Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
c032c54d
Commit
c032c54d
authored
Feb 20, 2018
by
Evan Hunt
Browse files
parallelize most system tests
parent
0217cc8b
Changes
621
Hide whitespace changes
Inline
Side-by-side
bin/tests/system/Makefile.in
View file @
c032c54d
...
...
@@ -46,7 +46,26 @@ feature-test@EXEEXT@: feature-test.@O@
# Define the tests that can be run in parallel. This should be identical to
# the definition of PARALLELDIRS in conf.sh.
PARALLEL
=
allow_query catz rpzrecurse serve-stale
PARALLEL
=
acl additional addzone allow_query auth autosign
\
builtin
cacheclean
case
catz cds chain
\
checkconf checknames checkzone
\
@CHECKDS@ @COVERAGE@ @KEYMGR@
\
cookie database digdelv dlv dlz dlzexternal
\
dns64 dnssec @DNSTAP@ dscp dsdigest dyndb
\
ednscompliance emptyzones
\
fetchlimit filter-aaaa formerr forward
\
geoip glue inline integrity ixfr keepalive
\
legacy limits logfileconfig
\
masterfile masterformat metadata mkeys
\
names notify nslookup nsupdate nzd2nzf
\
padding pending pipelined
\
reclimit redirect resolver rndc rpz rpzrecurse
\
rrchecker rrl rrsetorder rsabigexponent runtime
\
serve-stale sfcache smartsign sortlist
\
spf staticstub statistics statschannel stub synthfromdnssec
\
tcp tools tsig tsiggss
\
unknown upforwd verify views wildcard
\
xfer xferquota zero zonechecks
# Produce intermediate makefile that assigns unique port numbers to each
# parallel test. The start port number of 5,000 is arbitrary - it must just
...
...
@@ -56,11 +75,13 @@ PARALLEL = allow_query catz rpzrecurse serve-stale
# underscores in target names and requires explicit differentiation
# between a target name and a directory name (.PHONY is not supported).
.PHONY
:
parallel.mk
parallel.mk
:
@
PARALLEL_SANITIZED
=
`
echo
$(PARALLEL)
|
sed
"s|
\(
[^ ][^ ]*
\)
|test-
\1
|g;"
|
tr
_ -
`
;
\
PARALLEL_SANITIZED
=
`
echo
$(PARALLEL)
|
sed
"s|
\(
[^ ][^ ]*
\)
|test-
\1
|g;"
|
tr
_ -
`
;
\
echo
".PHONY:
$$
PARALLEL_SANITIZED"
>
$@
;
\
echo
""
>>
$@
;
\
echo
"check:
$$
PARALLEL_SANITIZED"
>>
$@
;
\
echo
"
test
check:
$$
PARALLEL_SANITIZED"
>>
$@
;
\
port
=
$
${
STARTPORT
:-
5000
}
;
\
for
directory
in
$(PARALLEL)
;
do
\
echo
""
>>
$@
;
\
...
...
bin/tests/system/README
View file @
c032c54d
...
...
@@ -334,7 +334,7 @@ are:
PORT Number to be used for the query port.
CONTROLPORT Number to be used as the RNDC control port.
EXTRAPORT1 - EXTRAPORT8 Eight port numbers that can be use as needed.
EXTRAPORT1 - EXTRAPORT8 Eight port numbers that can be use
d
as needed.
Two other environment variables are defined:
...
...
bin/tests/system/acl/clean.sh
View file @
c032c54d
...
...
@@ -11,7 +11,8 @@
#
rm
-f
dig.out.
*
rm
-f
ns2/example.db ns2/tsigzone.db ns2/example.db.jnl ns2/named.conf
rm
-f
ns2/example.db ns2/tsigzone.db ns2/example.db.jnl
rm
-f
*
/named.conf
rm
-f
*
/named.memstats
rm
-f
*
/named.run
rm
-f
ns
*
/named.lock
...
...
bin/tests/system/acl/ns2/named1.conf
→
bin/tests/system/acl/ns2/named1.conf
.in
View file @
c032c54d
...
...
@@ -6,15 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $
Id
:
named1
.
conf
,
v
1
.
2
2008
/
01
/
10
01
:
10
:
01
marka
Exp
$ */
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls
{ /*
empty
*/ };
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -24,8 +29,6 @@ options {
check-integrity no;
};
include
"../../common/controls.conf"
;
key one {
algorithm hmac-md5;
secret "1234abcd8765";
...
...
bin/tests/system/acl/ns2/named2.conf
→
bin/tests/system/acl/ns2/named2.conf
.in
View file @
c032c54d
...
...
@@ -6,15 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $
Id
:
named2
.
conf
,
v
1
.
3
2008
/
01
/
21
20
:
38
:
54
each
Exp
$ */
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls
{ /*
empty
*/ };
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -24,8 +29,6 @@ options {
check-integrity no;
};
include
"../../common/controls.conf"
;
key one {
algorithm hmac-md5;
secret "1234abcd8765";
...
...
bin/tests/system/acl/ns2/named3.conf
→
bin/tests/system/acl/ns2/named3.conf
.in
View file @
c032c54d
...
...
@@ -6,15 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $
Id
:
named3
.
conf
,
v
1
.
2
2008
/
01
/
10
01
:
10
:
01
marka
Exp
$ */
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls
{ /*
empty
*/ };
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -24,8 +29,6 @@ options {
check-integrity no;
};
include
"../../common/controls.conf"
;
key one {
algorithm hmac-md5;
secret "1234abcd8765";
...
...
bin/tests/system/acl/ns2/named4.conf
→
bin/tests/system/acl/ns2/named4.conf
.in
View file @
c032c54d
...
...
@@ -6,15 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $
Id
:
named4
.
conf
,
v
1
.
2
2008
/
01
/
10
01
:
10
:
01
marka
Exp
$ */
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls
{ /*
empty
*/ };
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -24,8 +29,6 @@ options {
check-integrity no;
};
include
"../../common/controls.conf"
;
key one {
algorithm hmac-md5;
secret "1234abcd8765";
...
...
bin/tests/system/acl/ns2/named5.conf
→
bin/tests/system/acl/ns2/named5.conf
.in
View file @
c032c54d
...
...
@@ -6,15 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
/* $
Id
:
named1
.
conf
,
v
1
.
2
2008
/
01
/
10
01
:
10
:
01
marka
Exp
$ */
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls
{ /*
empty
*/ };
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -25,8 +30,6 @@ options {
allow-query-on { 10.53.0.2; };
};
include
"../../common/controls.conf"
;
key one {
algorithm hmac-md5;
secret "1234abcd8765";
...
...
bin/tests/system/acl/ns2/named6.conf
→
bin/tests/system/acl/ns2/named6.conf
.in
View file @
c032c54d
...
...
@@ -6,13 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
controls
{ /*
empty
*/ };
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -23,8 +30,6 @@ options {
allow-query-on { 10.53.0.2; };
};
include
"../../common/controls.conf"
;
zone "." {
type hint;
file "../../common/root.hint";
...
...
bin/tests/system/acl/ns2/named7.conf
→
bin/tests/system/acl/ns2/named7.conf
.in
View file @
c032c54d
...
...
@@ -6,13 +6,20 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
controls
{ /*
empty
*/ };
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
...
...
@@ -23,8 +30,6 @@ options {
allow-query-on { 10.53.0.2; };
};
include
"../../common/controls.conf"
;
view one {
match-clients { ecs 192.0.2/24; };
...
...
bin/tests/system/acl/ns3/named.conf
→
bin/tests/system/acl/ns3/named.conf
.in
View file @
c032c54d
...
...
@@ -10,7 +10,7 @@ options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
...
...
@@ -21,7 +21,7 @@ options {
};
controls {
inet
10
.
53
.
0
.
3
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
inet 10.53.0.3 port
@CONTROLPORT@
allow { any; } keys { rndc_key; };
};
key rndc_key {
...
...
bin/tests/system/acl/ns4/named.conf
→
bin/tests/system/acl/ns4/named.conf
.in
View file @
c032c54d
...
...
@@ -10,7 +10,7 @@ options {
query-source address 10.53.0.4;
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port
5300
;
port
@PORT@
;
pid-file "named.pid";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
...
...
@@ -21,7 +21,7 @@ options {
};
controls {
inet
10
.
53
.
0
.
4
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
inet 10.53.0.4 port
@CONTROLPORT@
allow { any; } keys { rndc_key; };
};
key rndc_key {
...
...
bin/tests/system/acl/setup.sh
View file @
c032c54d
...
...
@@ -9,6 +9,9 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
$SHELL
clean.sh
$SHELL
../genzone.sh 2 3
>
ns2/example.db
$SHELL
../genzone.sh 2 3
>
ns2/tsigzone.db
cp
-f
ns2/named1.conf ns2/named.conf
copy_setports ns2/named1.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf
bin/tests/system/acl/tests.sh
View file @
c032c54d
...
...
@@ -6,231 +6,228 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
DIGOPTS
=
"+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
DIGOPTS
=
"+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p
${
PORT
}
"
RNDCCMD
=
"
$RNDC
-c
$SYSTEMTESTTOP
/common/rndc.conf -p
${
CONTROLPORT
}
-s"
status
=
0
t
=
0
echo
"
I:
testing basic ACL processing"
echo
_i
"testing basic ACL processing"
# key "one" should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# any other key should be fine
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
c
p
-f
ns2/named2.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
c
opy_setports
ns2/named2.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
# prefix 10/8 should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# any other address should work, as long as it sends key "one"
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
127.0.0.1 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
127.0.0.1 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
127.0.0.1 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
127.0.0.1 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
echo
"
I:
testing nested ACL processing"
echo
_i
"testing nested ACL processing"
# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed
c
p
-f
ns2/named3.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
c
opy_setports
ns2/named3.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# but only one or the other should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
127.0.0.1 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
127.0.0.1 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$tt
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$tt
failed"
;
status
=
1
;
}
# and other values? right out
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
127.0.0.1 axfr
-y
three:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
127.0.0.1 axfr
-y
three:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
c
p
-f
ns2/named4.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
c
opy_setports
ns2/named4.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.1 axfr
-y
two:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.3 axfr
-y
one:1234abcd8765
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.3 axfr
-y
one:1234abcd8765
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
echo
"
I:
testing allow-query-on ACL processing"
c
p
-f
ns2/named5.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
echo
_i
"testing allow-query-on ACL processing"
c
opy_setports
ns2/named5.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
t
=
`
expr
$t
+ 1
`
$DIG
+tcp soa example.
\
@10.53.0.2
-b
10.53.0.3
-p
5300
>
dig.out.
${
t
}
grep
"status: NOERROR"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
$DIG
-p
${
PORT
}
+tcp soa example.
\
@10.53.0.2
-b
10.53.0.3
>
dig.out.
${
t
}
grep
"status: NOERROR"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
echo
"
I:
testing EDNS client-subnet ACL processing"
c
p
-f
ns2/named6.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
echo
_i
"testing EDNS client-subnet ACL processing"
c
opy_setports
ns2/named6.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
# should fail
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 axfr
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 axfr
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# should succeed
t
=
`
expr
$t
+ 1
`
$DIG
$DIGOPTS
tsigzone.
\
@10.53.0.2
-b
10.53.0.2 +subnet
=
"10.53.0/24"
axfr
-p
5300
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
@10.53.0.2
-b
10.53.0.2 +subnet
=
"10.53.0/24"
axfr
>
dig.out.
${
t
}
grep
"^;"
dig.out.
${
t
}
>
/dev/null 2>&1
&&
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
echo
"
I:
testing EDNS client-subnet response scope"
c
p
-f
ns2/named7.conf ns2/named.conf
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953
reload 2>&1 |
sed
's/^/
I:
ns2 /'
echo
_i
"testing EDNS client-subnet response scope"
c
opy_setports
ns2/named7.conf
.in
ns2/named.conf
$RNDC
CMD
10.53.0.2 reload 2>&1 |
sed
's/^/ns2 /'
| cat_i
sleep
5
t
=
`
expr
$t
+ 1
`
$DIG
example. soa @10.53.0.2 +subnet
=
"10.53.0.1/32"
-p
5300
>
dig.out.
${
t
}
grep
"CLIENT-SUBNET.*10.53.0.1/32/0"
dig.out.
${
t
}
>
/dev/null
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
$DIG
-p
${
PORT
}
example. soa @10.53.0.2 +subnet
=
"10.53.0.1/32"
>
dig.out.
${
t
}
grep
"CLIENT-SUBNET.*10.53.0.1/32/0"
dig.out.
${
t
}
>
/dev/null
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
t
=
`
expr
$t
+ 1
`
$DIG
example. soa @10.53.0.2 +subnet
=
"192.0.2.128/32"
-p
5300
>
dig.out.
${
t
}
grep
"CLIENT-SUBNET.*192.0.2.128/32/24"
dig.out.
${
t
}
>
/dev/null
||
{
echo
"
I:
test
$t
failed"
;
status
=
1
;
}
$DIG
-p
${
PORT
}
example. soa @10.53.0.2 +subnet
=
"192.0.2.128/32"
>
dig.out.
${
t
}
grep
"CLIENT-SUBNET.*192.0.2.128/32/24"
dig.out.
${
t
}
>
/dev/null
||
{
echo
_i
"test
$t
failed"
;
status
=
1
;
}
# AXFR tests against ns3
echo
"I:testing allow-transfer ACLs against ns3 (no existing zones)"
echo
"I:calling addzone example.com on ns3"
$RNDC
-c
../common/rndc.conf
-s
10.53.0.3
-p
9953 addzone
'example.com {type master; file "example.db"; }; '
echo_i
"testing allow-transfer ACLs against ns3 (no existing zones)"
echo_i
"calling addzone example.com on ns3"
$RNDCCMD
10.53.0.3 addzone
'example.com {type master; file "example.db"; }; '
sleep
1
t
=
`
expr
$t
+ 1
`
ret
=
0
echo
"
I:
checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (
${
t
}
)"
$DIG
@10.53.0.3
-p
5300
example.com axfr
>
dig.out.
${
t
}
2>&1
echo
_i
"checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (
${
t
}
)"
$DIG
-p
${
PORT
}
@10.53.0.3 example.com axfr
>
dig.out.
${
t
}
2>&1
grep
"Transfer failed."
dig.out.
${
t
}
>
/dev/null 2>&1
||
ret
=
1
[
$ret
-eq
0
]
||
echo
"
I:
failed"
[
$ret
-eq
0
]
||
echo
_i
"failed"
status
=
`
expr
$status
+
$ret
`
echo
"
I:
calling rndc reconfig"
$RNDC
-c
../common/rndc.conf
-s
10.53.0.3
-p
9953 reconfig
echo
_i
"calling rndc reconfig"
$RNDC
CMD
10.53.0.3 reconfig 2>&1 |
sed
's/^/ns3 /'
| cat_i
sleep
1
t
=
`
expr
$t
+ 1
`
ret
=
0
echo
"
I:
re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (
${
t
}
)"
$DIG
@10.53.0.3
-p
5300
example.com axfr
>
dig.out.
${
t
}
2>&1
echo
_i
"re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (
${
t
}
)"