added system tests

bin/tests/system/README

+
+This is a simple test environment for running bind9 system
+tests involving multiple name servers.
+
+There are multiple test suites, each in a separate subdirectory and
+involving a diffent DNS setup.  They are:
+
+  xfer/		Zone transfer, update, and NOTIFY tests
+  dnssec/	DNSSEC tests
+  xferquote/	Zone transfer quota tests
+
+Typically each test suite sets up 2-4 name servers and then performs
+one or more tests against them.  Within the test suite subdirectory,
+each name server has a separate subdirectory containing its
+configuration data.  By convention, these subdirectories are named
+"ns1", "ns2", etc.
+
+The tests are completely self-contained and do not require access to
+the real DNS.  One of the test servers (ns1) is set up as a root
+name server and is listed in the hints file of the others.
+
+To enable all servers to run on the same machine, they bind to
+separate virtual IP address on the loopback interface.  ns1 runs on
+10.53.0.1, ns2 on 10.53.0.2, etc.  Before running any tests, you must
+set up these addresses by running the script "ifconfig.sh".
+
+XXX the ifconfig.sh script is known to work only on NetBSD.
+
+Because the servers run on port 53, the tests must be run as root.
+
+To run the tests:
+
+  sh run.sh xfer
+  [check that xfer/ns3/example.bk has been created]
+  [run update_test.pl against ns2, check that changes propagate to ns3,
+  which they currently don't because notifies are not sent after dynamic
+  updates like they ought to be]
+  sh stop.sh xfer
+
+  sh run.sh dnssec
+  dig a.secure.example. a @10.53.0.4
+  [should return 10.0.0.1, AD=1]
+  dig c.secure.example. a @10.53.0.4
+  [should return NXDOMAIN, AD=1]
+  sh stop.sh dnssec
+
+  sh run.sh dnssec --badsig
+  dig a.secure.example. a @10.53.0.4
+  [should return SERVFAIL]
+  sh stop.sh dnssec
+
+  sh run.sh xferquota
+  [check that xferquota/ns2 now contains 100 .bk files]
+  sh stop.sh xferquota
+
+  sh clean.sh
+
+XXX The manual operations in [brackets] above should be automated.
+
+$Id: README,v 1.1 2000/05/15 22:47:15 gson Exp $

bin/tests/system/clean.sh

+#!/bin/sh
+#
+# Clean up after system tests.
+#
+
+. ./conf.sh
+
+find . -type f \( \
+    -name 'K*' -o -name '*~' -o -name '*.core' -o -name '*.log' \
+    -o -name '*.pid' -o -name '*.run' -o -name '*.keyset' \
+\) -print | xargs rm
+
+for d in $SUBDIRS
+do
+   test ! -f $d/clean.sh || ( cd $d && sh clean.sh )
+done

bin/tests/system/conf.sh

+# 
+# Common configuration data for system tests, to be sourced into
+# other shell scripts.
+#
+
+TOP="`cd ../../..; pwd`"
+
+NAMED=$TOP/bin/named/named
+KEYGEN=$TOP/bin/tests/keygen
+SIGNER=$TOP/bin/tests/signer
+KEYSETTOOL=$TOP/bin/tests/keysettool
+
+SUBDIRS="xfer dnssec xferquota"
+
+export NAMED KEYGEN SIGNER KEYSETTOOL

bin/tests/system/dnssec/ns1/named.conf

+options {
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};

bin/tests/system/dnssec/ns1/root.db

+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry 
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2

bin/tests/system/dnssec/ns2/example.db.in

+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns2
+ns2			A	10.53.0.2
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+
+; A secure subdomain
+secure			NS	ns.secure
+ns.secure		A	10.53.0.3
+
+; An insecure subdomain
+insecure		NS	ns.secure
+ns.insecure		A	10.53.0.3
+
+z			A	10.0.0.26

bin/tests/system/dnssec/ns2/named.conf

+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "example" {
+	type master;
+	file "example.db.signed";
+	allow-update { any; };
+};
+

bin/tests/system/dnssec/ns2/root.hint

+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1

bin/tests/system/dnssec/ns2/sign.sh

+#!/bin/sh
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+# Have the child generate a zone key and pass it to us,
+# sign it, and pass it back
+
+( cd ../ns3 && sh sign.sh )
+cp ../ns3/secure.example.keyset .
+/local/bind9/bin/tests/keysigner -v 9 secure.example.keyset example./$tag/001
+# This will leave two copies of the child's zone key in the signed db file;
+# that shouldn't cause any problems.
+cat secure.example.signedkey >>../ns3/secure.example.db.signed
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+
+# Configure the resolving server with a trusted key.
+
+cat $pubkeyfile | perl -n -e '
+my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+my $key = join("", @rest);
+print <<EOF
+trusted-keys {
+    "$dn" $flags $proto $alg "$key";
+};
+EOF
+' >../ns4/trusted.conf
+

bin/tests/system/dnssec/ns3/insecure.example.db

+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26

bin/tests/system/dnssec/ns3/named.conf

+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "secure.example" {
+	type master;
+	file "secure.example.db.signed";
+	allow-update { any; };
+};
+
+zone "insecure.example" {
+	type master;
+	file "insecure.example.db";
+	allow-update { any; };
+};
+

bin/tests/system/dnssec/ns3/root.hint

+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1

bin/tests/system/dnssec/ns3/secure.example.db.in

+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26

bin/tests/system/dnssec/ns3/sign.sh

+#!/bin/sh
+
+zone=secure.example.
+infile=secure.example.db.in
+zonefile=secure.example.db
+
+rm -f K$zone*.key
+rm -f K$zone*.private
+rm -f $zone*.keyset
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+

bin/tests/system/dnssec/setup.sh

+#!/bin/sh
+
+cd ns2 && sh sign.sh
+
+if [ $# -gt 0 ]
+then
+   case $1 in
+	--badsig)
+	   echo "injecting bogus data to force signature checking to fail..." >&2
+	   echo "a.secure.example.	A	10.0.0.22" >>../ns3/secure.example.db.signed
+	;;
+	
+	*)
+	    echo "unknown option $1" >&2; exit 1
+	;;
+    esac
+fi

bin/tests/system/ifconfig.sh

+#!/bin/sh
+#
+# Set up interface aliases for bind9 system tests.
+#
+
+for ns in 1 2 3 4
+do 
+   ifconfig lo0 10.53.0.$ns alias
+done

bin/tests/system/run.sh

+#!/bin/sh
+#
+# Run a system test.
+#
+. ./conf.sh
+
+test $# -gt 0 || { echo "usage: runtest.sh test-directory" >&2; exit 1; }
+
+test=$1
+shift
+
+test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
+
+# Set up any dynamically generated test data
+if test -f $test/setup.sh
+then
+   ( cd $test && sh setup.sh "$@" )
+fi
+
+# Start name servers running
+sh start.sh $test
+

bin/tests/system/start.sh

+#!/bin/sh
+#
+# Start name servers for running system tests.
+#
+
+cd $1
+
+for d in ns*
+do
+    (
+        cd $d &&
+	rm -f *.jnl *.bk named.run &&
+	if test -f named.pid
+	then
+	    if kill -0 `cat named.pid` 2>/dev/null
+	    then
+		echo "$0: named pid `cat named.pid` still running" >&2
+	        exit 1
+	    else
+		rm -f named.pid
+	    fi
+	fi
+	$NAMED -c named.conf -d 99 -g >named.run 2>&1 & &&
+	while test ! -f named.pid
+	do
+	    sleep 1
+        done
+    )
+done
+

bin/tests/system/stop.sh

+#!/bin/sh
+#
+# Stop name servers.
+#
+
+cd $1
+
+for d in ns*
+do
+     pidfile="$d/named.pid"
+     test ! -f $pidfile || kill -INT `cat $pidfile`
+done

bin/tests/system/xfer/clean.sh

+#!/bin/sh
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ns3/example.bk

bin/tests/system/xfer/ns1/named.conf

+options {
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};

bin/tests/system/xfer/ns1/root.db

+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry 
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2

bin/tests/system/xfer/ns2/example.db

+$ORIGIN .
+$TTL 300	; 5 minutes
+example			IN SOA	mname1. . (
+				2000042795 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2
+example.		NS	ns3.example.
+ns3.example.		A	10.53.0.3
+
+$ORIGIN example.
+*			MX	10 mail
+a			TXT	"foo foo foo"
+			PTR	foo.net.
+$TTL 3600	; 1 hour
+a01			A	0.0.0.0
+a02			A	255.255.255.255
+a601			A6	0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+			A6	64 ::ffff:ffff:ffff:ffff foo.
+			A6	127 ::1 foo.
+			A6	128  .
+afsdb01			AFSDB	0 hostname
+afsdb02			AFSDB	65535 .
+$TTL 300	; 5 minutes
+b			CNAME	foo.net.
+c			A	73.80.65.49
+$TTL 3600	; 1 hour
+cert01			CERT	65534 65535 PRIVATEOID (
+				MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+				WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+				d80jEeC8aTrO+KKmCaY= )
+cname01			CNAME	cname-target.
+cname02			CNAME	cname-target
+cname03			CNAME	.
+$TTL 300	; 5 minutes
+d			A	73.80.65.49
+$TTL 3600	; 1 hour
+dname01			DNAME	dname-target.
+dname02			DNAME	dname-target
+dname03			DNAME	.
+$TTL 300	; 5 minutes
+e			MX	10 mail
+			TXT	"one"
+			TXT	"three"
+			TXT	"two"
+			A	73.80.65.49
+			A	73.80.65.50
+			A	73.80.65.52
+			A	73.80.65.51
+f			A	73.80.65.52
+$TTL 3600	; 1 hour
+gpos01			GPOS	"-22.6882" "116.8652" "250.0"
+gpos02			GPOS	"" "" ""
+hinfo01			HINFO	"Generic PC clone" "NetBSD-1.4"
+hinfo02			HINFO	"PC" "NetBSD"
+isdn01			ISDN	"isdn-address"
+isdn02			ISDN	"isdn-address" "subaddress"
+isdn03			ISDN	"isdn-address"
+isdn04			ISDN	"isdn-address" "subaddress"
+key01			KEY	512 255 1 (
+				AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+				yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+				GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+				jqf0BaqHT+8= )
+kx01			KX	10 kdc
+kx02			KX	10 .
+loc01			LOC	60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02			LOC	60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01			MG	madname
+mb02			MG	.
+md01			MD	madname
+			MD	.
+mf01			MF	madname
+			MF	.
+mg01			MG	mgmname
+mg02			MG	.
+minfo01			MINFO	rmailbx emailbx
+minfo02			MINFO	. .
+mr01			MR	mrname
+mr02			MR	.
+mx01			MX	10 mail
+mx02			MX	10 .
+naptr01			NAPTR	0 0 "" "" "" .
+naptr02			NAPTR	65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01		NSAP-PTR foo.
+			NSAP-PTR .
+nsap01			NSAP	0x47000580005a0000000001e133ffffff00016100
+nsap02			NSAP	0x47000580005a0000000001e133ffffff00016100
+nxt01			NXT	a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02			NXT	. ( NSAP-PTR NXT )
+nxt03			NXT	. ( A )
+nxt04			NXT	. ( 127 )
+ptr01			PTR	example.
+px01			PX	65535 foo. bar.
+px02			PX	65535 . .
+rp01			RP	mbox-dname txt-dname
+rp02			RP	. .
+rt01			RT	0 intermediate-host
+rt02			RT	65535 .
+$TTL 300	; 5 minutes
+s			NS	ns.s
+$ORIGIN s.example.
+ns			A	73.80.65.49
+$ORIGIN example.
+$TTL 3600	; 1 hour
+sig01			SIG	NXT 1 3 3600 20000102030405 (
+				19961211100908 2143 foo
+				MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+				WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+				d80jEeC8aTrO+KKmCaY= )
+srv01			SRV	0 0 0 .
+srv02			SRV	65535 65535 65535 old-slow-box.example.com.
+$TTL 301	; 5 minutes 1 second
+t			A	73.80.65.49
+$TTL 3600	; 1 hour
+txt01			TXT	"foo"
+txt02			TXT	"foo" "bar"
+txt03			TXT	"foo"
+txt04			TXT	"foo" "bar"
+txt05			TXT	"foo bar"
+txt06			TXT	"foo bar"
+txt07			TXT	"foo bar"
+txt08			TXT	"foo\010bar"
+txt09			TXT	"foo\010bar"
+txt10			TXT	"foo bar"
+txt11			TXT	"\"foo\""
+txt12			TXT	"\"foo\""
+$TTL 300	; 5 minutes
+u			TXT	"txt-not-in-nxt"
+$ORIGIN u.example.
+a			A	73.80.65.49
+b			A	73.80.65.49
+$ORIGIN example.
+$TTL 3600	; 1 hour
+wks01			WKS	10.0.0.1 6 ( 0 1 2 21 23 )
+wks02			WKS	10.0.0.1 17 ( 0 1 2 53 )
+wks03			WKS	10.0.0.2 6 ( 65535 )
+x2501			X25	"123456789"

bin/tests/system/xfer/ns2/named.conf

+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "example" {
+	type master;
+	file "example.db";
+	allow-update { any; };
+};

bin/tests/system/xfer/ns2/root.hint

+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1

bin/tests/system/xfer/ns3/named.conf

+options {
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	recursion yes;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "example" {
+	type slave;
+	masters { 10.53.0.2; };
+	file "example.bk";
+};
+
+