Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
8013077a
Commit
8013077a
authored
Apr 03, 2013
by
Mark Andrews
Browse files
3541. [bug] The parts if libdns was not being properly initialized
in when built in libexport mode. [RT #33028]
parent
8c460e01
Changes
14
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
8013077a
3541. [bug] The parts if libdns was not being properly initialized
in when built in libexport mode. [RT #33028]
3540. [bug] libt_api: t_info and t_assert were not thread safe.
3539. [port] win32: timestamp format didn't match other platforms.
...
...
bin/tests/system/conf.sh.in
View file @
8013077a
...
...
@@ -53,6 +53,7 @@ PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p 1234"
JOURNALPRINT
=
$TOP
/bin/tools/named-journalprint
VERIFY
=
$TOP
/bin/dnssec/dnssec-verify
ARPANAME
=
$TOP
/bin/tools/arpaname
SAMPLE
=
$TOP
/lib/export/samples/sample
# The "stress" test is not run by default since it creates enough
# load on the machine to make it unusable to other users.
...
...
bin/tests/system/dnssec/clean.sh
View file @
8013077a
...
...
@@ -31,6 +31,7 @@ rm -f ns2/single-nsec3.db
rm
-f
ns2/nsec3chain-test.db
rm
-f
*
/example.bk
rm
-f
dig.out.
*
rm
-f
sample.out
*
rm
-f
random.data
rm
-f
ns2/dlv.db
rm
-f
ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
...
...
bin/tests/system/dnssec/ns1/sign.sh
View file @
8013077a
...
...
@@ -73,3 +73,8 @@ cp managed.conf ../ns4/managed.conf
keyid
=
`
expr
$keyname
:
'K.+001+\(.*\)'
`
keyid
=
`
expr
$keyid
+ 0
`
echo
"
$keyid
"
>
managed.key.id
cat
$keyname
.key |
grep
-v
'^; '
|
$PERL
-n
-e
'
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print "-a $alg -e -k $dn -K $key\n"
'
>
sample.key
bin/tests/system/dnssec/tests.sh
View file @
8013077a
...
...
@@ -28,6 +28,7 @@ n=1
rm
-f
dig.out.
*
DIGOPTS
=
"+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
SAMPLEKEY
=
`
cat
ns1/sample.key
`
# convert private-type records to readable form
showprivate
()
{
...
...
@@ -133,6 +134,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking postive validation NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.example
>
sample.out
$n
||
ret
=
1
grep
"a.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.example..*.RRSIG.A 3 2 300 .*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking positive validation NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.nsec3.example.
\
...
...
@@ -145,6 +157,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking positive validation NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.nsec3.example
>
sample.out
$n
||
ret
=
1
grep
"a.nsec3.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.nsec3.example..*RRSIG.A 7 3 300.*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking positive validation OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.optout.example.
\
...
...
@@ -157,6 +180,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking positive validation OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.optout.example
>
sample.out
$n
||
ret
=
1
grep
"a.optout.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.optout.example..*RRSIG.A 7 3 300.*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking positive wildcard validation NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
...
...
@@ -168,6 +202,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking positive wildcard validation NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.wild.example
>
sample.out
$n
||
ret
=
1
grep
"a.wild.example..*10.0.0.27"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.wild.example..*RRSIG.A 3 2 300.*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking positive wildcard answer NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild.nsec3.example. @10.53.0.3 a
>
dig.out.ns3.test
$n
||
ret
=
1
...
...
@@ -179,9 +224,9 @@ status=`expr $status + $ret`
echo
"I:checking positive wildcard answer NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild.nsec3.example. @10.53.0.
3
a
>
dig.out.ns
3
.test
$n
||
ret
=
1
grep
"AUTHORITY: 4,"
dig.out.ns
3
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR"
dig.out.ns
3
.test
$n
>
/dev/null
||
ret
=
1
$DIG
$DIGOPTS
a.wild.nsec3.example. @10.53.0.
4
a
>
dig.out.ns
4
.test
$n
||
ret
=
1
grep
"AUTHORITY: 4,"
dig.out.ns
4
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR"
dig.out.ns
4
.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
...
...
@@ -197,6 +242,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking positive wildcard validation NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.wild.nsec3.example
>
sample.out
$n
||
ret
=
1
grep
"a.wild.nsec3.example..*10.0.0.6"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.wild.nsec3.example..*RRSIG.A 7 3 300.*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking positive wildcard validation OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild.optout.example.
\
...
...
@@ -210,6 +266,17 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking positive wildcard validation OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.wild.optout.example
>
sample.out
$n
||
ret
=
1
grep
"a.wild.optout.example..*10.0.0.6"
sample.out
$n
>
/dev/null
||
ret
=
1
grep
"a.wild.optout.example..*RRSIG.A 7 3 300.*"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NXDOMAIN NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth q.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
...
...
@@ -221,6 +288,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NXDOMAIN NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NXDOMAIN NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth q.nsec3.example.
\
...
...
@@ -234,6 +311,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NXDOMAIN NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.nsec3.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NXDOMAIN OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth q.optout.example.
\
...
...
@@ -248,6 +335,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NXDOMAIN OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.optout.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NODATA NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.example. @10.53.0.2 txt
>
dig.out.ns2.test
$n
||
ret
=
1
...
...
@@ -260,6 +357,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NODATA OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 a.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NODATA NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.nsec3.example.
\
...
...
@@ -274,6 +381,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NODATA NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 a.nsec3.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative validation NODATA OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.optout.example.
\
...
...
@@ -288,6 +405,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative validation NODATA OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 a.optout.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative wildcard validation NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild.example. @10.53.0.2 txt
>
dig.out.ns2.test
$n
||
ret
=
1
...
...
@@ -299,6 +426,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative wildcard validation NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 b.wild.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative wildcard validation NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild.nsec3.example. @10.53.0.3 txt
>
dig.out.ns3.test
$n
||
ret
=
1
...
...
@@ -309,6 +446,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative wildcard validation NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 b.wild.nsec3.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking negative wildcard validation OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild.optout.example.
\
...
...
@@ -323,6 +470,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking negative wildcard validation OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
txt 10.53.0.4 b.optout.nsec3.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
# Check the insecure.example domain
echo
"I:checking 1-server insecurity proof NSEC (
$n
)"
...
...
@@ -337,6 +494,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server insecurity proof NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.insecure.example
>
sample.out
$n
||
ret
=
1
grep
"a.insecure.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server insecurity proof NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.insecure.nsec3.example. @10.53.0.3 a
>
dig.out.ns3.test
$n
||
ret
=
1
...
...
@@ -349,6 +516,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server insecurity proof NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.insecure.nsec3.example
>
sample.out
$n
||
ret
=
1
grep
"a.insecure.nsec3.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server insecurity proof OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth a.insecure.optout.example. @10.53.0.3 a
>
dig.out.ns3.test
$n
||
ret
=
1
...
...
@@ -361,6 +538,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server insecurity proof OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.insecure.optout.example
>
sample.out
$n
||
ret
=
1
grep
"a.insecure.optout.example..*10.0.0.1"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server negative insecurity proof NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
q.insecure.example. a @10.53.0.3
\
...
...
@@ -375,6 +562,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server negative insecurity proof NSEC using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.insecure.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server negative insecurity proof NSEC3 (
$n
)"
ret
=
0
$DIG
$DIGOPTS
q.insecure.nsec3.example. a @10.53.0.3
\
...
...
@@ -389,6 +586,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server negative insecurity proof NSEC3 using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.insecure.nsec3.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server negative insecurity proof OPTOUT (
$n
)"
ret
=
0
$DIG
$DIGOPTS
q.insecure.optout.example. a @10.53.0.3
\
...
...
@@ -403,6 +610,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking 1-server negative insecurity proof OPTOUT using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 q.insecure.optout.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking 1-server negative insecurity proof with SOA hack NSEC (
$n
)"
ret
=
0
$DIG
$DIGOPTS
r.insecure.example. soa @10.53.0.3
\
...
...
@@ -590,6 +807,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking failed validation using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.bogus.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: no valid RRSIG"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
# Try validating with a bad trusted key.
# This should fail.
...
...
@@ -625,6 +852,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-e
${
SAMPLE
}
]
;
then
ret
=
0
echo
"I:checking that validation fails when key record is missing using dns_client (
$n
)"
$SAMPLE
$SAMPLEKEY
-p
5300
-t
a 10.53.0.4 a.b.keyless.example
>
/dev/null 2> sample.out
$n
||
ret
=
1
grep
"resolution failed: broken trust chain"
sample.out
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:Checking that a bad CNAME signature is caught after a +CD query (
$n
)"
ret
=
0
#prime
...
...
@@ -1814,7 +2051,7 @@ echo "I:testing legacy upper case signer name validation ($n)"
ret
=
0
$DIG
+tcp +dnssec
-p
5300 +noadd +noauth soa upper.example @10.53.0.4
\
>
dig.out.ns4.test
$n
2>&1
grep
'flags:.* ad;'
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
'flags:.* ad;'
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
'RRSIG.*SOA.* UPPER\.EXAMPLE\. '
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
...
...
@@ -1824,7 +2061,7 @@ echo "I:testing that we lower case signer name ($n)"
ret
=
0
$DIG
+tcp +dnssec
-p
5300 +noadd +noauth soa LOWER.EXAMPLE @10.53.0.4
\
>
dig.out.ns4.test
$n
2>&1
grep
'flags:.* ad;'
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
'flags:.* ad;'
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
'RRSIG.*SOA.* lower\.example\. '
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
...
...
bin/tests/system/resolver/clean.sh
View file @
8013077a
...
...
@@ -31,3 +31,4 @@ rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
rm
-f
ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
rm
-f
ns7/server.db ns7/server.db.jnl
rm
-f
random.data
rm
-f
sample.out
bin/tests/system/resolver/tests.sh
View file @
8013077a
...
...
@@ -30,17 +30,44 @@ grep "status: NXDOMAIN" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking non-cachable NXDOMAIN response handling using dns_client"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 nxdomain.example.net 2> sample.out
||
ret
=
1
grep
"resolution failed: ncache nxdomain"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking non-cachable NODATA response handling"
ret
=
0
$DIG
+tcp nodata.example.net @10.53.0.1 a
-p
5300
>
dig.out
||
ret
=
1
grep
"status: NOERROR"
dig.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking non-cachable NODATA response handling using dns_client"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 nodata.example.net 2> sample.out
||
ret
=
1
grep
"resolution failed: ncache nxrrset"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking handling of bogus referrals"
# If the server has the "INSIST(!external)" bug, this query will kill it.
$DIG
+tcp www.example.com. a @10.53.0.1
-p
5300
>
/dev/null
||
status
=
1
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking handling of bogus referrals using dns_client"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 www.example.com 2> sample.out
||
ret
=
1
grep
"resolution failed: failure"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:check handling of cname + other data / 1"
$DIG
+tcp cname1.example.com. a @10.53.0.1
-p
5300
>
/dev/null
||
status
=
1
...
...
@@ -71,6 +98,16 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking answer IPv4 address filtering using dns_client (accept)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 www.example.org
>
sample.out
||
ret
=
1
grep
"www.example.org..*.192.0.2.1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking answer IPv6 address filtering (accept)"
ret
=
0
$DIG
+tcp www.example.org @10.53.0.1 aaaa
-p
5300
>
dig.out
||
ret
=
1
...
...
@@ -78,6 +115,15 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking answer IPv6 address filtering using dns_client (accept)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
aaaa 10.53.0.1 www.example.org
>
sample.out
||
ret
=
1
grep
"www.example.org..*.2001:db8:beef::1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking CNAME target filtering (deny)"
ret
=
0
$DIG
+tcp badcname.example.net @10.53.0.1 a
-p
5300
>
dig.out
||
ret
=
1
...
...
@@ -92,6 +138,16 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking CNAME target filtering using dns_client (accept)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 goodcname.example.net
>
sample.out
||
ret
=
1
grep
"goodcname.example.net..*.goodcname.example.org."
sample.out
>
/dev/null
||
ret
=
1
grep
"goodcname.example.org..*.192.0.2.1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking CNAME target filtering (accept due to subdomain)"
ret
=
0
$DIG
+tcp cname.sub.example.org @10.53.0.1 a
-p
5300
>
dig.out
||
ret
=
1
...
...
@@ -99,6 +155,16 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking CNAME target filtering using dns_client (accept due to subdomain)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 cname.sub.example.org
>
sample.out
||
ret
=
1
grep
"cname.sub.example.org..*.ok.sub.example.org."
sample.out
>
/dev/null
||
ret
=
1
grep
"ok.sub.example.org..*.192.0.2.1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking DNAME target filtering (deny)"
ret
=
0
$DIG
+tcp foo.baddname.example.net @10.53.0.1 a
-p
5300
>
dig.out
||
ret
=
1
...
...
@@ -113,6 +179,16 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking DNAME target filtering using dns_client (accept)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 foo.gooddname.example.net
>
sample.out
||
ret
=
1
grep
"foo.gooddname.example.net..*.gooddname.example.org"
sample.out
>
/dev/null
||
ret
=
1
grep
"foo.gooddname.example.org..*.192.0.2.1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
echo
"I:checking DNAME target filtering (accept due to subdomain)"
ret
=
0
$DIG
+tcp www.dname.sub.example.org @10.53.0.1 a
-p
5300
>
dig.out
||
ret
=
1
...
...
@@ -120,6 +196,16 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
if
[
-x
${
SAMPLE
}
]
;
then
echo
"I:checking DNAME target filtering using dns_client (accept due to subdomain)"
ret
=
0
${
SAMPLE
}
-p
5300
-t
a 10.53.0.1 www.dname.sub.example.org
>
sample.out
||
ret
=
1
grep
"www.dname.sub.example.org..*.ok.sub.example.org."
sample.out
>
/dev/null
||
ret
=
1
grep
"www.ok.sub.example.org..*.192.0.2.1"
sample.out
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
fi
n
=
`
expr
$n
+ 1
`
echo
"I: RT21594 regression test check setup (
$n
)"
ret
=
0
...
...
lib/dns/adb.c