added system tests

0e9dcd54 · Andreas Gustafsson · 43383a70 · 0e9dcd54 · 0e9dcd54 · 0e9dcd54
Commit 0e9dcd54 authored May 15, 2000 by Andreas Gustafsson
--- a/bin/tests/system/README
+++ b/bin/tests/system/README
+
+This is a simple test environment for running bind9 system
+tests involving multiple name servers.
+
+There are multiple test suites, each in a separate subdirectory and
+involving a diffent DNS setup.  They are:
+
+  xfer/		Zone transfer, update, and NOTIFY tests
+  dnssec/	DNSSEC tests
+  xferquote/	Zone transfer quota tests
+
+Typically each test suite sets up 2-4 name servers and then performs
+one or more tests against them.  Within the test suite subdirectory,
+each name server has a separate subdirectory containing its
+configuration data.  By convention, these subdirectories are named
+"ns1", "ns2", etc.
+
+The tests are completely self-contained and do not require access to
+the real DNS.  One of the test servers (ns1) is set up as a root
+name server and is listed in the hints file of the others.
+
+To enable all servers to run on the same machine, they bind to
+separate virtual IP address on the loopback interface.  ns1 runs on
+10.53.0.1, ns2 on 10.53.0.2, etc.  Before running any tests, you must
+set up these addresses by running the script "ifconfig.sh".
+
+XXX the ifconfig.sh script is known to work only on NetBSD.
+
+Because the servers run on port 53, the tests must be run as root.
+
+To run the tests:
+
+  sh run.sh xfer
+  [check that xfer/ns3/example.bk has been created]
+  [run update_test.pl against ns2, check that changes propagate to ns3,
+  which they currently don't because notifies are not sent after dynamic
+  updates like they ought to be]
+  sh stop.sh xfer
+
+  sh run.sh dnssec
+  dig a.secure.example. a @10.53.0.4
+  [should return 10.0.0.1, AD=1]
+  dig c.secure.example. a @10.53.0.4
+  [should return NXDOMAIN, AD=1]
+  sh stop.sh dnssec
+
+  sh run.sh dnssec --badsig
+  dig a.secure.example. a @10.53.0.4
+  [should return SERVFAIL]
+  sh stop.sh dnssec
+
+  sh run.sh xferquota
+  [check that xferquota/ns2 now contains 100 .bk files]
+  sh stop.sh xferquota
+
+  sh clean.sh
+
+XXX The manual operations in [brackets] above should be automated.
+
+$Id: README,v 1.1 2000/05/15 22:47:15 gson Exp $
--- a/bin/tests/system/clean.sh
+++ b/bin/tests/system/clean.sh
+#!/bin/sh
+#
+# Clean up after system tests.
+#
+
+. ./conf.sh
+
+find . -type f \( \
+    -name 'K*' -o -name '*~' -o -name '*.core' -o -name '*.log' \
+    -o -name '*.pid' -o -name '*.run' -o -name '*.keyset' \
+\) -print | xargs rm
+
+for d in $SUBDIRS
+do
+   test ! -f $d/clean.sh || ( cd $d && sh clean.sh )
+done
--- a/bin/tests/system/conf.sh
+++ b/bin/tests/system/conf.sh
+# 
+# Common configuration data for system tests, to be sourced into
+# other shell scripts.
+#
+
+TOP="`cd ../../..; pwd`"
+
+NAMED=$TOP/bin/named/named
+KEYGEN=$TOP/bin/tests/keygen
+SIGNER=$TOP/bin/tests/signer
+KEYSETTOOL=$TOP/bin/tests/keysettool
+
+SUBDIRS="xfer dnssec xferquota"
+
+export NAMED KEYGEN SIGNER KEYSETTOOL
--- a/bin/tests/system/dnssec/ns1/named.conf
+++ b/bin/tests/system/dnssec/ns1/named.conf
+options {
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
--- a/bin/tests/system/dnssec/ns1/root.db
+++ b/bin/tests/system/dnssec/ns1/root.db
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry 
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2
--- a/bin/tests/system/dnssec/ns2/example.db.in
+++ b/bin/tests/system/dnssec/ns2/example.db.in
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns2
+ns2			A	10.53.0.2
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+
+; A secure subdomain
+secure			NS	ns.secure
+ns.secure		A	10.53.0.3
+
+; An insecure subdomain
+insecure		NS	ns.secure
+ns.insecure		A	10.53.0.3
+
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns2/named.conf
+++ b/bin/tests/system/dnssec/ns2/named.conf
+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "example" {
+	type master;
+	file "example.db.signed";
+	allow-update { any; };
+};
+
--- a/bin/tests/system/dnssec/ns2/root.hint
+++ b/bin/tests/system/dnssec/ns2/root.hint
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
+#!/bin/sh
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+# Have the child generate a zone key and pass it to us,
+# sign it, and pass it back
+
+( cd ../ns3 && sh sign.sh )
+cp ../ns3/secure.example.keyset .
+/local/bind9/bin/tests/keysigner -v 9 secure.example.keyset example./$tag/001
+# This will leave two copies of the child's zone key in the signed db file;
+# that shouldn't cause any problems.
+cat secure.example.signedkey >>../ns3/secure.example.db.signed
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+
+# Configure the resolving server with a trusted key.
+
+cat $pubkeyfile | perl -n -e '
+my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+my $key = join("", @rest);
+print <<EOF
+trusted-keys {
+    "$dn" $flags $proto $alg "$key";
+};
+EOF
+' >../ns4/trusted.conf
+
--- a/bin/tests/system/dnssec/ns3/insecure.example.db
+++ b/bin/tests/system/dnssec/ns3/insecure.example.db
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns3/named.conf
+++ b/bin/tests/system/dnssec/ns3/named.conf
+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "secure.example" {
+	type master;
+	file "secure.example.db.signed";
+	allow-update { any; };
+};
+
+zone "insecure.example" {
+	type master;
+	file "insecure.example.db";
+	allow-update { any; };
+};
+
--- a/bin/tests/system/dnssec/ns3/root.hint
+++ b/bin/tests/system/dnssec/ns3/root.hint
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
--- a/bin/tests/system/dnssec/ns3/secure.example.db.in
+++ b/bin/tests/system/dnssec/ns3/secure.example.db.in
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
+#!/bin/sh
+
+zone=secure.example.
+infile=secure.example.db.in
+zonefile=secure.example.db
+
+rm -f K$zone*.key
+rm -f K$zone*.private
+rm -f $zone*.keyset
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+
--- a/bin/tests/system/dnssec/setup.sh
+++ b/bin/tests/system/dnssec/setup.sh
+#!/bin/sh
+
+cd ns2 && sh sign.sh
+
+if [ $# -gt 0 ]
+then
+   case $1 in
+	--badsig)
+	   echo "injecting bogus data to force signature checking to fail..." >&2
+	   echo "a.secure.example.	A	10.0.0.22" >>../ns3/secure.example.db.signed
+	;;
+	
+	*)
+	    echo "unknown option $1" >&2; exit 1
+	;;
+    esac
+fi
--- a/bin/tests/system/ifconfig.sh
+++ b/bin/tests/system/ifconfig.sh
+#!/bin/sh
+#
+# Set up interface aliases for bind9 system tests.
+#
+
+for ns in 1 2 3 4
+do 
+   ifconfig lo0 10.53.0.$ns alias
+done
--- a/bin/tests/system/run.sh
+++ b/bin/tests/system/run.sh
+#!/bin/sh
+#
+# Run a system test.
+#
+. ./conf.sh
+
+test $# -gt 0 || { echo "usage: runtest.sh test-directory" >&2; exit 1; }
+
+test=$1
+shift
+
+test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
+
+# Set up any dynamically generated test data
+if test -f $test/setup.sh
+then
+   ( cd $test && sh setup.sh "$@" )
+fi
+
+# Start name servers running
+sh start.sh $test
+
--- a/bin/tests/system/start.sh
+++ b/bin/tests/system/start.sh
+#!/bin/sh
+#
+# Start name servers for running system tests.
+#
+
+cd $1
+
+for d in ns*
+do
+    (
+        cd $d &&
+	rm -f *.jnl *.bk named.run &&
+	if test -f named.pid
+	then
+	    if kill -0 `cat named.pid` 2>/dev/null
+	    then
+		echo "$0: named pid `cat named.pid` still running" >&2
+	        exit 1
+	    else
+		rm -f named.pid
+	    fi
+	fi
+	$NAMED -c named.conf -d 99 -g >named.run 2>&1 & &&
+	while test ! -f named.pid
+	do
+	    sleep 1
+        done
+    )
+done
+
--- a/bin/tests/system/stop.sh
+++ b/bin/tests/system/stop.sh
+#!/bin/sh
+#
+# Stop name servers.
+#
+
+cd $1
+
+for d in ns*
+do
+     pidfile="$d/named.pid"
+     test ! -f $pidfile || kill -INT `cat $pidfile`
+done
--- a/bin/tests/system/xfer/clean.sh
+++ b/bin/tests/system/xfer/clean.sh
+#!/bin/sh
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ns3/example.bk