_i "RT21594 regression test positive answers ($n)"
303 304
ret=0
# Check that resolver accepts the non-authoritative positive answers.
Evan Hunt's avatar
Evan Hunt committed
305
$DIG $DIGOPTS +tcp . @10.53.0.5 soa > dig.ns5.out.${n} || ret=1
306
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
307
if [ $ret != 0 ]; then echo_i "failed"; fi
308 309 310
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
311
echo_i "RT21594 regression test NODATA answers ($n)"
312 313
ret=0
# Check that resolver accepts the non-authoritative nodata answers.
Evan Hunt's avatar
Evan Hunt committed
314
$DIG $DIGOPTS +tcp . @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
315
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
316
if [ $ret != 0 ]; then echo_i "failed"; fi
317 318 319
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
320
echo_i "RT21594 regression test NXDOMAIN answers ($n)"
321 322
ret=0
# Check that resolver accepts the non-authoritative positive answers.
323
$DIG $DIGOPTS +tcp noexistent @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
324
grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
325
if [ $ret != 0 ]; then echo_i "failed"; fi
326
status=`expr $status + $ret`
327

328
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
329
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
330
ret=0
Evan Hunt's avatar
Evan Hunt committed
331
$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=1
332
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
333
if [ $ret = 1 ]; then echo_i "mx priming failed"; fi
334
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
335
server 10.53.0.6 ${PORT}
336 337 338 339 340
zone example.net
update delete mail.example.net A
update add mail.example.net 0 AAAA ::1
send
EOF
Evan Hunt's avatar
Evan Hunt committed
341
$DIG $DIGOPTS +tcp a mail.example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
342 343
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
Evan Hunt's avatar
Evan Hunt committed
344 345
if [ $ret = 2 ]; then echo_i "ncache priming failed"; fi
$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=3
346
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
Evan Hunt's avatar
Evan Hunt committed
347
$DIG $DIGOPTS +tcp rrsig mail.example.net +norec @10.53.0.7 > dig.ns7.out.${n}  || ret=4
348 349
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
Evan Hunt's avatar
Evan Hunt committed
350
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
351 352
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
353
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
354 355 356
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
357
echo_i "checking that update a nameservers address has immediate effects ($n)"
358
ret=0
Evan Hunt's avatar
Evan Hunt committed
359 360
$DIG $DIGOPTS +tcp TXT foo.moves @10.53.0.7 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
361
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
362
server 10.53.0.7 ${PORT}
363 364 365 366 367 368
zone server
update delete ns.server A
update add ns.server 300 A 10.53.0.4
send
EOF
sleep 1
Evan Hunt's avatar
Evan Hunt committed
369
$DIG $DIGOPTS +tcp TXT bar.moves @10.53.0.7 > dig.ns7.bar.${n} || ret=1
370 371
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

Evan Hunt's avatar
Evan Hunt committed
372
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
373 374

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
375
echo_i "checking that update a nameservers glue has immediate effects ($n)"
376
ret=0
Evan Hunt's avatar
Evan Hunt committed
377 378
$DIG $DIGOPTS +tcp TXT foo.child.server @10.53.0.7 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
379
$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
380
server 10.53.0.7 ${PORT}
381 382 383 384 385 386
zone server
update delete ns.child.server A
update add ns.child.server 300 A 10.53.0.4
send
EOF
sleep 1
Evan Hunt's avatar
Evan Hunt committed
387
$DIG $DIGOPTS +tcp TXT bar.child.server @10.53.0.7 > dig.ns7.bar.${n} || ret=1
388 389
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

Evan Hunt's avatar
Evan Hunt committed
390
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
391

392
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
393
echo_i "checking empty RFC 1918 reverse zones ($n)"
394 395 396
ret=0
# Check that "aa" is being set by the resolver for RFC 1918 zones
# except the one that has been deliberately disabled
Evan Hunt's avatar
Evan Hunt committed
397
$DIG $DIGOPTS @10.53.0.7 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
398
grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
399
$DIG $DIGOPTS @10.53.0.7 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
400
grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
401
$DIG $DIGOPTS @10.53.0.7 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
402
grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
403
$DIG $DIGOPTS @10.53.0.7 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
404
grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
405
$DIG $DIGOPTS @10.53.0.7 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
406
grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
407
$DIG $DIGOPTS @10.53.0.7 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
408
grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
409
$DIG $DIGOPTS @10.53.0.7 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
410
grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
411
$DIG $DIGOPTS @10.53.0.7 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
412
grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
413
$DIG $DIGOPTS @10.53.0.7 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
414
grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
415
$DIG $DIGOPTS @10.53.0.7 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
416
grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
417
$DIG $DIGOPTS @10.53.0.7 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
418
grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
419
$DIG $DIGOPTS @10.53.0.7 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
420
grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
421
$DIG $DIGOPTS @10.53.0.7 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
422
grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
423
$DIG $DIGOPTS @10.53.0.7 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
424
grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
425
$DIG $DIGOPTS @10.53.0.7 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
426
grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
427
$DIG $DIGOPTS @10.53.0.7 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
428
grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
429
$DIG $DIGOPTS @10.53.0.7 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
430 431
grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
# but this one should NOT be authoritative
Evan Hunt's avatar
Evan Hunt committed
432
$DIG $DIGOPTS @10.53.0.7 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
433
grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
434
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
435

436
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
437
echo_i "checking that removal of a delegation is honoured ($n)"
438
ret=0
Evan Hunt's avatar
Evan Hunt committed
439 440
$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo_i "priming failed"; }
441
cp ns4/tld2.db ns4/tld.db
442
rndc_reload ns4 10.53.0.4 tld
443 444 445 446
old=
for i in 0 1 2 3 4 5 6 7 8 9
do
	foo=0
Evan Hunt's avatar
Evan Hunt committed
447 448
	$DIG $DIGOPTS @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
	$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
449 450 451
	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
	[ $foo = 0 ] && break
	$NSUPDATE << EOF
Evan Hunt's avatar
Evan Hunt committed
452
server 10.53.0.6 ${PORT}
453 454 455 456 457 458 459 460
zone to-be-removed.tld
update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
send
EOF
	old=$i
	sleep 1
done
Evan Hunt's avatar
Evan Hunt committed
461 462
[ $ret = 0 ] && ret=$foo;
if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
463

464
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
465
echo_i "check for improved error message with SOA mismatch ($n)"
466
ret=0
Evan Hunt's avatar
Evan Hunt committed
467
$DIG $DIGOPTS @10.53.0.1 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
468
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
469
if [ $ret != 0 ]; then echo_i "failed"; fi
470 471
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
472 473
copy_setports ns7/named2.conf.in ns7/named.conf
$RNDCCMD 10.53.0.7 reconfig 2>&1 | sed 's/^/ns7 /' | cat_i
474

475
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
476
echo_i "check resolution on the listening port ($n)"
477
ret=0
Evan Hunt's avatar
Evan Hunt committed
478
$DIG $DIGOPTS +tcp +tries=2 +time=5 mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
479 480
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
481
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
482
status=`expr $status + $ret`
483 484

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
485
echo_i "check prefetch (${n})"
486
ret=0
487 488
# read prefetch value from config.
PREFETCH=`sed -n "s/[[:space:]]*prefetch \([0-9]\).*/\1/p" ns5/named.conf`
Evan Hunt's avatar
Evan Hunt committed
489
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.1.${n} || ret=1
490 491
ttl1=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.1.${n}`
interval=$((ttl1 - PREFETCH + 1))
492
# sleep so we are in prefetch range
493
sleep ${interval:-0}
494
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
495
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.2.${n} || ret=1
496 497
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
498
# check that prefetch occurred
Evan Hunt's avatar
Evan Hunt committed
499
$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.3.${n} || ret=1
500 501
ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}`
test ${ttl:-0} -gt ${ttl2:-1} || ret=1
Evan Hunt's avatar
Evan Hunt committed
502
if [ $ret != 0 ]; then echo_i "failed"; fi
503 504
status=`expr $status + $ret`

505
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
506
echo_i "check prefetch of validated DS's RRSIG TTL is updated (${n})"
507
ret=0
Evan Hunt's avatar
Evan Hunt committed
508
$DIG $DIGOPTS +dnssec @10.53.0.5 ds.example.net ds > dig.out.1.${n} || ret=1
509 510
dsttl1=`awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.1.${n}`
interval=$((dsttl1 - PREFETCH + 1))
511
# sleep so we are in prefetch range
512
sleep ${interval:-0}
513
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
514
$DIG $DIGOPTS @10.53.0.5 ds.example.net ds > dig.out.2.${n} || ret=1
515
dsttl2=`awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.2.${n}`
516
sleep 1
517
# check that prefetch occurred
Evan Hunt's avatar
Evan Hunt committed
518
$DIG $DIGOPTS @10.53.0.5 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
519
dsttl=`awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.3.${n}`
520
sigttl=`awk '$4 == "RRSIG" && $5 == "DS" { print $2 }' dig.out.3.${n}`
521 522
test ${dsttl:-0} -gt ${dsttl2:-1} || ret=1
test ${sigttl:-0} -gt ${dsttl2:-1} || ret=1
523
test ${dsttl:-0} -eq ${sigttl:-1} || ret=1
Evan Hunt's avatar
Evan Hunt committed
524
if [ $ret != 0 ]; then echo_i "failed"; fi
525 526
status=`expr $status + $ret`

527
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
528
echo_i "check prefetch disabled (${n})"
529
ret=0
Evan Hunt's avatar
Evan Hunt committed
530
$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.1.${n} || ret=1
531
ttl1=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.1.${n}`
532
interval=$((ttl1 - PREFETCH + 1))
533
# sleep so we are in expire range
534
sleep ${interval:-0}
535
tmp_ttl=$ttl1
536 537 538 539 540
no_prefetch() {
	# fetch record and ensure its ttl is in range 0 < ttl < tmp_ttl.
	# since prefetch is disabled, updated ttl must be a lower value than
	# the previous one.
	$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.2.${n} || return 1
541
	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
542
        # check that prefetch has not occurred
543
        if [ $ttl2 -ge $tmp_ttl ]; then
544
                return 1
545 546
        fi
        tmp_ttl=$ttl2
547 548
}
retry_quiet 3 no_prefetch || ret=1
Evan Hunt's avatar
Evan Hunt committed
549
if [ $ret != 0 ]; then echo_i "failed"; fi
550
status=`expr $status + $ret`
551

552
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
553
echo_i "check prefetch qtype * (${n})"
554
ret=0
Evan Hunt's avatar
Evan Hunt committed
555
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.1.${n} || ret=1
Evan Hunt's avatar
Evan Hunt committed
556
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 3 }' dig.out.1.${n}`
557 558 559
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
Evan Hunt's avatar
Evan Hunt committed
560
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.2.${n} || ret=1
561 562 563
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
# check that the nameserver is still alive
Evan Hunt's avatar
Evan Hunt committed
564 565
$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.3.${n} || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
566 567
status=`expr $status + $ret`

568
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
569
echo_i "check that E was logged on EDNS queries in the query log (${n})"
570
ret=0
Evan Hunt's avatar
Evan Hunt committed
571
$DIG $DIGOPTS @10.53.0.5 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
572
grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
573
$DIG $DIGOPTS @10.53.0.5 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
574 575
grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
576
if [ $ret != 0 ]; then echo_i "failed"; fi
577 578
status=`expr $status + $ret`

579
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
580
echo_i "check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
581 582
ret=0
echo "-t aaaa" > .digrc
Evan Hunt's avatar
Evan Hunt committed
583 584 585
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . > dig.out.1.${n} || ret=1
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . A > dig.out.2.${n} || ret=1
env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 -x 127.0.0.1 > dig.out.3.${n} || ret=1
586 587 588 589
grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
590
if [ $ret != 0 ]; then echo_i "failed"; fi
591 592
status=`expr $status + $ret`

593
edns=`$FEATURETEST --edns-version`
594 595

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
596
echo_i "check that EDNS version is logged (${n})"
597
ret=0
Evan Hunt's avatar
Evan Hunt committed
598
$DIG $DIGOPTS @10.53.0.5 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
599 600
grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run > /dev/null || ret=1
if test ${edns:-0} != 0; then
Evan Hunt's avatar
Evan Hunt committed
601
    $DIG $DIGOPTS @10.53.0.5 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
602 603
    grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run > /dev/null || ret=1
fi
Evan Hunt's avatar
Evan Hunt committed
604
if [ $ret != 0 ]; then echo_i "failed"; fi
605 606 607 608
status=`expr $status + $ret`

if test ${edns:-0} != 0; then
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
609
    echo_i "check that edns-version is honoured (${n})"
610
    ret=0
Evan Hunt's avatar
Evan Hunt committed
611
    $DIG $DIGOPTS @10.53.0.5 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
612
    grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
613
    $DIG $DIGOPTS @10.53.0.5 +edns edns-version.tld > dig.out.2.${n} || ret=1
614
    grep "query: edns-version.tld IN A -E(0)" ns7/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
615
    if [ $ret != 0 ]; then echo_i "failed"; fi
616 617 618
    status=`expr $status + $ret`
fi

619
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
620
echo_i "check that CNAME nameserver is logged correctly (${n})"
621
ret=0
Evan Hunt's avatar
Evan Hunt committed
622
$DIG $DIGOPTS soa all-cnames @10.53.0.5 > dig.out.ns5.test${n} || ret=1
623 624
grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
625
if [ $ret != 0 ]; then echo_i "failed"; fi
626 627
status=`expr $status + $ret`

628
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
629
echo_i "check that unexpected opcodes are handled correctly (${n})"
630
ret=0
Evan Hunt's avatar
Evan Hunt committed
631
$DIG $DIGOPTS soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
632
grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1
633 634 635 636 637 638
grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1
grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
639
if [ $ret != 0 ]; then echo_i "failed"; fi
640 641
status=`expr $status + $ret`

642
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
643
echo_i "check that EDNS client subnet with non-zeroed bits is handled correctly (${n})"
644 645
ret=0
# 0001 (IPv4) 1f (31 significant bits) 00 (0) ffffffff (255.255.255.255)
Evan Hunt's avatar
Evan Hunt committed
646
$DIG $DIGOPTS soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
647 648
grep "status: FORMERR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "; EDNS: version:" dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
649
if [ $ret != 0 ]; then echo_i "failed"; fi
650 651 652
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
653
echo_i "check that dig +subnet zeros address bits correctly (${n})"
654
ret=0
Evan Hunt's avatar
Evan Hunt committed
655
$DIG $DIGOPTS soa . @10.53.0.5 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
656 657
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
658
if [ $ret != 0 ]; then echo_i "failed"; fi
659 660
status=`expr $status + $ret`

661
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
662
echo_i "check that SOA query returns data for delegation-only apex (${n})"
663
ret=0
Evan Hunt's avatar
Evan Hunt committed
664
$DIG $DIGOPTS soa delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
665 666
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
667
if [ $ret != 0 ]; then echo_i "failed"; fi
668 669 670 671