Added RT #2399 regression test

bin/tests/system/dnssec/clean.sh

@@ -15,11 +15,12 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.11 2001/11/06 19:32:54 bwelling Exp $
+# $Id: clean.sh,v 1.12 2002/01/22 22:27:23 gson Exp $
 
 rm -f */K* */keyset-* */signedkey-* */*.signed */trusted.conf */tmp*
 rm -f ns1/root.db ns2/example.db ns3/secure.example.db
 rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db
+rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl
 rm -f dig.out.*
 rm -f random.data
 

bin/tests/system/dnssec/dnssec_update_test.pl

+#!/usr/bin/perl
+#
+# Copyright (C) 2000, 2001  Internet Software Consortium.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+#
+# DNSSEC Dynamic update test suite.
+#
+# Usage:
+#
+#   perl update_test.pl [-s server] [-p port] zone
+#
+# The server defaults to 127.0.0.1.
+# The port defaults to 53.
+#
+# Installation notes:
+#
+# This program uses the Net::DNS::Resolver module.
+# You can install it by saying
+#
+#    perl -MCPAN -e "install Net::DNS"
+#
+# $Id: dnssec_update_test.pl,v 1.1 2002/01/22 22:27:24 gson Exp $
+#
+
+use Getopt::Std;
+use Net::DNS;
+use Net::DNS::Update;
+use Net::DNS::Resolver;
+
+$opt_s = "127.0.0.1";
+$opt_p = 53;
+
+getopt('s:p:');
+
+$res = new Net::DNS::Resolver;
+$res->nameservers($opt_s);
+$res->port($opt_p);
+$res->defnames(0); # Do not append default domain.
+
+@ARGV == 1 or die
+    "usage: perl update_test.pl [-s server] [-p port] zone\n";
+
+$zone = shift @ARGV;
+
+my $failures = 0;
+
+sub assert {
+    my ($cond, $explanation) = @_;
+    if (!$cond) {
+	print "I:Test Failed: $explanation ***\n";
+	$failures++
+    }
+}
+
+sub test {
+    my ($expected, @records) = @_;
+
+    my $update = new Net::DNS::Update("$zone");
+
+    foreach $rec (@records) {
+	$update->push(@$rec);
+    }
+
+    $reply = $res->send($update);
+
+    # Did it work?
+    if (defined $reply) {
+	my $rcode = $reply->header->rcode;
+        assert($rcode eq $expected, "expected $expected, got $rcode");
+    } else {
+	print "I:Update failed: ", $res->errorstring, "\n";
+    }
+}
+
+sub section {
+    my ($msg) = @_;
+    print "I:$msg\n";
+}
+
+section("Add a name");
+test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
+
+section("Delete the name");
+test("NOERROR", ["update", rr_del("a.$zone")]);
+
+if ($failures) {
+    print "I:$failures tests failed.\n";
+} else {
+    print "I:All tests successful.\n";
+}
+
+exit $failures;

bin/tests/system/dnssec/ns2/example.db.in

@@ -13,7 +13,7 @@
 ; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 ; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: example.db.in,v 1.9 2001/09/19 21:19:50 gson Exp $
+; $Id: example.db.in,v 1.10 2002/01/22 22:27:25 gson Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (
@@ -58,11 +58,14 @@ ns.secure		A	10.53.0.3
 insecure		NS	ns.insecure
 ns.insecure		A	10.53.0.3
 
-
 ; A secure subdomain we're going to inject bogus data into
 bogus			NS	ns.bogus
 ns.bogus		A	10.53.0.3
 
+; A dynamic secure subdomain
+dynamic			NS	dynamic
+dynamic			A	10.53.0.3
+
 z			A	10.0.0.26
 
 keyless			NS	ns.keyless

bin/tests/system/dnssec/ns2/named.conf

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.17 2001/01/11 20:41:32 gson Exp $ */
+/* $Id: named.conf,v 1.18 2002/01/22 22:27:26 gson Exp $ */
 
 // NS2
 
@@ -54,5 +54,4 @@ zone "insecure.secure.example" {
 	allow-update { any; };
 };
 
-
 include "trusted.conf";

bin/tests/system/dnssec/ns2/sign.sh

@@ -15,7 +15,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.16 2001/09/17 17:47:18 bwelling Exp $
+# $Id: sign.sh,v 1.17 2002/01/22 22:27:27 gson Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -33,21 +33,16 @@ keyname=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
 
 ( cd ../ns3 && sh sign.sh )
 
-cp ../ns3/keyset-secure.example. .
+for subdomain in secure bogus
+do
+	cp ../ns3/keyset-$subdomain.example. .
 
-$KEYSIGNER -r $RANDFILE keyset-secure.example. $keyname > /dev/null
+	$KEYSIGNER -r $RANDFILE keyset-$subdomain.example. $keyname > /dev/null
 
-# This will leave two copies of the child's zone key in the signed db file;
-# that shouldn't cause any problems.
-cat signedkey-secure.example. >>../ns3/secure.example.db.signed
-
-cp ../ns3/keyset-bogus.example. .
-
-$KEYSIGNER -r $RANDFILE keyset-bogus.example. $keyname > /dev/null
-
-# This will leave two copies of the child's zone key in the signed db file;
-# that shouldn't cause any problems.
-cat signedkey-bogus.example. >>../ns3/bogus.example.db.signed
+	# This will leave two copies of the child's zone key in the signed db file;
+	# that shouldn't cause any problems.
+	cat signedkey-$subdomain.example. >>../ns3/$subdomain.example.db.signed
+done
 
 $KEYSETTOOL -r $RANDFILE -t 3600 $keyname > /dev/null
 

bin/tests/system/dnssec/ns3/dynamic.example.db.in

+; Copyright (C) 2000, 2001  Internet Software Consortium.
+;
+; Permission to use, copy, modify, and distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+; DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+; INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+; FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: dynamic.example.db.in,v 1.1 2002/01/22 22:27:28 gson Exp $
+
+; This has the NS and glue at the apex because testing RT #2399
+; requires we have only one name in the zone at a certain point
+; during the test.
+
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+@			NS	@
+@			A	10.53.0.3

bin/tests/system/dnssec/ns3/named.conf

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.19 2001/09/19 21:19:51 gson Exp $ */
+/* $Id: named.conf,v 1.20 2002/01/22 22:27:28 gson Exp $ */
 
 // NS3
 
@@ -54,6 +54,12 @@ zone "bogus.example" {
 	allow-update { any; };
 };
 
+zone "dynamic.example" {
+	type master;
+	file "dynamic.example.db.signed";
+	allow-update { any; };
+};
+
 zone "insecure.example" {
 	type master;
 	file "insecure.example.db";

bin/tests/system/dnssec/ns3/sign.sh

@@ -15,7 +15,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.14 2001/09/19 21:19:52 gson Exp $
+# $Id: sign.sh,v 1.15 2002/01/22 22:27:29 gson Exp $
 
 RANDFILE=../random.data
 
@@ -43,6 +43,18 @@ cat $infile $keyname.key >$zonefile
 
 $SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
 
+zone=dynamic.example.
+infile=dynamic.example.db.in
+zonefile=dynamic.example.db
+
+keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
+
+$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
+
+cat $infile $keyname.key >$zonefile
+
+$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
+
 zone=keyless.example.
 infile=keyless.example.db.in
 zonefile=keyless.example.db

bin/tests/system/dnssec/tests.sh

@@ -15,7 +15,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.35 2001/09/19 21:19:48 gson Exp $
+# $Id: tests.sh,v 1.36 2002/01/22 22:27:24 gson Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -304,5 +304,27 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking positive validation of dynamic zone ($n)"
+ret=0
+$DIG $DIGOPTS +noauth dynamic.example. SOA @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth dynamic.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
+# XXX why does this fail?
+# grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Run a minimal update test if possible.  This is really just
+# a regression test for RT #2399; more tests should be added.
+
+if $PERL -e 'use Net::DNS;' 2>/dev/null
+then
+    echo "I:running DNSSEC update test"
+    $PERL dnssec_update_test.pl -s 10.53.0.3 -p 5300 dynamic.example. || status=1
+else
+    echo "I:The DNSSEC update test requires the Net::DNS library." >&2
+fi
+
 echo "I:exit status: $status"
 exit $status