93ca8abdf86dfe69d40c0bc5389151e0672780afTinderbox User# Copyright (C) 2000, 2001, 2004, 2007, 2009-2018 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt# $Id: tests.sh,v 1.42 2011/12/16 23:01:17 each Exp $
30a60d2aff0ec1810262a8b8efc532e28b32bd57Evan Hunt# wait for zone transfer to complete
30a60d2aff0ec1810262a8b8efc532e28b32bd57Evan Huntwhile true; do
ac31adc3b76a3acf61c711d1cd49480a288b1317Mukund Sivaraman if grep "example.nil/IN.*Transfer status" ns2/named.run > /dev/null
30a60d2aff0ec1810262a8b8efc532e28b32bd57Evan Hunt echo "I:zones are not fully loaded, waiting..."
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:fetching first copy of zone before update"
c3c6770e537ea916265c78d0294ad108233e17c1Michael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:fetching second copy of zone before update"
c3c6770e537ea916265c78d0294ad108233e17c1Michael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:comparing pre-update copies to known good data"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || ret=1
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:updating zone"
fdebae839745f79a7550aeb49d15a930523ec483David Lawrence# nsupdate will print a ">" prompt to stdout as it gets each input line.
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
28002bd7cb4baa0eab9f47e1e51069c5ea7ea5d4Andreas Gustafssonserver 10.53.0.1 5300
28002bd7cb4baa0eab9f47e1e51069c5ea7ea5d4Andreas Gustafssonupdate add updated.example.nil. 600 A 10.10.10.1
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Huntadd updated.example.nil. 600 TXT Foo
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Huntdelete t.example.nil.
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntecho "I:sleeping 5 seconds for server to incorporate changes"
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:fetching first copy of zone after update"
c3c6770e537ea916265c78d0294ad108233e17c1Michael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:fetching second copy of zone after update"
c3c6770e537ea916265c78d0294ad108233e17c1Michael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
c634c94d673f1bab17e7f65d332f989b683e712cDavid Lawrenceecho "I:comparing post-update copies to known good data"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || ret=1
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntecho "I:testing local update policy"
222d38735f97f771054e223b03f84c5858252332Evan Huntpre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntecho "I:updating zone"
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Hunt# nsupdate will print a ">" prompt to stdout as it gets each input line.
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || ret=1
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntzone other.nil.
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntupdate add new.other.nil. 600 IN A 10.10.10.1
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntecho "I:sleeping 5 seconds for server to incorporate changes"
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntecho "I:checking result of update"
222d38735f97f771054e223b03f84c5858252332Evan Huntpost=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
9069215eac23e32f4ef1c8e44ad7ff2865cfcdacEvan Huntecho "I:comparing post-update copy to known good data"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntecho "I:testing zone consistency checks"
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Hunt# inserting an NS record without a corresponding A or AAAA record should fail
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add other.nil. 600 in ns ns3.other.nil.
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Hunt# ...but should work if an A record is inserted first:
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add ns4.other.nil 600 in a 10.53.0.1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add other.nil. 600 in ns ns4.other.nil.
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Hunt# ...or if an AAAA record does:
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add ns5.other.nil 600 in aaaa 2001:db8::1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add other.nil. 600 in ns ns5.other.nil.
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Hunt# ...or if the NS and A/AAAA are inserted together:
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add other.nil. 600 in ns ns6.other.nil.
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntupdate add ns6.other.nil 600 in a 10.53.0.1
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntecho "I:sleeping 5 seconds for server to incorporate changes"
b5b934a0bb46aded1552a17473652b5a7f4a3274Evan Huntecho "I:checking result of update"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
47e70d820ed07895a25e5b3520adf953114ac01eEvan Huntecho "I:check SIG(0) key is accepted"
d58e33bfabfee19a035031dac633d36659738d56Evan Huntkey=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx`
47e70d820ed07895a25e5b3520adf953114ac01eEvan Huntecho "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntecho "I:check TYPE=0 update is rejected by nsupdate ($n)"
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt server 10.53.0.1 5300
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt update add example.nil. in type0 ""
222d38735f97f771054e223b03f84c5858252332Evan Huntgrep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1
2a6d60615cf07b164533dbb6bb1dce84ed2d037dEvan Huntecho "I:check TYPE=0 prerequisite is handled ($n)"
2a6d60615cf07b164533dbb6bb1dce84ed2d037dEvan Hunt$NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt server 10.53.0.1 5300
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt prereq nxrrset example.nil. type0
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntgrep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntecho "I:check that TYPE=0 update is handled ($n)"
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntecho "a0e4280000010000000100000000060001c00c000000fe000000000000" |
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntgrep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntecho "I:check that TYPE=0 additional data is handled ($n)"
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntecho "a0e4280000010000000000010000060001c00c000000fe000000000000" |
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntgrep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
cba23be7ba724b527f6a60c14caaeca9502fbc79Evan Huntecho "I:check that update to undefined class is handled ($n)"
cba23be7ba724b527f6a60c14caaeca9502fbc79Evan Huntecho "a0e4280000010001000000000000060101c00c000000fe000000000000" |
cba23be7ba724b527f6a60c14caaeca9502fbc79Evan Hunt$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
cba23be7ba724b527f6a60c14caaeca9502fbc79Evan Hunt$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
cba23be7ba724b527f6a60c14caaeca9502fbc79Evan Huntgrep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
ffff5d67926821d3db8df63bdd84a9cb1ce56739Evan Huntecho "I:check that address family mismatch is handled ($n)"
ffff5d67926821d3db8df63bdd84a9cb1ce56739Evan Huntlocal 127.0.0.1
ffff5d67926821d3db8df63bdd84a9cb1ce56739Evan Huntupdate add 600 txt.example.nil in txt "test"
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrewsecho "I:check that unixtime serial number is correctly generated ($n)"
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrewsoldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews server 10.53.0.1 5300
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews update add new.unixtime.nil in a 1.2.3.4
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrewsserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews# allow up to 2 seconds difference between the serial
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews# number and the unix epoch date but no more
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1
c5272fb3303425f794dab68f734f6a2a45dce01eMichael Sawyer echo "I:running update.pl test"
c5272fb3303425f794dab68f734f6a2a45dce01eMichael Sawyer $PERL update_test.pl -s 10.53.0.1 -p 5300 update.nil. || status=1
c5272fb3303425f794dab68f734f6a2a45dce01eMichael Sawyer echo "I:The second part of this test requires the Net::DNS library." >&2
6b9c29ec578de7fda057bd3b893ccda176378b1bMichael Sawyerecho "I:fetching first copy of test zone"
6b9c29ec578de7fda057bd3b893ccda176378b1bMichael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
6b9c29ec578de7fda057bd3b893ccda176378b1bMichael Sawyerecho "I:fetching second copy of test zone"
6b9c29ec578de7fda057bd3b893ccda176378b1bMichael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
6b9c29ec578de7fda057bd3b893ccda176378b1bMichael Sawyerecho "I:comparing zones"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || ret=1
dc9c461b27df798ba7c3d9ba1446840c5f85553bMichael Sawyerecho "I:SIGKILL and restart server ns1"
6301757d64037b5a3684d7a765726f06f26712e5Mark Andrews $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews echo "I:restarted server ns1"
3ad7f12f7439471a0922ed3952221e93aef9db69Andreas Gustafsson echo "I:could not restart server ns1"
dc9c461b27df798ba7c3d9ba1446840c5f85553bMichael Sawyerecho "I:fetching ns1 after hard restart"
dc9c461b27df798ba7c3d9ba1446840c5f85553bMichael Sawyer$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
222d38735f97f771054e223b03f84c5858252332Evan Hunt @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || ret=1
dc9c461b27df798ba7c3d9ba1446840c5f85553bMichael Sawyerecho "I:comparing zones"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || ret=1
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonecho "I:begin RT #482 regression test"
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonecho "I:update master"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonserver 10.53.0.1 5300
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonupdate add updated2.example.nil. 600 A 10.10.10.2
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonupdate add updated2.example.nil. 600 TXT Bar
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonupdate delete c.example.nil.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecickiif [ ! "$CYGWIN" ]; then
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki echo "I:SIGHUP slave"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki echo "I:reload slave"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload > /dev/null 2>&1
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonecho "I:update master again"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonserver 10.53.0.1 5300
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonupdate add updated3.example.nil. 600 A 10.10.10.3
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonupdate add updated3.example.nil. 600 TXT Zap
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Huntdel d.example.nil.
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecickiif [ ! "$CYGWIN" ]; then
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki echo "I:SIGHUP slave again"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki echo "I:reload slave again"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload > /dev/null 2>&1
222d38735f97f771054e223b03f84c5858252332Evan Huntecho "I:check to 'out of sync' message"
222d38735f97f771054e223b03f84c5858252332Evan Hunt echo "I: failed (found 'out of sync')"
5337a9e53c7df1ef40d70528f2360c5e4cb9a7d1Andreas Gustafssonecho "I:end RT #482 regression test"
222d38735f97f771054e223b03f84c5858252332Evan Huntecho "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)"
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsserver 10.53.0.3 5300
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsupdate add example 3600 nsec3param 1 0 0 -
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews# the zone is not signed. The nsec3param records should be removed.
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews# this also proves that the server is still running.
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntecho "I:change the NSEC3PARAM ttl via update ($n)"
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsserver 10.53.0.3 5300
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsupdate add nsec3param.test 3600 NSEC3PARAM 1 0 1 -
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
222d38735f97f771054e223b03f84c5858252332Evan Huntecho "I:add a new the NSEC3PARAM via update ($n)"
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsserver 10.53.0.3 5300
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsupdate add nsec3param.test 3600 NSEC3PARAM 1 0 4 -
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "ANSWER: 2" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "NSEC3PARAM 1 0 4 -" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsif [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
222d38735f97f771054e223b03f84c5858252332Evan Huntecho "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)"
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsserver 10.53.0.3 5300
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsupdate delete nsec3param.test NSEC3PARAM
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsupdate add nsec3param.test 7200 NSEC3PARAM 1 0 5 -
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "7200.*NSEC3PARAM 1 0 5 -" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews$JOURNALPRINT ns3/nsec3param.test.db.signed.jnl > jp.out.ns3.$n
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews# intermediate TTL changes.
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 4 -" jp.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 1 -" jp.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrews# delayed adds and deletes.
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "add nsec3param.test. 0 IN TYPE65534 .# 6 000180000500" jp.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000100" jp.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsgrep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000400" jp.out.ns3.$n > /dev/null || ret=1
8aee18709f238406719768b8a6b843a15c5075f8Mark Andrewsif [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellingtonecho "I:testing that rndc stop updates the master file"
222d38735f97f771054e223b03f84c5858252332Evan Hunt$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellingtonserver 10.53.0.1 5300
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellingtonupdate add updated4.example.nil. 600 A 10.10.10.3
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellington$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1
f0a1134d331b2aa871306c73d2787960918eaab1Andreas Gustafsson# Removing the journal file and restarting the server means
f0a1134d331b2aa871306c73d2787960918eaab1Andreas Gustafsson# that the data served by the new server process are exactly
f0a1134d331b2aa871306c73d2787960918eaab1Andreas Gustafsson# those dumped to the master file by "rndc stop".
6301757d64037b5a3684d7a765726f06f26712e5Mark Andrews$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellington$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\
e2f470bebb3a0c107bc4ac86c6920c21e50e83e0Brian Wellington @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1
222d38735f97f771054e223b03f84c5858252332Evan Hunt$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || ret=1
82f0630bae09598209cc37c1db00ff4356efee27Mark Andrewsecho "I:check that 'nsupdate -l' with a missing keyfile reports the missing file"
82f0630bae09598209cc37c1db00ff4356efee27Mark Andrews$NSUPDATE -l -p 5300 -k ns1/nonexistant.key 2> nsupdate.out < /dev/null
82f0630bae09598209cc37c1db00ff4356efee27Mark Andrewsgrep ns1/nonexistant.key nsupdate.out > /dev/null || ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntecho "I:check that 'update-policy local' works from localhost address ($n)"
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt$NSUPDATE -p 5300 -k ns5/session.key > nsupdate.out.$n 2>&1 << END || ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntserver 10.53.0.5 5300
514a44a2bbcb61bd1575a83c75c8db74df2e85b7Mark Andrewslocal 127.0.0.1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntupdate add fromlocal.local.nil. 600 A 1.2.3.4
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntgrep REFUSED nsupdate.out.$n > /dev/null 2>&1 && ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntgrep fromlocal dig.out.ns5.$n > /dev/null 2>&1 || ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntecho "I:check that 'update-policy local' fails from non-localhost address ($n)"
7c442d7fe06bc95432af7513764e5cc85e133648Evan Huntgrep 'match on session key not from localhost' ns5/named.run > /dev/null && ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt$NSUPDATE -p 5300 -k ns5/session.key > nsupdate.out.$n 2>&1 << END && ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntserver 10.53.0.5 5300
514a44a2bbcb61bd1575a83c75c8db74df2e85b7Mark Andrewslocal 10.53.0.1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntupdate add nonlocal.local.nil. 600 A 4.3.2.1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntgrep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1
7c442d7fe06bc95432af7513764e5cc85e133648Evan Huntgrep 'match on session key not from localhost' ns5/named.run > /dev/null || ret=1
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
f592d2f76cac7115038124c510d2ba3050334b4dEvan Huntgrep nonlocal dig.out.ns5.$n > /dev/null 2>&1 && ret=1
16cc4a1f56d0f9a300419da7e75e3b72169e608aMark Andrewsecho "I:check that changes to the DNSKEY RRset TTL do not have side effects ($n)"
16cc4a1f56d0f9a300419da7e75e3b72169e608aMark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \
16cc4a1f56d0f9a300419da7e75e3b72169e608aMark Andrews (echo server 10.53.0.3 5300; cat - ; echo send ) |
16cc4a1f56d0f9a300419da7e75e3b72169e608aMark Andrews$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \
16cc4a1f56d0f9a300419da7e75e3b72169e608aMark Andrewsgrep "600.*DNSKEY" dig.out.ns3.$n > /dev/null || ret=1
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Huntecho "I:check notify with TSIG worked ($n)"
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Hunt# if the alternate view received a notify--meaning, the notify was
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Hunt# validly signed by "altkey"--then the zonefile update.alt.bk will
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Hunt# will have been created.
ac21f918f23ce95fd5be807428ee9e2c42319878Evan Hunt echo "I:failed"
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsecho "I:check type list options ($n)"
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews$NSUPDATE -T > typelist.out.T.${n} || { ret=1; echo "I: nsupdate -T failed"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews$NSUPDATE -P > typelist.out.P.${n} || { ret=1; echo "I: nsupdate -P failed"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews$NSUPDATE -TP > typelist.out.TP.${n} || { ret=1; echo "I: nsupdate -TP failed"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep ANY typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-T)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep ANY typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-P)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep ANY typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: ANY found (-TP)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep KEYDATA typelist.out.T.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-T)"; }
d6f99498d624d5c5c8ee45067df02e6a6b35a1a3Mark Andrewsgrep KEYDATA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-P)"; }
d6f99498d624d5c5c8ee45067df02e6a6b35a1a3Mark Andrewsgrep KEYDATA typelist.out.TP.${n} > /dev/null && { ret=1; echo "I: failed: KEYDATA found (-TP)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep AAAA typelist.out.T.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-T)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep AAAA typelist.out.P.${n} > /dev/null && { ret=1; echo "I: failed: AAAA found (-P)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrewsgrep AAAA typelist.out.TP.${n} > /dev/null || { ret=1; echo "I: failed: AAAA not found (-TP)"; }
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews echo "I:failed"
d1f43359e4349bb9d934b96b7aa22b54ae7cef7cMark Andrewsecho "I:check command list ($n)"
d1f43359e4349bb9d934b96b7aa22b54ae7cef7cMark Andrews if test $? -gt 1 ; then
d1f43359e4349bb9d934b96b7aa22b54ae7cef7cMark Andrews if test $? -gt 1 ; then
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Huntecho "I:check TSIG key algorithms ($n)"
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Huntfor alg in md5 sha1 sha224 sha256 sha384 sha512; do
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Hunt $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Huntserver 10.53.0.1 5300
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Huntupdate add ${alg}.keytests.nil. 600 A 10.10.10.3
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Huntfor alg in md5 sha1 sha224 sha256 sha384 sha512; do
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Hunt $DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
de5890da9b87cb4b91aca033db0e25b1fdb68c77Evan Hunt echo "I:failed"
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntecho "I:check that ttl is capped by max-ttl ($n)"
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntserver 10.53.0.1 5300
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntupdate add cap.max-ttl.nil. 600 A 10.10.10.3
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntupdate add nocap.max-ttl.nil. 150 A 10.10.10.3
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt$DIG @10.53.0.1 -p 5300 cap.max-ttl.nil | grep "^cap.max-ttl.nil. 300" > /dev/null 2>&1 || ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt$DIG @10.53.0.1 -p 5300 nocap.max-ttl.nil | grep "^nocap.max-ttl.nil. 150" > /dev/null 2>&1 || ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt echo "I:failed"
2425d8bb7ccf5dc956ad12d64d97b5a42e022930Evan Huntecho "I:add a record which is truncated when logged. ($n)"
2425d8bb7ccf5dc956ad12d64d97b5a42e022930Evan Hunt$DIG +tcp @10.53.0.1 -p 5300 txt txt.update.nil > dig.out.ns1.test$n
2425d8bb7ccf5dc956ad12d64d97b5a42e022930Evan Huntgrep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
2425d8bb7ccf5dc956ad12d64d97b5a42e022930Evan Huntgrep "adding an RR at 'txt.update.nil' TXT .* \[TRUNCATED\]" ns1/named.run > /dev/null || ret=1
2425d8bb7ccf5dc956ad12d64d97b5a42e022930Evan Hunt echo "I:failed"
7318bbc26262a66a0d740ceefed769961ef7e476Evan Huntecho "I:check that yyyymmddvv serial number is correctly generated ($n)"
7318bbc26262a66a0d740ceefed769961ef7e476Evan Huntoldserial=`$DIG +short yyyymmddvv.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
7318bbc26262a66a0d740ceefed769961ef7e476Evan Hunt server 10.53.0.1 5300
7318bbc26262a66a0d740ceefed769961ef7e476Evan Hunt update add new.yyyymmddvv.nil in a 1.2.3.4
5b56f2e3cc0ec0feb71b7291bdae7803f313b5b3Mark Andrewsnow=`$PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];'`
7318bbc26262a66a0d740ceefed769961ef7e476Evan Huntserial=`$DIG +short yyyymmddvv.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1
5c420ccc29cb48d980ce61c0b065b39a5a492d05Mark Andrews# Refactor to use perl to launch the parallel updates.
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewsecho "I:send many simultaneous updates via a update forwarder ($n)"
48179343c2645105662bf0314a38b9c319b32e78Mark Andrews for j in 0 1 2 3 4 5 6 7
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewsserver 10.53.0.3 5300
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewszone many.test
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewsupdate add $i-$j.many.test 0 IN A 1.2.3.4
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewsdig axfr many.test @10.53.0.1 -p 5300 > dig.out.test$n
74717eef53ba5d6aefc80eb262bbb090ff4bb3b5Mark Andrewslines=`awk '$4 == "A" { l++ } END { print l }' dig.out.test$n`
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsecho "I:check check-names processing ($n)"
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsupdate add # 0 in a 1.2.3.4
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsgrep "bad owner" nsupdate.out1-$n > /dev/null || ret=1
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewscheck-names off
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsupdate add # 0 in a 1.2.3.4
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsgrep "bad owner" nsupdate.out2-$n > /dev/null && ret=1
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsupdate add . 0 in mx 0 #
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsgrep "bad name" nsupdate.out3-$n > /dev/null || ret=1
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewscheck-names off
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsupdate add . 0 in mx 0 #
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrewsgrep "bad name" nsupdate.out4-$n > /dev/null && ret=1
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsecho "I:check adding of delegating NS records processing ($n)"
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrews$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsserver 10.53.0.3 5300
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewszone delegation.test.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsupdate add child.delegation.test. 3600 NS foo.example.net.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsupdate add child.delegation.test. 3600 NS bar.example.net.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrews$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsgrep "status: NOERROR" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsgrep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsecho "I:check deleting of delegating NS records processing ($n)"
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrews$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsserver 10.53.0.3 5300
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewszone delegation.test.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsupdate del child.delegation.test. 3600 NS foo.example.net.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsupdate del child.delegation.test. 3600 NS bar.example.net.
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrews$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrewsgrep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsecho "I:check that adding too many records is blocked ($n)"
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsserver 10.53.0.3 5300
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewszone too-big.test.
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsupdate add r1.too-big.test 3600 IN TXT r1.too-big.test
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsgrep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
7802f7d3a96898d66a504058cab6392e0a09fff6Evan Hunt$DIG +tcp @10.53.0.3 -p 5300 r1.too-big.test TXT > dig.out.ns3.test$n
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsgrep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrewsgrep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewsecho "I:check whether valid addresses are used for master failover ($n)"
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrews$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewsserver 10.53.0.4 5300
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewszone unreachable.
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewsupdate add unreachable. 600 A 192.0.2.1
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewsgrep "; Communication with 10.53.0.4#5300 failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1
a60831febfad9d3c9cabeb22a399238748f69ae6Mark Andrewsgrep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure bad owner name is fatal in non-interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień update add emptylabel..nil. 600 A 10.10.10.1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "invalid owner name: empty label" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "syntax error" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure bad owner name is not fatal in interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień update add emptylabel..nil. 600 A 10.10.10.1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "invalid owner name: empty label" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure invalid key type is fatal in non-interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień key badkeytype:example abcd12345678
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "unknown key type 'badkeytype'" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "syntax error" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure invalid key type is not fatal in interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień key badkeytype:example abcd12345678
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "unknown key type 'badkeytype'" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure unresolvable server name is fatal in non-interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień server unresolvable..
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "couldn't get address for 'unresolvable..': not found" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "syntax error" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńecho "I:ensure unresolvable server name is not fatal in interactive mode ($n)"
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień server unresolvable..
e02fa56849131911e9554133b17a5325b37d0828Michał Kępieńgrep "couldn't get address for 'unresolvable..': not found" nsupdate.out > /dev/null || ret=1
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień[ $ret = 0 ] || { echo I:failed; status=1; }
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaramanecho "I:check that TKEY in a update is rejected ($n)"
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaramanserver 10.53.0.3 5300
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaramanupdate add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaramangrep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaramangrep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman[ $ret = 0 ] || { echo I:failed; status=1; }
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews# Add client library tests here
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrewsif test unset != "${SAMPLEUPDATE:-unset}" -a -x "${SAMPLEUPDATE}"
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews echo "I:check that dns_client_update handles prerequisite NXDOMAIN failure ($n)"
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.1 -a 10.53.0.2 -p "nxdomain exists.sample" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "nxdomain-exists.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.2 -p "nxdomain exists.sample" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "check-nxdomain-exists.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.1 -p 5300 a nxdomain-exists.sample > dig.out.ns1.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a nxdomain-exists.sample > dig.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a check-nxdomain-exists.sample > check.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update failed: YXDOMAIN" update.out.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update succeeded" update.out.check$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews echo "I:check that dns_client_update handles prerequisite YXDOMAIN failure ($n)"
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.1 -a 10.53.0.2 -p "yxdomain nxdomain.sample" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "yxdomain-nxdomain.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.2 -p "yxdomain nxdomain.sample" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "check-yxdomain-nxdomain.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.1 -p 5300 a nxdomain-exists.sample > dig.out.ns1.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a nxdomain-exists.sample > dig.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a check-nxdomain-exists.sample > check.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update failed: NXDOMAIN" update.out.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update succeeded" update.out.check$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews echo "I:check that dns_client_update handles prerequisite NXRRSET failure ($n)"
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.1 -a 10.53.0.2 -p "nxrrset exists.sample TXT This RRset exists." \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "nxrrset-exists.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.2 -p "nxrrset exists.sample TXT This RRset exists." \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "check-nxrrset-exists.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.1 -p 5300 a nxrrset-exists.sample > dig.out.ns1.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a nxrrset-exists.sample > dig.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a check-nxrrset-exists.sample > check.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update failed: YXRRSET" update.out.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update succeeded" update.out.check$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews echo "I:check that dns_client_update handles prerequisite YXRRSET failure ($n)"
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -s -P 5300 -a 10.53.0.1 -a 10.53.0.2 \
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews -p "yxrrset no-txt.sample TXT" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "yxrrset-nxrrset.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $SAMPLEUPDATE -P 5300 -a 10.53.0.2 -p "yxrrset no-txt.sample TXT" \
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews add "check-yxrrset-nxrrset.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.1 -p 5300 a yxrrset-nxrrset.sample > dig.out.ns1.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a yxrrset-nxrrset.sample > dig.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews $DIG +tcp @10.53.0.2 -p 5300 a check-yxrrset-nxrrset.sample > check.out.ns2.test$n
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update failed: NXRRSET" update.out.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "update succeeded" update.out.check$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1
49d11094de2af5763a6c79873109fc9c130f4428Mark Andrews grep "2nd update failed: NXRRSET" update.out.test$n > /dev/null || ret=1
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews# End client library tests here
1e8c2e72e7d0f48ac37b9b15712e638631b3b619Brian Wellingtonecho "I:exit status: $status"