tests.sh revision cef76ee5bd845a80e06da934edce4225bdba22a1
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington# Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington# Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# purpose with or without fee is hereby granted, provided that the above
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# copyright notice and this permission notice appear in all copies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# PERFORMANCE OF THIS SOFTWARE.
5cd7e9d4db393c314dd1a761c52d2cb3a4da9b72Andreas Gustafsson# test response policy zones (RPZ)
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonns2=$ns.2 # authoritative server whose records are rewritten
669e9657c731176df235832367f61435f7b83ddfAndreas Gustafssonns4=$ns.4 # another authoritative server that is rewritten
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewswhile getopts "x" c; do
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonshift `expr $OPTIND - 1 || true`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# really quit on control-C
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian WellingtonRNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington # Also default to -bX where X is the @value so that OS X will choose
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington digcmd_args=`echo "+noadd +time=1 +tries=1 -p 5300 $*" | \
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# set DIGNM=file name for dig output
532989b206894bdaf6de6cb883d2e31169c4bfacAndreas Gustafsson while test -f $DIGNM; do
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews# (re)load the reponse policy zones with the rules in the file $TEST_FILE
532989b206894bdaf6de6cb883d2e31169c4bfacAndreas Gustafsson echo "I:failed to update policy zone with $TEST_FILE"
091329e690b20755aa80b86cc7389d25c5d32c9bBrian Wellington # try to ensure that the server really has stopped
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews if test -z "$HAVE_CORE" -a -f ns$1/named.pid; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington if test -f ns$1/named.pid; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington if test -f ns$1/base.db; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns$1
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=server and irrelevant args $2=error message
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington CKALIVE_NS=`expr "$1" : '.*@ns\([1-9]\).*'`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington $RNDCCMD $CKALIVE_IP status >/dev/null 2>&1 && return 0
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington # restart the server to avoid stalling waiting for it to stop
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:wrong $LABEL $NSDIR statistics of $GOT instead of $EXPECTED"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington if test "$GOT" -lt "$MIN" -o "$GOT" -gt "$MAX"; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:wrong $LABEL $NSDIR statistics of $GOT instead of ${MIN}..${MAX}"
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki# $1=message $2=optional test file name
ed3418751ebdf7de397df76753dae97851d2bdf9Brian Wellington sed -e 's/[ ]add[ ]/ delete /' $TEST_FILE | $NSUPDATE
ed3418751ebdf7de397df76753dae97851d2bdf9Brian Wellington ckalive $ns3 "I:failed; ns3 server crashed and restarted"
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson# $1=dig args $2=other dig output file
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington NEED_TCP=`echo "$1" | sed -n -e 's/[Tt][Cc][Pp].*/TCP/p'`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington RESULT_TCP=`sed -n -e 's/.*Truncated, retrying in TCP.*/TCP/p' $DIGNM`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:'dig $1' wrong; no or unexpected truncation in $DIGNM"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check only that the server does not crash
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=target domain $2=optional query type
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington ckalive "$*" "I:server crashed by 'dig $*'"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check rewrite to NXDOMAIN
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=target domain $2=optional query type
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check rewrite to NODATA
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=target domain $2=optional query type
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington | sed -e 's/^[a-z].* IN CNAME /;xxx &/' >$DIGNM
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check rewrite to an address
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# modify the output so that it is easily compared, but save the original line
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=IPv4 address $2=digcmd args $3=optional TTL
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington #ckalive "$2" "I:server crashed by 'dig $2'" || return 1
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\} *\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:'dig $2' wrong; no address $ADDR record in $DIGNM"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington if test -n "$3" && test "$ADDR_TTL" -ne "$3"; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:'dig $2' wrong; TTL=$ADDR_TTL instead of $3 in $DIGNM"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# Check that a response is not rewritten
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# Use $ns1 instead of the authority for most test domains, $ns2 to prevent
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# spurious differences for `dig +norecurse`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# $1=optional "TCP" remaining args for dig
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington ckresult "$*" ${DIGNM}_OK && clean_result ${DIGNM}_OK
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check against a 'here document'
091329e690b20755aa80b86cc7389d25c5d32c9bBrian Wellington# check dropped response
091329e690b20755aa80b86cc7389d25c5d32c9bBrian WellingtonDROPPED='^;; connection timed out; no servers could be reached'
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:'dig $1' wrong; response in $DIGNM"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# make prototype files to check against rewritten results
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnochange sub.a3-2.tld2 # 5 miss where DNAME might work
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnxdomain a4-2.tld2 # 6 rewrite based on CNAME target
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 12.12.12.12 a4-1.sub1.tld2 # 9 A replacement
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 12.12.12.12 a4-1.sub2.tld2 # 10 A replacement with wildcard
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 12.12.12.12 nxc1.sub1.tld2 # 11 replace NXDOMAIN with CNAME
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntaddr 12.12.12.12 nxc2.sub1.tld2 # 12 replace NXDOMAIN with CNAME chain
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 127.4.4.1 a4-4.tld2 # 13 prefer 1st conflicting QNAME zone
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsaddr 57.57.57.57 a3-7.sub1.tld2 # 17 wildcard CNAME
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsaddr 127.0.0.16 a4-5-cname3.tld2 # 18 CNAME chain
9e804040a29b9c3066c8471b43835f30707039b7Evan Huntaddr 127.0.0.17 a4-6-cname3.tld2 # 19 stop short in CNAME chain
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnochange a5-2.tld2 +norecurse # 20 check that RD=1 is required
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnxdomain c1.crash2.tld3 # 24 assert in rbtdb.c
4eb998928b9aef0ceda42d7529980d658138698aEvan Huntnxdomain a0-1.tld2 +dnssec # 25 simple DO=1 without signatures
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonnxdomain a0-1.tld2s +nodnssec # 26 simple DO=0 with signatures
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnochange a0-1.tld2s +dnssec # 27 simple DO=1 with signatures
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnxdomain a0-1s-cname.tld2s +dnssec # 28 DNSSEC too early in CNAME chain
2f012d936b5ccdf6520c96a4de23721dc58a2221Automatic Updaternochange a0-1-scname.tld2 +dnssec # 29 DNSSEC on target in CNAME chain
2f012d936b5ccdf6520c96a4de23721dc58a2221Automatic Updaternochange a0-1.tld2s srv +auth +dnssec # 30 no write for DNSSEC and no record
091329e690b20755aa80b86cc7389d25c5d32c9bBrian Wellingtonhere x.servfail <<'EOF' # 34 qname-wait-recurse yes
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 35.35.35.35 "x.servfail @$ns5" # 35 qname-wait-recurse no
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonstart_group "NXDOMAIN/NODATA action on QNAME trigger" test1
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnxdomain a4-2.tld2 @$ns6 # 4 rewrite based on CNAME target
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 12.12.12.12 "a4-1.sub1.tld2 @$ns6" # 7 A replacement
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 12.12.12.12 "a4-1.sub2.tld2 @$ns6" # 8 A replacement with wildcard
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 127.4.4.1 "a4-4.tld2 @$ns6" # 9 prefer 1st conflicting QNAME zone
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Huntaddr 12.12.12.12 "nxc1.sub1.tld2 @$ns6" # 10 replace NXDOMAIN w/ CNAME
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 12.12.12.12 "nxc2.sub1.tld2 @$ns6" # 11 replace NXDOMAIN w/ CNAME chain
4eb998928b9aef0ceda42d7529980d658138698aEvan Huntaddr 56.56.56.56 "a3-6.tld2 @$ns6" # 13 wildcard CNAME
4eb998928b9aef0ceda42d7529980d658138698aEvan Huntaddr 57.57.57.57 "a3-7.sub1.tld2 @$ns6" # 14 wildcard CNAME
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 127.0.0.16 "a4-5-cname3.tld2 @$ns6" # 15 CNAME chain
c2da4f9d8a153ffeb2b659541130abef2d586789Brian Wellingtonaddr 127.0.0.17 "a4-6-cname3.tld2 @$ns6" # 16 stop short in CNAME chain
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrewsnxdomain c1.crash2.tld3 @$ns6 # 17 assert in rbtdb.c
c298583db573a329f37d43301d8c3c812500ac85Mark Andrewsnxdomain a0-1.tld2 +dnssec @$ns6 # 18 simple DO=1 without sigs
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnochange a3-2.tld2 # 2 no policy record so no change
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnochange a4-1.tld2 # 3 obsolete PASSTHRU record style
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrewsnochange a4-2.tld2 -taaaa # 5 no A => no policy rewrite
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnochange a4-2.tld2 -ttxt # 6 no A => no policy rewrite
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnxdomain a4-2.tld2 -tany # 7 no A => no policy rewrite
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsaddr 127.0.0.1 a5-1-2.tld2 # 11 prefer smallest policy address
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsaddr 127.0.0.1 a5-3.tld2 # 12 prefer first conflicting IP zone
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsnochange a5-4.tld2 +norecurse # 13 check that RD=1 is required for #14
a2b15b3305acd52179e6f3dc7d073b07fbc40b8eMark Andrewsaddr 14.14.14.14 a5-4.tld2 # 14 prefer QNAME to IP
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsaddr 127.0.0.17 "a4-4.tld2 -b $ns1" # 17 client-IP address trigger
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsnxdomain a7-1.tld2 # 18 slave policy zone (RT34450)
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsgoodsoa="rpz.tld2. hostmaster.ns.tld2. 2 3600 1200 604800 60"
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewssleep 1 # ensure that a clock tick has occured so that the reload takes effect
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsgoodsoa="rpz.tld2. hostmaster.ns.tld2. 3 3600 1200 604800 60"
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrewsnxdomain a7-1.tld2 # 20 slave policy zone (RT34450)
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews# check that IP addresses for previous group were deleted from the radix tree
c1e88f8d8679501def1896fb4c4af927a70813ebEvan Hunt # these tests assume "min-ns-dots 0"
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews nochange a3-1.tld2 +dnssec # 2 this once caused problems
c1e88f8d8679501def1896fb4c4af927a70813ebEvan Hunt nxdomain a3-1.sub1.tld2 # 3 NXDOMAIN *.sub1.tld2 by NSDNAME
c1e88f8d8679501def1896fb4c4af927a70813ebEvan Hunt addr 12.12.12.12 a4-2.subsub.sub2.tld2 # 6 walled garden for *.sub2.tld2
58f7af60e79a5aaf58f6a8861c306d4c617fb1d1Mukund Sivaraman nochange a0-1.tld2. # 8 exempt rewrite by address block
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington addr 12.12.12.12 a4-1.tld2 # 9 prefer QNAME policy to NSDNAME
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt echo "I:NSDNAME not checked; named configured with --disable-rpz-nsdname"
9e804040a29b9c3066c8471b43835f30707039b7Evan Hunt # these tests assume "min-ns-dots 0"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington nxdomain a3-1.tld2 # 1 NXDOMAIN for all of tld2
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington nochange a3-2.tld2. # 2 exempt rewrite by name
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrews nochange a0-1.tld2. # 3 exempt rewrite by address block
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington nochange a3-1.tld4 # 4 different NS IP address
e4cd5a1e5d0358abeee7618b02b4592c055d957fBrian Wellington addr 41.41.41.41 a3-1.tld2 # 1 walled garden for all of tld2
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt addr 2041::41 'a3-1.tld2 AAAA' # 2 walled garden for all of tld2
e4cd5a1e5d0358abeee7618b02b4592c055d957fBrian Wellington here a3-1.tld2 TXT <<'EOF' # 3 text message for all of tld2
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews echo "I:NSIP not checked; named configured with --disable-rpz-nsip"
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Hunt# policies in ./test5 overridden by response-policy{} in ns3/named.conf
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnochange a3-3.tld2 # 3 bl-no-op obsolete for passthru
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnodata a3-5.tld2 # 5 bl-nodata zone recursive-only no
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnodata a3-5.tld2 +norecurse # 6 bl-nodata zone recursive-only no
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnxdomain a3-5.tld2 +norecurse @$ns5 # 8 bl-nodata global recursive-only no
e32d354f754a5d7847a0862bcd6302827ea225bfEvan Huntnxdomain a3-5.tld2s @$ns5 # 9 bl-nodata global break-dnssec
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnxdomain a3-5.tld2s +dnssec @$ns5 # 10 bl-nodata global break-dnssec
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 59.59.59.59 a3-9.sub9.tld2 # 14 bl_wildcname
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 12.12.12.12 a3-15.tld2 # 15 bl-garden via CNAME to a12.tld2
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonaddr 127.0.0.16 a3-16.tld2 100 # 16 bl max-policy-ttl 100
546c2bf791782df1077217bdaf1865235fa95a93Mark Andrewsaddr 17.17.17.17 "a3-17.tld2 @$ns5" 90 # 17 ns5 bl max-policy-ttl 90
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# check that miscellaneous bugs are still absent
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# This is not a bug, because any data leaked by writing 24.4.3.2.10.rpz-ip
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# (or whatever) is available by publishing "foo A 10.2.3.4" and then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# resolving foo.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# superficial test for major performance bugs
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonif test -n "$QPERF"; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >/dev/null
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >$PFILE
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington X=`sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington sed -n -e 's/.*Queries per second: *\([0-9]*\).*/\1/p' ns5/$1.perf
9b17fd447c684a84b2f5fbfb04ad6e890ae2078cMukund Sivaraman # get qps with rpz
9b17fd447c684a84b2f5fbfb04ad6e890ae2078cMukund Sivaraman perf 'with RPZ' rpz 'NOERROR:2900 NXDOMAIN:100 '
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington # turn off rpz and measure qps again
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington PERCENT=`expr \( "$RPZ" \* 100 + \( $NORPZ / 2 \) \) / $NORPZ`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington echo "I:$RPZ qps with RPZ is $PERCENT% of $NORPZ qps without RPZ"
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews echo "I:$RPZ qps with rpz or $PERCENT% is below $MIN_PERCENT% of $NORPZ qps"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington echo "I:$RPZ qps with RPZ or $PERCENT% of $NORPZ qps without RPZ is too high"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington echo "I:performance not checked; queryperf not available"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# restart the main test RPZ server to see if that creates a core file
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonif test -z "$HAVE_CORE"; then
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki test -z "$HAVE_CORE" || setret "I:found $HAVE_CORE; memory leak?"
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki# look for complaints from lib/dns/rpz.c and bin/name/query.c
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian WellingtonEMSGS=`egrep -l 'invalid rpz|rpz.*failed' ns*/named.run`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonif test -n "$EMSGS"; then
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington setret "I:error messages in $EMSGS starting with:"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' -e 's/^/I: /'
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonecho "I:checking that ttl values are not zeroed when qtype is '*'"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington$DIG +noall +answer -p 5300 @$ns3 any a3-2.tld2 > dig.out.any
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any`
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonif test ${ttl:=0} -eq 0; then setret I:failed; fi
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonecho "I:checking rpz updates/transfers with parent nodes added after children"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington# regression test for RT #36272: the success condition
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson# is the slave server not crashing.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonupdate $2 $3 IN CNAME .
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonupdate $2 $4 IN CNAME .
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews nsd $ns5 add example.com.policy1. '*.example.com.policy1.'
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews nsd $ns5 delete example.com.policy1. '*.example.com.policy1.'
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington nsd $ns5 add '*.example.com.policy1.' example.com.policy1.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington nsd $ns5 delete '*.example.com.policy1.' example.com.policy1.
b541c10d0442d9804d94567a97956cec3bd2912dBrian Wellingtonecho "I:checking checking that going from a empty policy zone works"
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonnsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington$DIG z.x.servfail -p 5300 @$ns7 > dig.out.ns7
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtongrep NXDOMAIN dig.out.ns7 > /dev/null || setret I:failed;
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellingtonecho "I:exit status: $status"