Commit a66619fe authored by Curtis Blackburn's avatar Curtis Blackburn

[rt39196] Added a new nameserver to test rrl "log-only yes".

              Added test for RT #39197. Made the rrl test more
              tolerant of minor differences in results due to
              timing. Removed the failure override for the rrl
              test.

commit 01a15bc80ef4c20171ddfe9b5ceb2ebe008c8e0d
Author: Curtis Blackburn <ckb@isc.org>
Date:   Tue Dec 15 15:08:03 2015 -0800

    added a new nameserver to the rrl test
parent bb5d14d7
/*
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.5;
notify-source 10.53.0.5;
transfer-source 10.53.0.5;
port 5300;
pid-file "named.pid";
statistics-file "named.stats";
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
notify no;
rate-limit {
responses-per-second 2;
all-per-second 50;
slip 3;
exempt-clients { 10.53.0.7; };
log-only yes;
min-table-size 0;
max-table-size 0;
};
additional-from-cache no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
};
......@@ -20,3 +20,4 @@ rm -f dig.out*
rm -f */named.memstats */named.run */named.stats */log-* */session.key
rm -f ns3/bl*.db */*.jnl */*.core */*.pid
rm -f ns*/named.lock
rm -f broken.out
......@@ -41,6 +41,8 @@ options {
qps-scale 10;
window 1;
max-table-size 1000;
log-only no;
min-table-size 0;
};
};
......
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
. 0 NS ns1.
ns1. 0 A 10.53.0.1
/*
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.4;
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port 5300;
session-keyfile "session.key";
pid-file "named.pid";
statistics-file "named.stats";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
notify no;
rate-limit {
responses-per-second 2;
all-per-second 50;
slip 3;
exempt-clients { 10.53.0.7; };
log-only yes;
// small enough to force a table expansion
min-table-size 75;
};
additional-from-cache no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
};
/*
* These log settings have no effect unless "-g" is removed from ../../start.pl
*/
logging {
channel debug {
file "log-debug";
print-category yes; print-severity yes; severity debug 10;
};
channel queries {
file "log-queries";
print-category yes; print-severity yes; severity info;
};
category rate-limit { debug; queries; };
category queries { debug; queries; };
};
zone "." { type hint; file "hints"; };
zone "tld4."{ type master; file "tld4.db"; };
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; rate limit response from this zone
$TTL 120
@ SOA tld4. hostmaster.ns.tld4. ( 1 3600 1200 604800 60 )
NS ns
NS .
ns A 10.53.0.2
; basic rate limiting
a1 A 192.0.2.1
; wildcards
*.a2 A 192.0.2.2
; a3 is in tld3
; a4 does not exist to give NXDOMAIN
; a5 for TCP requests
a5 A 192.0.2.5
; a6 for whitelisted clients
a6 A 192.0.2.6
; a7 for SERVFAIL
; a8 for NODATA
a8 A 192.0.2.8
; a9 for all-per-second limit
$GENERATE 101-180 all$.a9 A 192.0.2.8
......@@ -23,6 +23,7 @@ SYSTEMTESTTOP=..
ns1=10.53.0.1 # root, defining the others
ns2=10.53.0.2 # test server
ns3=10.53.0.3 # secondary test server
ns4=10.53.0.4 # log-only test server
ns7=10.53.0.7 # whitelisted client
USAGE="$0: [-x]"
......@@ -70,7 +71,7 @@ HOME=/dev/null; export HOME
digcmd () {
OFILE=$1; shift
DIG_DOM=$1; shift
ARGS="+nosearch +nocookie +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
ARGS="+nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
#echo I:dig $ARGS 1>&2
START=`date +%y%m%d%H%M.%S`
RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP \
......@@ -87,7 +88,6 @@ digcmd () {
touch -t $START "$OFILE=$RESULT"
}
# $1=number of tests $2=target domain $3=dig options
QNUM=1
burst () {
......@@ -96,13 +96,17 @@ burst () {
CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'`
for CNT in $CNTS
do
eval BURST_DOM="$BURST_DOM_BASE"
FILE="dig.out-$BURST_DOM-$CNT"
digcmd $FILE $BURST_DOM $* &
eval BURST_DOM="$BURST_DOM_BASE"
FILE="dig.out-$BURST_DOM-$CNT"
digcmd $FILE $BURST_DOM $* &
done
QNUM=`expr $QNUM + $BURST_LIMIT`
}
# compare integers $1 and $2; ensure the difference is no more than $3
range () {
$PERL -E 'if (abs(int($ARGV[0]) - int($ARGV[1])) > int($ARGV[2])) { exit(1) }' $1 $2 $3
}
# $1=domain $2=IP address $3=# of IP addresses $4=TC $5=drop
# $6=NXDOMAIN $7=SERVFAIL or other errors
......@@ -117,26 +121,27 @@ ck_result() {
NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN dig.out-$1-*=NXDOMAINTC 2>/dev/null \
| wc -l`
SERVFAIL=`ls dig.out-$1-*=SERVFAIL 2>/dev/null | wc -l`
if test $ADDRS -ne "$3"; then
setret "I:"$ADDRS" instead of $3 '$2' responses for $1"
BAD=yes
fi
if test $TC -ne "$4"; then
setret "I:"$TC" instead of $4 truncation responses for $1"
BAD=yes
fi
if test $DROP -ne "$5"; then
setret "I:"$DROP" instead of $5 dropped responses for $1"
BAD=yes
fi
if test $NXDOMAIN -ne "$6"; then
setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1"
BAD=yes
fi
if test $SERVFAIL -ne "$7"; then
setret "I:"$SERVFAIL" instead of $7 error responses for $1"
BAD=yes
fi
range $ADDRS "$3" 1 ||
setret "I:"$ADDRS" instead of $3 '$2' responses for $1" &&
BAD=yes
range $TC "$4" 1 ||
setret "I:"$TC" instead of $4 truncation responses for $1" &&
BAD=yes
range $DROP "$5" 1 ||
setret "I:"$DROP" instead of $5 dropped responses for $1" &&
BAD=yes
range $NXDOMAIN "$6" 1 ||
setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1" &&
BAD=yes
range $SERVFAIL "$7" 1 ||
setret "I:"$SERVFAIL" instead of $7 error responses for $1" &&
BAD=yes
if test -z "$BAD"; then
rm -f dig.out-$1-*
fi
......@@ -150,9 +155,9 @@ ckstats () {
C=`sed -n -e "s/[ ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p" \
ns2/named.stats | tail -1`
C=`expr 0$C + 0`
if test "$C" -ne $EXPECTED; then
setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
fi
range "$C" $EXPECTED 1 ||
setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
}
......@@ -251,8 +256,34 @@ $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
ckstats final dropped 56
ckstats final truncated 23
#########
sec_start
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
grep "would limit" ns4/named.run >/dev/null 2>&1 ||
setret "I: \"would limit\" not found in log file."
$NAMED -gc broken.conf > broken.out 2>&1 &
sleep 2
grep "min-table-size 1" broken.out > /dev/null || setret "I: min-table-size 0 was not changed to 1"
if [ -f named.pid ]; then
kill `cat named.pid`
setret "I: named should not have started, but did"
fi
echo "I:exit status: $ret"
# exit $ret
[ $ret -ne 0 ] && echo "I:test failure overridden"
exit 0
exit $ret
#[ $ret -ne 0 ] && echo "I:test failure overridden"
#exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment