Commit 0e9dcd54 authored by Andreas Gustafsson's avatar Andreas Gustafsson
Browse files

added system tests

parent 43383a70
This is a simple test environment for running bind9 system
tests involving multiple name servers.
There are multiple test suites, each in a separate subdirectory and
involving a diffent DNS setup. They are:
xfer/ Zone transfer, update, and NOTIFY tests
dnssec/ DNSSEC tests
xferquote/ Zone transfer quota tests
Typically each test suite sets up 2-4 name servers and then performs
one or more tests against them. Within the test suite subdirectory,
each name server has a separate subdirectory containing its
configuration data. By convention, these subdirectories are named
"ns1", "ns2", etc.
The tests are completely self-contained and do not require access to
the real DNS. One of the test servers (ns1) is set up as a root
name server and is listed in the hints file of the others.
To enable all servers to run on the same machine, they bind to
separate virtual IP address on the loopback interface. ns1 runs on
10.53.0.1, ns2 on 10.53.0.2, etc. Before running any tests, you must
set up these addresses by running the script "ifconfig.sh".
XXX the ifconfig.sh script is known to work only on NetBSD.
Because the servers run on port 53, the tests must be run as root.
To run the tests:
sh run.sh xfer
[check that xfer/ns3/example.bk has been created]
[run update_test.pl against ns2, check that changes propagate to ns3,
which they currently don't because notifies are not sent after dynamic
updates like they ought to be]
sh stop.sh xfer
sh run.sh dnssec
dig a.secure.example. a @10.53.0.4
[should return 10.0.0.1, AD=1]
dig c.secure.example. a @10.53.0.4
[should return NXDOMAIN, AD=1]
sh stop.sh dnssec
sh run.sh dnssec --badsig
dig a.secure.example. a @10.53.0.4
[should return SERVFAIL]
sh stop.sh dnssec
sh run.sh xferquota
[check that xferquota/ns2 now contains 100 .bk files]
sh stop.sh xferquota
sh clean.sh
XXX The manual operations in [brackets] above should be automated.
$Id: README,v 1.1 2000/05/15 22:47:15 gson Exp $
#!/bin/sh
#
# Clean up after system tests.
#
. ./conf.sh
find . -type f \( \
-name 'K*' -o -name '*~' -o -name '*.core' -o -name '*.log' \
-o -name '*.pid' -o -name '*.run' -o -name '*.keyset' \
\) -print | xargs rm
for d in $SUBDIRS
do
test ! -f $d/clean.sh || ( cd $d && sh clean.sh )
done
#
# Common configuration data for system tests, to be sourced into
# other shell scripts.
#
TOP="`cd ../../..; pwd`"
NAMED=$TOP/bin/named/named
KEYGEN=$TOP/bin/tests/keygen
SIGNER=$TOP/bin/tests/signer
KEYSETTOOL=$TOP/bin/tests/keysettool
SUBDIRS="xfer dnssec xferquota"
export NAMED KEYGEN SIGNER KEYSETTOOL
options {
directory ".";
pid-file "named.pid";
listen-on { 10.53.0.1; };
recursion no;
notify yes;
};
zone "." {
type master;
file "root.db";
};
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example. NS ns2.example.
ns2.example. A 10.53.0.2
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
; A secure subdomain
secure NS ns.secure
ns.secure A 10.53.0.3
; An insecure subdomain
insecure NS ns.secure
ns.insecure A 10.53.0.3
z A 10.0.0.26
options {
pid-file "named.pid";
listen-on { 10.53.0.2; };
recursion no;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "example" {
type master;
file "example.db.signed";
allow-update { any; };
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
#!/bin/sh
zone=example.
infile=example.db.in
zonefile=example.db
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
echo "key=$keyname, tag=$tag"
# Have the child generate a zone key and pass it to us,
# sign it, and pass it back
( cd ../ns3 && sh sign.sh )
cp ../ns3/secure.example.keyset .
/local/bind9/bin/tests/keysigner -v 9 secure.example.keyset example./$tag/001
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat secure.example.signedkey >>../ns3/secure.example.db.signed
pubkeyfile="$keyname.key"
$KEYSETTOOL $zone $tag/001
cat $infile $pubkeyfile >$zonefile
$SIGNER -v 1 -o $zone $zonefile
# Configure the resolving server with a trusted key.
cat $pubkeyfile | perl -n -e '
my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
my $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' >../ns4/trusted.conf
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
z A 10.0.0.26
options {
pid-file "named.pid";
listen-on { 10.53.0.3; };
recursion no;
notify yes;
};
zone "." {
type hint;
file "root.hint";
};
zone "secure.example" {
type master;
file "secure.example.db.signed";
allow-update { any; };
};
zone "insecure.example" {
type master;
file "insecure.example.db";
allow-update { any; };
};
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
z A 10.0.0.26
#!/bin/sh
zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db
rm -f K$zone*.key
rm -f K$zone*.private
rm -f $zone*.keyset
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
echo "key=$keyname, tag=$tag"
pubkeyfile="$keyname.key"
$KEYSETTOOL $zone $tag/001
cat $infile $pubkeyfile >$zonefile
$SIGNER -v 1 -o $zone $zonefile
#!/bin/sh
cd ns2 && sh sign.sh
if [ $# -gt 0 ]
then
case $1 in
--badsig)
echo "injecting bogus data to force signature checking to fail..." >&2
echo "a.secure.example. A 10.0.0.22" >>../ns3/secure.example.db.signed
;;
*)
echo "unknown option $1" >&2; exit 1
;;
esac
fi
#!/bin/sh
#
# Set up interface aliases for bind9 system tests.
#
for ns in 1 2 3 4
do
ifconfig lo0 10.53.0.$ns alias
done
#!/bin/sh
#
# Run a system test.
#
. ./conf.sh
test $# -gt 0 || { echo "usage: runtest.sh test-directory" >&2; exit 1; }
test=$1
shift
test -d $test || { echo "$0: $test: no such test" >&2; exit 1; }
# Set up any dynamically generated test data
if test -f $test/setup.sh
then
( cd $test && sh setup.sh "$@" )
fi
# Start name servers running
sh start.sh $test
#!/bin/sh
#
# Start name servers for running system tests.
#
cd $1
for d in ns*
do
(
cd $d &&
rm -f *.jnl *.bk named.run &&
if test -f named.pid
then
if kill -0 `cat named.pid` 2>/dev/null
then
echo "$0: named pid `cat named.pid` still running" >&2
exit 1
else
rm -f named.pid
fi
fi
$NAMED -c named.conf -d 99 -g >named.run 2>&1 & &&
while test ! -f named.pid
do
sleep 1
done
)
done
#!/bin/sh
#
# Stop name servers.
#
cd $1
for d in ns*
do
pidfile="$d/named.pid"
test ! -f $pidfile || kill -INT `cat $pidfile`
done
#!/bin/sh
#
# Clean up after zone transfer tests.
#
rm -f ns3/example.bk
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment