system/rpz/tests.sh

	tests.sh revision 86a85a3bbd3d4580982b2c02d9b4837bc6c2fae5
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# Copyright (C) 2011-2013  Internet Systems Consortium, Inc. ("ISC")
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington#
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# Permission to use, copy, modify, and/or distribute this software for any
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# purpose with or without fee is hereby granted, provided that the above
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# copyright notice and this permission notice appear in all copies.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff#
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence# PERFORMANCE OF THIS SOFTWARE.
15a44745412679c30a6d022733925af70a38b715David Lawrence
15a44745412679c30a6d022733925af70a38b715David Lawrence# $Id$
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington# test response policy zones (RPZ)
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael GraffSYSTEMTESTTOP=..
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff. $SYSTEMTESTTOP/conf.sh
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffns=10.53.0
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffns1=$ns.1       # root, defining the others
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffns2=$ns.2       # authoritative server whose records are rewritten
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencens3=$ns.3       # main rewriting resolver
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrencens4=$ns.4       # another authoritative server that is rewritten
364a82f7c25b62967678027043425201a5e5171aBob Halleyns5=$ns.5       # another rewriting resolver
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael GraffHAVE_CORE=
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid LawrenceSAVE_RESULTS=
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael GraffUSAGE="$0: [-x]"
294ae26fb3e1376b4c34c6b8d15737e39cc2cb48Andreas Gustafssonwhile getopts "x" c; do
dc570b92f6cc60def4207733c7a194fbb69a4399Michael Sawyer    case $c in
294ae26fb3e1376b4c34c6b8d15737e39cc2cb48Andreas Gustafsson    x) set -x;;
f9df80f4348ef68043903efa08299480324f4823Michael Graff    *) echo "$USAGE" 1>&2; exit 1;;
f9df80f4348ef68043903efa08299480324f4823Michael Graff    esac
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrencedone
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonshift `expr $OPTIND - 1 || true`
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrenceif test "$#" -ne 0; then
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington    echo "$USAGE" 1>&2
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington    exit 1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Grafffi
75ec9bc9c7b4f2485647414330122e7b8e188097Andreas Gustafsson# really quit on control-C
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halleytrap 'exit 1' 1 2 15
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael GraffTS='%H:%M:%S '
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob HalleyTS=
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halleycomment () {
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley    if test -n "$TS"; then
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley    date "+I:${TS}$*"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    fi
f9df80f4348ef68043903efa08299480324f4823Michael Graff}
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael GraffRNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s"
f9df80f4348ef68043903efa08299480324f4823Michael Graff
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellingtondigcmd () {
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington    if test "$1" = TCP; then
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington    shift
78838d3e0cd62423c23de5503910e01884d2104bBrian Wellington    fi
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer    # Default to +noauth and @$ns3
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer    # Also default to -bX where X is the @value so that OS X will choose
f9df80f4348ef68043903efa08299480324f4823Michael Graff    #       the right IP source address.
f9df80f4348ef68043903efa08299480324f4823Michael Graff    digcmd_args=`echo "+noadd +time=1 +tries=1 -p 5300 $*" |    \
f9df80f4348ef68043903efa08299480324f4823Michael Graff        sed -e "/@/!s/.*/& @$ns3/"              \
f9df80f4348ef68043903efa08299480324f4823Michael Graff        -e '/-b/!s/@\([^ ]*\)/@\1 -b\1/'        \
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff        -e '/+n?o?auth/!s/.*/+noauth &/'`
f9df80f4348ef68043903efa08299480324f4823Michael Graff    #echo I:dig $digcmd_args 1>&2
e223094b2248afa2697c531f75e6f84855638becMichael Graff    $DIG $digcmd_args
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff}
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff# set DIGNM=file name for dig output
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael GraffGROUP_NM=
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael GraffTEST_NUM=0
f9df80f4348ef68043903efa08299480324f4823Michael Graffmake_dignm () {
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    TEST_NUM=`expr $TEST_NUM + 1`
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    DIGNM=dig.out$GROUP_NM-$TEST_NUM
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    while test -f $DIGNM; do
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    TEST_NUM="$TEST_NUM+"
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence    DIGNM=dig.out$GROUP_NM-$TEST_NUM
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    done
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer}
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyersetret () {
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    ret=1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    status=`expr $status + 1`
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer    echo "$*"
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer}
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer# (re)load the reponse policy zones with the rules in the file $TEST_FILE
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyerload_db () {
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer    if test -n "$TEST_FILE"; then
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer    if $NSUPDATE -v $TEST_FILE; then :
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence        $RNDCCMD $ns3 sync
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    else
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        echo "I:failed to update policy zone with $TEST_FILE"
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        $RNDCCMD $ns3 sync
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        exit 1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer}
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyerrestart () {
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    # try to ensure that the server really has stopped
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    # and won't mess with ns$1/name.pid
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    if test -z "$HAVE_CORE" -a -f ns$1/named.pid; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    $RNDCCMD $ns$1 halt >/dev/null 2>&1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    if test -f ns$1/named.pid; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        sleep 1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        PID=`cat ns$1/named.pid 2>/dev/null`
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        if test -n "$PID"; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        echo "I:killing ns$1 server $PID"
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence        kill -9 $PID
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    rm -f ns$1/*.jnl
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    if test -f ns$1/base.db; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    for NM in ns$1/bl*.db; do
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        cp -f ns$1/base.db $NM
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    done
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns$1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    load_db
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer}
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer# $1=server and irrelevant args  $2=error message
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyerckalive () {
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    CKALIVE_NS=`expr "$1" : '.*@ns\([1-9]\).*'`
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    if test -z "$CKALIVE_NS"; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    CKALIVE_NS=3
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    fi
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    eval CKALIVE_IP=\$ns$CKALIVE_NS
f9df80f4348ef68043903efa08299480324f4823Michael Graff    $RNDCCMD $CKALIVE_IP status >/dev/null 2>&1 && return 0
f9df80f4348ef68043903efa08299480324f4823Michael Graff    HAVE_CORE=yes
f9df80f4348ef68043903efa08299480324f4823Michael Graff    setret "$2"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    # restart the server to avoid stalling waiting for it to stop
f9df80f4348ef68043903efa08299480324f4823Michael Graff    restart $CKALIVE_NS
f9df80f4348ef68043903efa08299480324f4823Michael Graff    return 1
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff}
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graffckstats () {
f9df80f4348ef68043903efa08299480324f4823Michael Graff    HOST=$1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    LABEL="$2"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    NSDIR="$3"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    EXPECTED="$4"
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff    $RNDCCMD $HOST stats
f9df80f4348ef68043903efa08299480324f4823Michael Graff    NEW_CNT=0`sed -n -e 's/[     ]*\([0-9]*\).response policy.*/\1/p'  \
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff            $NSDIR/named.stats | tail -1`
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    eval "OLD_CNT=0\$${NSDIR}_CNT"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    GOT=`expr $NEW_CNT - $OLD_CNT`
f9df80f4348ef68043903efa08299480324f4823Michael Graff    if test "$GOT" -ne "$EXPECTED"; then
f9df80f4348ef68043903efa08299480324f4823Michael Graff    setret "I:wrong $LABEL $NSDIR statistics of $GOT instead of $EXPECTED"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    fi
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    eval "${NSDIR}_CNT=$NEW_CNT"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff# $1=message  $2=optional test file name
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffstart_group () {
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    ret=0
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    test -n "$1" && date "+I:${TS}checking $1"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    TEST_FILE=$2
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    if test -n "$TEST_FILE"; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    GROUP_NM="-$TEST_FILE"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    load_db
f9df80f4348ef68043903efa08299480324f4823Michael Graff    else
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    GROUP_NM=
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    fi
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    TEST_NUM=0
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffend_group () {
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    if test -n "$TEST_FILE"; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    # remove the previous set of test rules
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    sed -e 's/[  ]add[   ]/ delete /' $TEST_FILE | $NSUPDATE
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    TEST_FILE=
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    fi
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    ckalive $ns3 "I:failed; ns3 server crashed and restarted"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    GROUP_NM=
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffclean_result () {
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    if test -z "$SAVE_RESULTS"; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    rm -f $*
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    fi
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# $1=dig args $2=other dig output file
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffckresult () {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    NEED_TCP=`echo "$1" | sed -n -e 's/[Tt][Cc][Pp].*/TCP/p'`
8c55a67a6d185de7036e39da30561a5c1637d22bAndreas Gustafsson    RESULT_TCP=`sed -n -e 's/.*Truncated, retrying in TCP.*/TCP/p' $DIGNM`
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    if test "$NEED_TCP" != "$RESULT_TCP"; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff        setret "I:'dig $1' wrong; no or unexpected truncation in $DIGNM"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff        return 1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    fi
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    clean_result ${DIGNM}*
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    return 0
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    fi
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    setret "I:'dig $1' wrong; diff $DIGNM $2"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    return 1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff# check only that the server does not crash
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence# $1=target domain  $2=optional query type
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffnocrash () {
f9df80f4348ef68043903efa08299480324f4823Michael Graff    digcmd $* >/dev/null
f9df80f4348ef68043903efa08299480324f4823Michael Graff    ckalive "$*" "I:server crashed by 'dig $*'"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff}
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# check rewrite to NXDOMAIN
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence# $1=target domain  $2=optional query type
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffnxdomain () {
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    make_dignm
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    digcmd $*                               \
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    | sed -e 's/^[a-z].*    IN  CNAME   /;xxx &/'       \
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff        -e 's/^[a-z].*  IN  RRSIG   /;xxx &/'       \
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff        >$DIGNM
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    ckresult "$*" proto.nxdomain
f9df80f4348ef68043903efa08299480324f4823Michael Graff}
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check rewrite to NODATA
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=target domain  $2=optional query type
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnodata () {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    make_dignm
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff    digcmd $*                               \
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    | sed -e 's/^[a-z].*    IN  CNAME   /;xxx &/' >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    ckresult "$*" proto.nodata
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff}
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check rewrite to an address
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence#   modify the output so that it is easily compared, but save the original line
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=IPv4 address  $2=digcmd args  $3=optional TTL
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graffaddr () {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    ADDR=$1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    make_dignm
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff    digcmd $2 >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    #ckalive "$2" "I:server crashed by 'dig $2'" || return 1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'`
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\}    *\([0-9]*\) IN  AA* ${ADDR_ESC}\$/\1/p" $DIGNM`
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    if test -z "$ADDR_TTL"; then
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff    setret "I:'dig $2' wrong; no address $ADDR record in $DIGNM"
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    return 1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    fi
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    if test -n "$3" && test "$ADDR_TTL" -ne "$3"; then
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    setret "I:'dig $2' wrong; TTL=$ADDR_TTL instead of $3 in $DIGNM"
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff    return 1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    fi
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    clean_result ${DIGNM}*
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff}
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff# Check that a response is not rewritten
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff#   Use $ns1 instead of the authority for most test domains, $ns2 to prevent
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff#   spurious differences for `dig +norecurse`
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=optional "TCP"  remaining args for dig
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencenochange () {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    make_dignm
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    digcmd $* >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    digcmd $* @$ns1 >${DIGNM}_OK
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    ckresult "$*" ${DIGNM}_OK && clean_result ${DIGNM}_OK
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff}
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check against a 'here document'
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffhere () {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    make_dignm
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    sed -e 's/^[     ]*//' >${DIGNM}_OK
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    digcmd $* >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    ckresult "$*" ${DIGNM}_OK
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff}
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check dropped response
d68838693666ba930ec4143f848c18bff2bfc244Michael GraffDROPPED='^;; connection timed out; no servers could be reached'
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffdrop () {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    make_dignm
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    digcmd $* >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    if grep "$DROPPED" $DIGNM >/dev/null; then
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    clean_result ${DIGNM}*
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    return 0
5e589b5356a4125b5af32605dead82ab8b467c88Mark Andrews    fi
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    setret "I:'dig $1' wrong; response in $DIGNM"
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff    return 1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff}
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff# make prototype files to check against rewritten results
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffdigcmd nonexistent @$ns2 >proto.nxdomain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffdigcmd txt-only.tld2 @$ns2 >proto.nodata
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffstatus=0
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffstart_group "QNAME rewrites" test1
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graffnochange .              # 1 do not crash or rewrite root
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graffnxdomain a0-1.tld2          # 2
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graffnodata a3-1.tld2            # 3
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnodata a3-2.tld2            # 4 nodata at DNAME itself
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange sub.a3-2.tld2          # 5 miss where DNAME might work
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnxdomain a4-2.tld2          # 6 rewrite based on CNAME target
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffnxdomain a4-2-cname.tld2        # 7
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnodata a4-3-cname.tld2          # 8
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12  a4-1.sub1.tld2    # 9 A replacement
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12  a4-1.sub2.tld2    # 10 A replacement with wildcard
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12  nxc1.sub1.tld2    # 11 replace NXDOMAIN with CNAME
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12  nxc2.sub1.tld2    # 12 replace NXDOMAIN with CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.4.4.1    a4-4.tld2     # 13 prefer 1st conflicting QNAME zone
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange a6-1.tld2          # 14
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.6.2.1    a6-2.tld2     # 15
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 56.56.56.56  a3-6.tld2     # 16 wildcard CNAME
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 57.57.57.57  a3-7.sub1.tld2    # 17 wildcard CNAME
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.16   a4-5-cname3.tld2  # 18 CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.17   a4-6-cname3.tld2  # 19 stop short in CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange a5-2.tld2      +norecurse  # 20 check that RD=1 is required
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange a5-3.tld2      +norecurse  # 21
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange a5-4.tld2      +norecurse  # 22
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange sub.a5-4.tld2      +norecurse  # 23
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain c1.crash2.tld3         # 24 assert in rbtdb.c
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1.tld2      +dnssec # 25 simple DO=1 without signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1.tld2s     +nodnssec   # 26 simple DO=0 with signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1.tld2s     +dnssec # 27 simple DO=1 with signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1s-cname.tld2s  +dnssec # 28 DNSSEC too early in CNAME chain
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1-scname.tld2   +dnssec # 29 DNSSEC on target in CNAME chain
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1.tld2s srv +auth +dnssec   # 30 no write for DNSSEC and no record
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1.tld2s srv     +nodnssec   # 31
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtondrop a3-8.tld2 any          # 32 drop
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange tcp a3-9.tld2          # 33 tcp-only
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonhere x.servfail <<'EOF'         # 34 qname-wait-recurse yes
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington    ;; status: SERVFAIL, x
55f3daa4ea84859f9753089831a950a4fd9678c3Brian WellingtonEOF
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonaddr 35.35.35.35 "x.servfail @$ns5" # 35 qname-wait-recurse no
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonend_group
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonckstats $ns3 test1 ns3 22
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonckstats $ns5 test1 ns5 1
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonstart_group "IP rewrites" test2
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnodata a3-1.tld2            # 1 NODATA
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a3-2.tld2          # 2 no policy record so no change
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a4-1.tld2          # 3 obsolete PASSTHRU record style
f9df80f4348ef68043903efa08299480324f4823Michael Graffnxdomain a4-2.tld2          # 4
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencenochange a4-2.tld2 -taaaa       # 5 no A => no policy rewrite
f9df80f4348ef68043903efa08299480324f4823Michael Graffnochange a4-2.tld2 -ttxt        # 6 no A => no policy rewrite
f9df80f4348ef68043903efa08299480324f4823Michael Graffnxdomain a4-2.tld2 -tany        # 7 no A => no policy rewrite
f9df80f4348ef68043903efa08299480324f4823Michael Graffnodata a4-3.tld2            # 8
f9df80f4348ef68043903efa08299480324f4823Michael Graffnxdomain a3-1.tld2 -taaaa       # 9 IPv6 policy
e223094b2248afa2697c531f75e6f84855638becMichael Graffnochange a4-1-aaaa.tld2 -taaaa      # 10
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleyaddr 127.0.0.1   a5-1-2.tld2        # 11 prefer smallest policy address
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.1   a5-3.tld2      # 12 prefer first conflicting IP zone
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a5-4.tld2      +norecurse  # 13 check that RD=1 is required for #14
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceaddr 14.14.14.14 a5-4.tld2      # 14 prefer QNAME to IP
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a4-4.tld2          # 15 PASSTHRU
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynxdomain c2.crash2.tld3         # 16 assert in rbtdb.c
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleyaddr 127.0.0.17 "a4-4.tld2 -b $ns1" # 17 client-IP address trigger
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnxdomain a7-1.tld2          # 18 slave policy zone (RT34450)
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graffcp ns2/blv2.tld2.db.in ns2/bl.tld2.db
e223094b2248afa2697c531f75e6f84855638becMichael Graff$RNDCCMD 10.53.0.2 reload bl.tld2
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graffgoodsoa="rpz.tld2. hostmaster.ns.tld2. 2 3600 1200 604800 60"
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellingtonfor i in 0 1 2 3 4 5 6 7 8 9 10
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellingtondo
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington    soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    test "$soa" = "$goodsoa" && break
f9df80f4348ef68043903efa08299480324f4823Michael Graff    sleep 1
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleydone
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonnochange a7-1.tld2          # 19 PASSTHRU
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffsleep 1 # ensure that a clock tick has occured so that the reload takes effect
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graffcp ns2/blv3.tld2.db.in ns2/bl.tld2.db
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graffgoodsoa="rpz.tld2. hostmaster.ns.tld2. 3 3600 1200 604800 60"
f9df80f4348ef68043903efa08299480324f4823Michael Graff$RNDCCMD 10.53.0.2 reload bl.tld2
f9df80f4348ef68043903efa08299480324f4823Michael Grafffor i in 0 1 2 3 4 5 6 7 8 9 10
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtondo
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington    test "$soa" = "$goodsoa" && break
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington    sleep 1
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtondone
24694ab18a48bcc9c50304bd8b7eb6b9c7650129Brian Wellingtonnxdomain a7-1.tld2          # 20 slave policy zone (RT34450)
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellingtonend_group
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellingtonckstats $ns3 test2 ns3 12
0b764d91c9021259f15b32c4beec852f2888f40cBrian Wellington
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews# check that IP addresses for previous group were deleted from the radix tree
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonstart_group "radix tree deletions"
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonnochange a3-1.tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graffnochange a3-2.tld2
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a4-1.tld2
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a4-2.tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graffnochange a4-2.tld2 -taaaa
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a4-2.tld2 -ttxt
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencenochange a4-2.tld2 -tany
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a4-3.tld2
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a3-1.tld2 -tAAAA
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellingtonnochange a4-1-aaaa.tld2 -tAAAA
996028142c5f95492fcd42e69186b95641320c7bBob Halleynochange a5-1-2.tld2
996028142c5f95492fcd42e69186b95641320c7bBob Halleyend_group
24694ab18a48bcc9c50304bd8b7eb6b9c7650129Brian Wellingtonckstats $ns3 'radix tree deletions' ns3 0
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellington
f7fbd68b1cd96c733140fce938a61faf8b459b6fBrian Wellingtonif ./rpz nsdname; then
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson    # these tests assume "min-ns-dots 0"
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson    start_group "NSDNAME rewrites" test3
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nochange a3-1.tld2          # 1
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nochange a3-1.tld2      +dnssec # 2 this once caused problems
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nxdomain a3-1.sub1.tld2     # 3 NXDOMAIN *.sub1.tld2 by NSDNAME
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nxdomain a3-1.subsub.sub1.tld2
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nxdomain a3-1.subsub.sub1.tld2 -tany
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    addr 12.12.12.12 a4-2.subsub.sub2.tld2 # 6 walled garden for *.sub2.tld2
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington    nochange a3-2.tld2.         # 7 exempt rewrite by name
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    nochange a0-1.tld2.         # 8 exempt rewrite by address block
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    addr 12.12.12.12 a4-1.tld2      # 9 prefer QNAME policy to NSDNAME
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    addr 127.0.0.1 a3-1.sub3.tld2   # 10 prefer policy for largest NSDNAME
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    addr 127.0.0.2 a3-1.subsub.sub3.tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graff    nxdomain xxx.crash1.tld2        # 12 dns_db_detachnode() crash
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    end_group
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    ckstats $ns3 test3 ns3 7
f9df80f4348ef68043903efa08299480324f4823Michael Graffelse
f9df80f4348ef68043903efa08299480324f4823Michael Graff    echo "I:NSDNAME not checked; named configured with --disable-rpz-nsdname"
f9df80f4348ef68043903efa08299480324f4823Michael Grafffi
f9df80f4348ef68043903efa08299480324f4823Michael Graff
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleyif ./rpz nsip; then
f9df80f4348ef68043903efa08299480324f4823Michael Graff    # these tests assume "min-ns-dots 0"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    start_group "NSIP rewrites" test4
f9df80f4348ef68043903efa08299480324f4823Michael Graff    nxdomain a3-1.tld2          # 1 NXDOMAIN for all of tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graff    nochange a3-2.tld2.         # 2 exempt rewrite by name
f9df80f4348ef68043903efa08299480324f4823Michael Graff    nochange a0-1.tld2.         # 3 exempt rewrite by address block
f9df80f4348ef68043903efa08299480324f4823Michael Graff    nochange a3-1.tld4          # 4 different NS IP address
f9df80f4348ef68043903efa08299480324f4823Michael Graff    end_group
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff    start_group "walled garden NSIP rewrites" test4a
f9df80f4348ef68043903efa08299480324f4823Michael Graff    addr 41.41.41.41 a3-1.tld2      # 1 walled garden for all of tld2
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff    addr 2041::41   'a3-1.tld2 AAAA'    # 2 walled garden for all of tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graff    here a3-1.tld2 TXT <<'EOF'      # 3 text message for all of tld2
d8f304288d2fb29fccd2da1672d72ea06af73f8dMichael Graff    ;; status: NOERROR, x
f9df80f4348ef68043903efa08299480324f4823Michael Graff    a3-1.tld2.      x   IN  TXT   "NSIP walled garden"
f9df80f4348ef68043903efa08299480324f4823Michael GraffEOF
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff    end_group
d2762d6c3797b1ce43965404d03b410f215932e0Michael Graff    ckstats $ns3 test4 ns3 4
af6e7e5cd2643e2aaaffefe1dd804a03394b4928Michael Graffelse
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff    echo "I:NSIP not checked; named configured with --disable-rpz-nsip"
f9df80f4348ef68043903efa08299480324f4823Michael Grafffi
f9df80f4348ef68043903efa08299480324f4823Michael Graff
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley# policies in ./test5 overridden by response-policy{} in ns3/named.conf
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley#   and in ns5/named.conf
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleystart_group "policy overrides" test5
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleyaddr 127.0.0.1 a3-1.tld2        # 1 bl-given
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynochange a3-2.tld2          # 2 bl-passthru
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynochange a3-3.tld2          # 3 bl-no-op    obsolete for passthru
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynochange a3-4.tld2          # 4 bl-disabled
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynodata a3-5.tld2            # 5 bl-nodata   zone recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynodata a3-5.tld2    +norecurse      # 6 bl-nodata   zone recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynodata a3-5.tld2            # 7 bl-nodata       not needed
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2  +norecurse  @$ns5   # 8 bl-nodata   global recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2s     @$ns5   # 9 bl-nodata   global break-dnssec
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2s +dnssec @$ns5   # 10 bl-nodata  global break-dnssec
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-6.tld2          # 11 bl-nxdomain
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleyhere a3-7.tld2 -tany <<'EOF'
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley    ;; status: NOERROR, x
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley    a3-7.tld2.      x   IN  CNAME   txt-only.tld2.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    txt-only.tld2.  x   IN  TXT     "txt-only-tld2"
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian WellingtonEOF
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 58.58.58.58 a3-8.tld2      # 13 bl_wildcname
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 59.59.59.59 a3-9.sub9.tld2     # 14 bl_wildcname
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 12.12.12.12 a3-15.tld2     # 15 bl-garden  via CNAME to a12.tld2
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 127.0.0.16 a3-16.tld2      100 # 16 bl         max-policy-ttl 100
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonaddr 17.17.17.17 "a3-17.tld2 @$ns5" 90  # 17 ns5 bl     max-policy-ttl 90
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtondrop a3-18.tld2 any         # 18 bl-drop
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellingtonnxdomain TCP a3-19.tld2         # 19 bl-tcp-only
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonend_group
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonckstats $ns3 test5 ns3 12
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonckstats $ns5 test5 ns5 4
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington# check that miscellaneous bugs are still absent
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonstart_group "crashes" test6
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonfor Q in RRSIG SIG ANY 'ANY +dnssec'; do
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington    nocrash a3-1.tld2 -t$Q
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington    nocrash a3-2.tld2 -t$Q
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington    nocrash a3-5.tld2 -t$Q
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington    nocrash www.redirect -t$Q
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington    nocrash www.credirect -t$Q
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellingtondone
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington# This is not a bug, because any data leaked by writing 24.4.3.2.10.rpz-ip
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington# (or whatever) is available by publishing "foo A 10.2.3.4" and then
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington# resolving foo.
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington# nxdomain 32.3.2.1.127.rpz-ip
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellingtonend_group
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellingtonckstats $ns3 bugs ns3 8
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington# superficial test for major performance bugs
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian WellingtonQPERF=`sh qperf.sh`
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellingtonif test -n "$QPERF"; then
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington    perf () {
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington    date "+I:${TS}checking performance $1"
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellington    # Dry run to prime everything
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    comment "before dry run $1"
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington    $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >/dev/null
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    comment "before real test $1"
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    PFILE="ns5/$2.perf"
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington    $RNDCCMD $ns5 notrace
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >$PFILE
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    comment "after test $1"
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson    X=`sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley        | tr '\n' ' '`
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    if test "$X" != "$3"; then
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence        setret "I:wrong results '$X' in $PFILE"
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    fi
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff    ckalive $ns5 "I:failed; server #5 crashed"
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    }
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    trim () {
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    sed -n -e 's/.*Queries per second: *\([0-9]*\).*/\1/p' ns5/$1.perf
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley    }
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halley
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington    # get qps with rpz
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley    perf 'with RPZ' rpz 'NOERROR:2900 NXDOMAIN:100 '
f9df80f4348ef68043903efa08299480324f4823Michael Graff    RPZ=`trim rpz`
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff    # turn off rpz and measure qps again
f9df80f4348ef68043903efa08299480324f4823Michael Graff    echo "# RPZ off" >ns5/rpz-switch
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    RNDCCMD_OUT=`$RNDCCMD $ns5 reload`
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    perf 'without RPZ' norpz 'NOERROR:3000 '
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    NORPZ=`trim norpz`
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    PERCENT=`expr \( "$RPZ" \* 100 + \( $NORPZ / 2 \) \) / $NORPZ`
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    echo "I:$RPZ qps with RPZ is $PERCENT% of $NORPZ qps without RPZ"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    MIN_PERCENT=30
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    if test "$PERCENT" -lt $MIN_PERCENT; then
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    echo "I:$RPZ qps with rpz or $PERCENT% is below $MIN_PERCENT% of $NORPZ qps"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    fi
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    if test "$PERCENT" -ge 100; then
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    echo "I:$RPZ qps with RPZ or $PERCENT% of $NORPZ qps without RPZ is too high"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff    fi
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff    ckstats $ns5 performance ns5 200
f9df80f4348ef68043903efa08299480324f4823Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffelse
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff    echo "I:performance not checked; queryperf not available"
f9df80f4348ef68043903efa08299480324f4823Michael Grafffi
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff# restart the main test RPZ server to see if that creates a core file
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test -z "$HAVE_CORE"; then
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff    $PERL $SYSTEMTESTTOP/stop.pl . ns3
f9df80f4348ef68043903efa08299480324f4823Michael Graff    restart 3
f9df80f4348ef68043903efa08299480324f4823Michael Graff    HAVE_CORE=`find ns* -name '*core*' -print`
f9df80f4348ef68043903efa08299480324f4823Michael Graff    test -z "$HAVE_CORE" || setret "I:found $HAVE_CORE; memory leak?"
f9df80f4348ef68043903efa08299480324f4823Michael Grafffi
f9df80f4348ef68043903efa08299480324f4823Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff# look for complaints from lib/dns/rpz.c and bin/name/query.c
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael GraffEMSGS=`egrep -l 'invalid rpz|rpz.*failed' ns*/named.run`
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test -n "$EMSGS"; then
f9df80f4348ef68043903efa08299480324f4823Michael Graff    setret "I:error messages in $EMSGS starting with:"
f9df80f4348ef68043903efa08299480324f4823Michael Graff    egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' -e 's/^/I:  /'
f9df80f4348ef68043903efa08299480324f4823Michael Grafffi
f9df80f4348ef68043903efa08299480324f4823Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffecho "I:checking that ttl values are not zeroed when qtype is '*'"
f9df80f4348ef68043903efa08299480324f4823Michael Graff$DIG +noall +answer -p 5300 @$ns3 any a3-2.tld2 > dig.out.any
f9df80f4348ef68043903efa08299480324f4823Michael Graffttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any`
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test ${ttl:=0} -eq 0; then setret I:failed; fi
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffecho "I:exit status: $status"
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graffexit $status
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff