Commit 473ca0bf authored by Andreas Gustafsson's avatar Andreas Gustafsson

Added RT #2399 regression test

parent 48b0f5ff
......@@ -15,11 +15,12 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.11 2001/11/06 19:32:54 bwelling Exp $
# $Id: clean.sh,v 1.12 2002/01/22 22:27:23 gson Exp $
rm -f */K* */keyset-* */signedkey-* */*.signed */trusted.conf */tmp*
rm -f ns1/root.db ns2/example.db ns3/secure.example.db
rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db
rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl
rm -f dig.out.*
rm -f random.data
#!/usr/bin/perl
#
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
# DNSSEC Dynamic update test suite.
#
# Usage:
#
# perl update_test.pl [-s server] [-p port] zone
#
# The server defaults to 127.0.0.1.
# The port defaults to 53.
#
# Installation notes:
#
# This program uses the Net::DNS::Resolver module.
# You can install it by saying
#
# perl -MCPAN -e "install Net::DNS"
#
# $Id: dnssec_update_test.pl,v 1.1 2002/01/22 22:27:24 gson Exp $
#
use Getopt::Std;
use Net::DNS;
use Net::DNS::Update;
use Net::DNS::Resolver;
$opt_s = "127.0.0.1";
$opt_p = 53;
getopt('s:p:');
$res = new Net::DNS::Resolver;
$res->nameservers($opt_s);
$res->port($opt_p);
$res->defnames(0); # Do not append default domain.
@ARGV == 1 or die
"usage: perl update_test.pl [-s server] [-p port] zone\n";
$zone = shift @ARGV;
my $failures = 0;
sub assert {
my ($cond, $explanation) = @_;
if (!$cond) {
print "I:Test Failed: $explanation ***\n";
$failures++
}
}
sub test {
my ($expected, @records) = @_;
my $update = new Net::DNS::Update("$zone");
foreach $rec (@records) {
$update->push(@$rec);
}
$reply = $res->send($update);
# Did it work?
if (defined $reply) {
my $rcode = $reply->header->rcode;
assert($rcode eq $expected, "expected $expected, got $rcode");
} else {
print "I:Update failed: ", $res->errorstring, "\n";
}
}
sub section {
my ($msg) = @_;
print "I:$msg\n";
}
section("Add a name");
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
section("Delete the name");
test("NOERROR", ["update", rr_del("a.$zone")]);
if ($failures) {
print "I:$failures tests failed.\n";
} else {
print "I:All tests successful.\n";
}
exit $failures;
......@@ -13,7 +13,7 @@
; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
; $Id: example.db.in,v 1.9 2001/09/19 21:19:50 gson Exp $
; $Id: example.db.in,v 1.10 2002/01/22 22:27:25 gson Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
......@@ -58,11 +58,14 @@ ns.secure A 10.53.0.3
insecure NS ns.insecure
ns.insecure A 10.53.0.3
; A secure subdomain we're going to inject bogus data into
bogus NS ns.bogus
ns.bogus A 10.53.0.3
; A dynamic secure subdomain
dynamic NS dynamic
dynamic A 10.53.0.3
z A 10.0.0.26
keyless NS ns.keyless
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.17 2001/01/11 20:41:32 gson Exp $ */
/* $Id: named.conf,v 1.18 2002/01/22 22:27:26 gson Exp $ */
// NS2
......@@ -54,5 +54,4 @@ zone "insecure.secure.example" {
allow-update { any; };
};
include "trusted.conf";
......@@ -15,7 +15,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.16 2001/09/17 17:47:18 bwelling Exp $
# $Id: sign.sh,v 1.17 2002/01/22 22:27:27 gson Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -33,21 +33,16 @@ keyname=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
( cd ../ns3 && sh sign.sh )
cp ../ns3/keyset-secure.example. .
for subdomain in secure bogus
do
cp ../ns3/keyset-$subdomain.example. .
$KEYSIGNER -r $RANDFILE keyset-secure.example. $keyname > /dev/null
$KEYSIGNER -r $RANDFILE keyset-$subdomain.example. $keyname > /dev/null
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat signedkey-secure.example. >>../ns3/secure.example.db.signed
cp ../ns3/keyset-bogus.example. .
$KEYSIGNER -r $RANDFILE keyset-bogus.example. $keyname > /dev/null
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat signedkey-bogus.example. >>../ns3/bogus.example.db.signed
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat signedkey-$subdomain.example. >>../ns3/$subdomain.example.db.signed
done
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname > /dev/null
......
; Copyright (C) 2000, 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
; DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
; INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
; FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
; $Id: dynamic.example.db.in,v 1.1 2002/01/22 22:27:28 gson Exp $
; This has the NS and glue at the apex because testing RT #2399
; requires we have only one name in the zone at a certain point
; during the test.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
@ NS @
@ A 10.53.0.3
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.19 2001/09/19 21:19:51 gson Exp $ */
/* $Id: named.conf,v 1.20 2002/01/22 22:27:28 gson Exp $ */
// NS3
......@@ -54,6 +54,12 @@ zone "bogus.example" {
allow-update { any; };
};
zone "dynamic.example" {
type master;
file "dynamic.example.db.signed";
allow-update { any; };
};
zone "insecure.example" {
type master;
file "insecure.example.db";
......
......@@ -15,7 +15,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.14 2001/09/19 21:19:52 gson Exp $
# $Id: sign.sh,v 1.15 2002/01/22 22:27:29 gson Exp $
RANDFILE=../random.data
......@@ -43,6 +43,18 @@ cat $infile $keyname.key >$zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
cat $infile $keyname.key >$zonefile
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
zone=keyless.example.
infile=keyless.example.db.in
zonefile=keyless.example.db
......
......@@ -15,7 +15,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.35 2001/09/19 21:19:48 gson Exp $
# $Id: tests.sh,v 1.36 2002/01/22 22:27:24 gson Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -304,5 +304,27 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking positive validation of dynamic zone ($n)"
ret=0
$DIG $DIGOPTS +noauth dynamic.example. SOA @10.53.0.3 > dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth dynamic.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
# XXX why does this fail?
# grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
# Run a minimal update test if possible. This is really just
# a regression test for RT #2399; more tests should be added.
if $PERL -e 'use Net::DNS;' 2>/dev/null
then
echo "I:running DNSSEC update test"
$PERL dnssec_update_test.pl -s 10.53.0.3 -p 5300 dynamic.example. || status=1
else
echo "I:The DNSSEC update test requires the Net::DNS library." >&2
fi
echo "I:exit status: $status"
exit $status
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment