Commit a7e6a584 authored by Mukund Sivaraman's avatar Mukund Sivaraman Committed by Evan Hunt

Add system tests for "tcp-self" update-policy

parent 1b7598a0
Pipeline #2985 passed with stages
in 7 minutes and 59 seconds
4995. [test] Add tests for "tcp-self" update policy. [GL !282]
4994. [bug] Trust anchor telemetry queries were not being sent
upstream for locally served zones. [GL #392]
......
......@@ -39,6 +39,7 @@ rm -f ns3/many.test.bk
rm -f ns3/nsec3param.test.db
rm -f ns3/too-big.test.db
rm -f ns5/local.db
rm -f ns6/in-addr.db
rm -f nsupdate.out*
rm -f typelist.out.*
rm -f ns1/sample.db
......
-m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal
-D nsupdate-ns5 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA ns5.local.nil. hostmaster.local.nil. (
1 ; serial
2000 ; refresh (2000 seconds)
2000 ; retry (2000 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns5
ns5 A 10.53.0.5
-D nsupdate-ns6 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.6;
notify-source 10.53.0.6;
transfer-source 10.53.0.6;
port @PORT@;
pid-file "named.pid";
session-keyfile "session.key";
listen-on { 10.53.0.6; };
recursion no;
notify yes;
minimal-responses no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "in-addr.arpa" {
type master;
file "in-addr.db";
update-policy { grant * tcp-self . PTR; };
};
......@@ -17,6 +17,7 @@ copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
copy_setports ns6/named.conf.in ns6/named.conf
copy_setports verylarge.in verylarge
......@@ -75,3 +76,4 @@ cp -f ns1/maxjournal.db.in ns1/maxjournal.db
rm -f ns1/maxjournal.db.jnl
cp -f ns5/local.db.in ns5/local.db
cp -f ns6/in-addr.db.in ns6/in-addr.db
......@@ -546,6 +546,63 @@ then
echo_i "failed"; status=1
fi
n=`expr $n + 1`
ret=0
echo_i "check that 'update-policy tcp-self' refuses update of records via UDP ($n)"
$NSUPDATE > nsupdate.out.$n 2>&1 << END
server 10.53.0.6 ${PORT}
local 127.0.0.1
update add 1.0.0.127.in-addr.arpa. 600 PTR localhost.
send
END
grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
-x 127.0.0.1 > dig.out.ns6.$n
grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
if test $ret -ne 0
then
echo_i "failed"; status=1
fi
n=`expr $n + 1`
ret=0
echo_i "check that 'update-policy tcp-self' permits update of records for the client's own address via TCP ($n)"
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END || ret=1
server 10.53.0.6 ${PORT}
local 127.0.0.1
update add 1.0.0.127.in-addr.arpa. 600 PTR localhost.
send
END
grep REFUSED nsupdate.out.$n > /dev/null 2>&1 && ret=1
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
-x 127.0.0.1 > dig.out.ns6.$n || ret=1
grep localhost. dig.out.ns6.$n > /dev/null 2>&1 || ret=1
if test $ret -ne 0
then
echo_i "failed"; status=1
fi
n=`expr $n + 1`
ret=0
echo_i "check that 'update-policy tcp-self' refuses update of records for a different address from the client's own address via TCP ($n)"
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
server 10.53.0.6 ${PORT}
local 127.0.0.1
update add 1.0.168.192.in-addr.arpa. 600 PTR localhost.
send
END
grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
-x 192.168.0.1 > dig.out.ns6.$n
grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
if test $ret -ne 0
then
echo_i "failed"; status=1
fi
n=`expr $n + 1`
ret=0
echo_i "check that changes to the DNSKEY RRset TTL do not have side effects ($n)"
......
......@@ -1645,6 +1645,9 @@
./bin/tests/system/nsupdate/ns5/local.db.in ZONE 2017,2018
./bin/tests/system/nsupdate/ns5/named.args X 2017,2018
./bin/tests/system/nsupdate/ns5/named.conf.in CONF-C 2017,2018
./bin/tests/system/nsupdate/ns6/in-addr.db.in ZONE 2018
./bin/tests/system/nsupdate/ns6/named.args X 2018
./bin/tests/system/nsupdate/ns6/named.conf.in CONF-C 2018
./bin/tests/system/nsupdate/prereq.sh SH 2014,2015,2016,2018
./bin/tests/system/nsupdate/setup.sh SH 2000,2001,2004,2007,2009,2010,2011,2012,2014,2016,2017,2018
./bin/tests/system/nsupdate/tests.sh SH 2000,2001,2004,2007,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment