Commit 0e9dcd54 authored by Andreas Gustafsson's avatar Andreas Gustafsson

added system tests

parent 43383a70
This is a simple test environment for running bind9 system
tests involving multiple name servers.
There are multiple test suites, each in a separate subdirectory and
involving a diffent DNS setup. They are:
xfer/ Zone transfer, update, and NOTIFY tests
dnssec/ DNSSEC tests
xferquote/ Zone transfer quota tests
Typically each test suite sets up 2-4 name servers and then performs
one or more tests against them. Within the test suite subdirectory,
each name server has a separate subdirectory containing its
configuration data. By convention, these subdirectories are named
"ns1", "ns2", etc.
The tests are completely self-contained and do not require access to
the real DNS. One of the test servers (ns1) is set up as a root
name server and is listed in the hints file of the others.
To enable all servers to run on the same machine, they bind to
separate virtual IP address on the loopback interface. ns1 runs on
10.53.0.1, ns2 on 10.53.0.2, etc. Before running any tests, you must
set up these addresses by running the script "ifconfig.sh".
XXX the ifconfig.sh script is known to work only on NetBSD.
Because the servers run on port 53, the tests must be run as root.
To run the tests:
sh run.sh xfer
[check that xfer/ns3/example.bk has been created]
[run update_test.pl against ns2, check that changes propagate to ns3,
which they currently don't because notifies are not sent after dynamic
updates like they ought to be]
sh stop.sh xfer
sh run.sh dnssec
dig a.secure.example. a @10.53.0.4
[should return 10.0.0.1, AD=1]
dig c.secure.example. a @10.53.0.4
[should return NXDOMAIN, AD=1]
sh stop.sh dnssec
sh run.sh dnssec --badsig
dig a.secure.example. a @10.53.0.4
[should return SERVFAIL]
sh stop.sh dnssec
sh run.sh xferquota
[check that xferquota/ns2 now contains 100 .bk files]
sh stop.sh xferquota
sh clean.sh
XXX The manual operations in [brackets] above should be automated.
$Id: README,v 1.1 2000/05/15 22:47:15 gson Exp $
#!/bin/sh
#
# Clean up after system tests.
#
. ./conf.sh
find . -type f \( \
-name 'K*' -o -name '*~' -o -name '*.core' -o -name '*.log' \
-o -name '*.pid' -o -name '*.run' -o -name '*.keyset' \
\) -print | xargs rm
for d in $SUBDIRS
do
test ! -f $d/clean.sh || ( cd $d && sh clean.sh )
done
#
# Common configuration data for system tests, to be sourced into
# other shell scripts.
#
TOP="`cd ../../..; pwd`"
NAMED=$TOP/bin/named/named
KEYGEN=$TOP/bin/tests/keygen
SIGNER=$TOP/bin/tests/signer
KEYSETTOOL=$TOP/bin/tests/keysettool
SUBDIRS="xfer dnssec xferquota"
export NAMED KEYGEN SIGNER KEYSETTOOL
options {
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.1; };
recursion no;
notify yes;
};
zone "." {
type master;
file "root.db";
};
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
; A secure subdomain
secure NS ns.secure
ns.secure A 10.53.0.3
; An insecure subdomain
insecure NS ns.secure
ns.insecure A 10.53.0.3
z A 10.0.0.26
options {
pid-file "named.pid";
listen-on { 10.53.0.2; };
recursion no;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "example" {
type master;
file "example.db.signed";
allow-update { any; };
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
#!/bin/sh
zone=example.
infile=example.db.in
zonefile=example.db
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
echo "key=$keyname, tag=$tag"
# Have the child generate a zone key and pass it to us,
# sign it, and pass it back
( cd ../ns3 && sh sign.sh )
cp ../ns3/secure.example.keyset .
/local/bind9/bin/tests/keysigner -v 9 secure.example.keyset example./$tag/001
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat secure.example.signedkey >>../ns3/secure.example.db.signed
pubkeyfile="$keyname.key"
$KEYSETTOOL $zone $tag/001
cat $infile $pubkeyfile >$zonefile
$SIGNER -v 1 -o $zone $zonefile
# Configure the resolving server with a trusted key.
cat $pubkeyfile | perl -n -e '
my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
my $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' >../ns4/trusted.conf
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
z A 10.0.0.26
options {
pid-file "named.pid";
listen-on { 10.53.0.3; };
recursion no;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "secure.example" {
type master;
file "secure.example.db.signed";
allow-update { any; };
};
zone "insecure.example" {
type master;
file "insecure.example.db";
allow-update { any; };
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
z A 10.0.0.26
#!/bin/sh
zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db
rm -f K$zone*.key
rm -f K$zone*.private
rm -f $zone*.keyset
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
echo "key=$keyname, tag=$tag"
pubkeyfile="$keyname.key"
$KEYSETTOOL $zone $tag/001
cat $infile $pubkeyfile >$zonefile
$SIGNER -v 1 -o $zone $zonefile
#!/bin/sh
cd ns2 && sh sign.sh
if [ $# -gt 0 ]
then
case $1 in
--badsig)
echo "injecting bogus data to force signature checking to fail..." >&2
echo "a.secure.example. A 10.0.0.22" >>../ns3/secure.example.db.signed
;;
*)
echo "unknown option $1" >&2; exit 1
;;
esac
fi
#!/bin/sh
#
# Set up interface aliases for bind9 system tests.
#
for ns in 1 2 3 4
do
ifconfig lo0 10.53.0.$ns alias
done
#!/bin/sh
#
# Run a system test.
#
. ./conf.sh
test $# -gt 0 || { echo "usage: runtest.sh test-directory" >&2; exit 1; }
test=$1
shift
test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
# Set up any dynamically generated test data
if test -f $test/setup.sh
then
( cd $test && sh setup.sh "$@" )
fi
# Start name servers running
sh start.sh $test
#!/bin/sh
#
# Start name servers for running system tests.
#
cd $1
for d in ns*
do
(
cd $d &&
rm -f *.jnl *.bk named.run &&
if test -f named.pid
then
if kill -0 `cat named.pid` 2>/dev/null
then
echo "$0: named pid `cat named.pid` still running" >&2
exit 1
else
rm -f named.pid
fi
fi
$NAMED -c named.conf -d 99 -g >named.run 2>&1 & &&
while test ! -f named.pid
do
sleep 1
done
)
done
#!/bin/sh
#
# Stop name servers.
#
cd $1
for d in ns*
do
pidfile="$d/named.pid"
test ! -f $pidfile || kill -INT `cat $pidfile`
done
#!/bin/sh
#
# Clean up after zone transfer tests.
#
rm -f ns3/example.bk
options {
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.1; };
recursion no;
notify yes;
};
zone "." {
type master;
file "root.db";
};
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
$ORIGIN .
$TTL 300 ; 5 minutes
example IN SOA mname1. . (
2000042795 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
example. NS ns2.example.
ns2.example. A 10.53.0.2
example. NS ns3.example.
ns3.example. A 10.53.0.3
$ORIGIN example.
* MX 10 mail
a TXT "foo foo foo"
PTR foo.net.
$TTL 3600 ; 1 hour
a01 A 0.0.0.0
a02 A 255.255.255.255
a601 A6 0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
A6 64 ::ffff:ffff:ffff:ffff foo.
A6 127 ::1 foo.
A6 128 .
afsdb01 AFSDB 0 hostname
afsdb02 AFSDB 65535 .
$TTL 300 ; 5 minutes
b CNAME foo.net.
c A 73.80.65.49
$TTL 3600 ; 1 hour
cert01 CERT 65534 65535 PRIVATEOID (
MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
d80jEeC8aTrO+KKmCaY= )
cname01 CNAME cname-target.
cname02 CNAME cname-target
cname03 CNAME .
$TTL 300 ; 5 minutes
d A 73.80.65.49
$TTL 3600 ; 1 hour
dname01 DNAME dname-target.
dname02 DNAME dname-target
dname03 DNAME .
$TTL 300 ; 5 minutes
e MX 10 mail
TXT "one"
TXT "three"
TXT "two"
A 73.80.65.49
A 73.80.65.50
A 73.80.65.52
A 73.80.65.51
f A 73.80.65.52
$TTL 3600 ; 1 hour
gpos01 GPOS "-22.6882" "116.8652" "250.0"
gpos02 GPOS "" "" ""
hinfo01 HINFO "Generic PC clone" "NetBSD-1.4"
hinfo02 HINFO "PC" "NetBSD"
isdn01 ISDN "isdn-address"
isdn02 ISDN "isdn-address" "subaddress"
isdn03 ISDN "isdn-address"
isdn04 ISDN "isdn-address" "subaddress"
key01 KEY 512 255 1 (
AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
jqf0BaqHT+8= )
kx01 KX 10 kdc
kx02 KX 10 .
loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
mb01 MG madname
mb02 MG .
md01 MD madname
MD .
mf01 MF madname
MF .
mg01 MG mgmname
mg02 MG .
minfo01 MINFO rmailbx emailbx
minfo02 MINFO . .
mr01 MR mrname
mr02 MR .
mx01 MX 10 mail
mx02 MX 10 .
naptr01 NAPTR 0 0 "" "" "" .
naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blegh" foo.
nsap-ptr01 NSAP-PTR foo.
NSAP-PTR .
nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100
nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100
nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT )
nxt02 NXT . ( NSAP-PTR NXT )
nxt03 NXT . ( A )
nxt04 NXT . ( 127 )
ptr01 PTR example.
px01 PX 65535 foo. bar.
px02 PX 65535 . .
rp01 RP mbox-dname txt-dname
rp02 RP . .
rt01 RT 0 intermediate-host
rt02 RT 65535 .
$TTL 300 ; 5 minutes
s NS ns.s
$ORIGIN s.example.
ns A 73.80.65.49
$ORIGIN example.
$TTL 3600 ; 1 hour
sig01 SIG NXT 1 3 3600 20000102030405 (
19961211100908 2143 foo
MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
d80jEeC8aTrO+KKmCaY= )
srv01 SRV 0 0 0 .
srv02 SRV 65535 65535 65535 old-slow-box.example.com.
$TTL 301 ; 5 minutes 1 second
t A 73.80.65.49
$TTL 3600 ; 1 hour
txt01 TXT "foo"
txt02 TXT "foo" "bar"
txt03 TXT "foo"
txt04 TXT "foo" "bar"
txt05 TXT "foo bar"
txt06 TXT "foo bar"
txt07 TXT "foo bar"
txt08 TXT "foo\010bar"
txt09 TXT "foo\010bar"
txt10 TXT "foo bar"
txt11 TXT "\"foo\""
txt12 TXT "\"foo\""
$TTL 300 ; 5 minutes
u TXT "txt-not-in-nxt"
$ORIGIN u.example.
a A 73.80.65.49
b A 73.80.65.49
$ORIGIN example.
$TTL 3600 ; 1 hour
wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 )
wks02 WKS 10.0.0.1 17 ( 0 1 2 53 )
wks03 WKS 10.0.0.2 6 ( 65535 )
x2501 X25 "123456789"
options {
pid-file "named.pid";
listen-on { 10.53.0.2; };
recursion no;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "example" {
type master;
file "example.db";
allow-update { any; };
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
options {
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.3; };
recursion yes;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "example" {
type slave;
masters { 10.53.0.2; };
file "example.bk";
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
#!/bin/sh
#
# Clean up after zone transfer quota tests.
#
rm -f ns1/zone*.example.db ns1/zones.conf
rm -f ns2/zone*.example.bk ns2/zones.conf
options {
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.1; };
recursion no;
notify yes;
};
zone "." {
type master;
file "root.db";
};
include "zones.conf";
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.