upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 12:22:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use arithmetic expansion in system tests

Browse source 
Change the way arithmetic operations are performed in system test shell
scripts from using `expr` to `$(())`. This ensures that updating the
variable won't end up with a non-zero exit code, which would case the
script to exit prematurely when `set -e` is in effect.

The following replacements were performed using sed in all text files
(git grep -Il '' | xargs sed -i):

s/status=`expr $status + $ret`/status=$((status + ret))/g
s/n=`expr $n + 1`/n=$((n + 1))/g
s/t=`expr $t + 1`/t=$((t + 1))/g
s/status=`expr $status + 1`/status=$((status + 1))/g
s/try=`expr $try + 1`/try=$((try + 1))/g
This commit is contained in:
Tom Krizek 2023-06-08 15:34:30 +02:00
parent 01bc805f89
commit 4d42bdc245
No known key found for this signature in database
GPG key ID: 01623B9B652A20A7
49 changed files with 2041 additions and 2041 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/tests/system/README
View file

@ -441,14 +441,14 @@ This is the main test file and the contents depend on the test. The contents
are completely up to the developer, although most test scripts have a form
similar to the following for each sub-test:
1. n=`expr $n + 1`
1. n=$((n + 1))
2. echo_i "prime cache nodata.example ($n)"
3. ret=0
4. $DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n
5. grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
6. grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
7. if [ $ret != 0 ]; then echo_i "failed"; fi
8. status=`expr $status + $ret`
8. status=$((status + ret))
1. Increment the test number "n" (initialized to zero at the start of the
script).

56
bin/tests/system/acl/tests.sh
View file

@ -23,14 +23,14 @@ t=0
echo_i "testing basic ACL processing"
# key "one" should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# any other key should be fine
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
@ -40,18 +40,18 @@ rndc_reload ns2 10.53.0.2
sleep 5
# prefix 10/8 should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# any other address should work, as long as it sends key "one"
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
@ -63,42 +63,42 @@ rndc_reload ns2 10.53.0.2
sleep 5
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# but only one or the other should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; }
# and other values? right out
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
@ -109,31 +109,31 @@ rndc_reload ns2 10.53.0.2
sleep 5
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# should fail
t=`expr $t + 1`
t=$((t + 1))
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.3 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
@ -142,13 +142,13 @@ echo_i "testing allow-query-on ACL processing"
copy_setports ns2/named5.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 5
t=`expr $t + 1`
t=$((t + 1))
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.${t}
grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
echo_i "testing blackhole ACL processing"
t=`expr $t + 1`
t=$((t + 1))
ret=0
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
@ -166,7 +166,7 @@ grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
grep "timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
grep ";; no servers could be reached" dig.out.4.${t} > /dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
# AXFR tests against ns3
@ -176,26 +176,26 @@ echo_i "calling addzone example.com on ns3"
$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "calling rndc reconfig"
rndc_reconfig ns3 10.53.0.3
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
# AXFR tests against ns4
@ -205,26 +205,26 @@ echo_i "calling addzone example.com on ns4"
$RNDCCMD 10.53.0.4 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "calling rndc reconfig"
rndc_reconfig ns4 10.53.0.4
sleep 1
t=`expr $t + 1`
t=$((t + 1))
ret=0
echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

52
bin/tests/system/additional/tests.sh
View file

@ -22,7 +22,7 @@ status=0
n=0
dotests() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, single zone (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -30,7 +30,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, two zones (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
@ -38,7 +38,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, single zone (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
@ -46,7 +46,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, two zones (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
@ -54,7 +54,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with LP (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -84,7 +84,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -100,7 +100,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID + LP (+rec) ($n)"
ret=0
$DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -118,7 +118,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, single zone (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -126,7 +126,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with RT, two zones (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
@ -134,7 +134,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, single zone (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
@ -142,7 +142,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NAPTR, two zones (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
@ -150,7 +150,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with LP (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -180,7 +180,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -196,7 +196,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NID + LP (+norec) ($n)"
ret=0
$DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
@ -214,7 +214,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NS, root zone ($n)"
ret=0
$DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1
@ -224,7 +224,7 @@ dotests() {
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "test with NS, non-root zone ($n)"
ret=0
$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -259,7 +259,7 @@ echo_i "testing with 'minimal-responses no;'"
minimal=no
dotests
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any no;' ($n)"
ret=0
$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -272,7 +272,7 @@ echo_i "reconfiguring server: minimal-any yes"
copy_setports ns1/named3.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -280,7 +280,7 @@ grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over TCP ($n)"
ret=0
@ -290,7 +290,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -311,7 +311,7 @@ echo_i "testing with 'minimal-responses no-auth-recursive;'"
minimal=no-auth-recursive
dotests
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing returning TLSA records with MX query ($n)"
ret=0
$DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1
@ -322,7 +322,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing returning TLSA records with SRV query ($n)"
ret=0
$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1
@ -337,7 +337,7 @@ echo_i "reconfiguring server: minimal-responses no"
copy_setports ns1/named2.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing NS handling in ANY responses (authoritative) ($n)"
ret=0
$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -347,7 +347,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing NS handling in ANY responses (recursive) ($n)"
ret=0
$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1
@ -357,7 +357,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)"
ret=0
$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
@ -366,7 +366,7 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=$((status+1))
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)"
ret=0
$DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1

236
bin/tests/system/addzone/tests.sh
View file

@ -32,9 +32,9 @@ ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# When LMDB support is compiled in, this tests that migration from
# NZF to NZD occurs during named startup
@ -43,16 +43,16 @@ ret=0
$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking that existing NZF file was renamed after migration ($n)"
[ -e ns2/3bf305731dd26307.nzf~ ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "adding new zone ($n)"
@ -64,27 +64,27 @@ _check_adding_new_zone () (
grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_adding_new_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
nextpart ns2/named.run >/dev/null
echo_i "checking addzone errors are logged correctly"
ret=0
$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
wait_for_log_peek 20 "addzone: 'mister' unexpected" ns2/named.run || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
nextpart ns2/named.run >/dev/null
echo_i "checking modzone errors are logged correctly"
ret=0
$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
wait_for_log_peek 20 "modzone: 'mister' unexpected" ns2/named.run || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding a zone that requires quotes ($n)"
ret=0
@ -96,9 +96,9 @@ _check_zone_that_requires_quotes() (
grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_zone_that_requires_quotes || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding a zone with a quote in the name ($n)"
ret=0
@ -109,9 +109,9 @@ _check_zone_with_a_quote() (
grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_zone_with_a_quote || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone with missing file ($n)"
ret=0
@ -122,18 +122,18 @@ grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb; then
echo_i "verifying no comments in NZF file ($n)"
ret=0
hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
[ $hcount -eq 0 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking rndc showzone with previously added zone ($n)"
@ -141,16 +141,16 @@ ret=0
$RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
expected='zone "previous.example" { type primary; file "previous.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking zone is present in NZD ($n)"
ret=0
$NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "deleting previously added zone ($n)"
@ -162,9 +162,9 @@ _check_deleting_previously_added_zone() (
! grep '^a.previous.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_previously_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
check_nzd2nzf() (
$NZD2NZF ns2/_default.nzd > nzd2nzf.out.$n &&
@ -175,7 +175,7 @@ if $FEATURETEST --with-lmdb; then
echo_i "checking zone was deleted from NZD ($n)"
retry_quiet 10 check_nzd2nzf || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
if ! $FEATURETEST --with-lmdb; then
@ -183,9 +183,9 @@ if ! $FEATURETEST --with-lmdb; then
ret=0
hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
[ $hcount -eq 1 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "deleting newly added zone added.example ($n)"
@ -197,9 +197,9 @@ _check_deleting_newly_added_zone() (
! grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone with escaped quote ($n)"
ret=0
@ -210,45 +210,45 @@ _check_deleting_newly_added_zone_quote() (
! grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone_quote || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
expected='zone "normal.example" { type primary; file "normal.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)"
ret=0
$RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
expected='zone "finaldot.example." { type primary; file "normal.db"; };'
[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)"
ret=0
$RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
expected='zone "." { type redirect; file "redirect.db"; };'
[ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)"
ret=0
$RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1
grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc reload with a normally-loaded redirect zone ($n)"
ret=0
@ -256,9 +256,9 @@ sleep 1
cp -f ns1/redirect.db.2 ns1/redirect.db
$RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n
retry_quiet 5 check_zonestatus 1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "delete a normally-loaded zone ($n)"
ret=0
@ -272,9 +272,9 @@ _check_delete_normally_loaded_zone() (
)
retry_quiet 5 _check_delete_normally_loaded_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add primary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inline.example { type primary; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -284,17 +284,17 @@ _check_add_primary_zone_with_inline() (
grep '^a.inline.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_add_primary_zone_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add primary zone with inline signing and missing file ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -304,9 +304,9 @@ _check_add_secondary_with_inline() (
grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_add_secondary_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to delete secondary zone with inline signing ($n)"
ret=0
@ -320,8 +320,8 @@ test ! -f inlinesec.bk.signed ||
grep '^inlinesec.bk.signed$' rndc.out2.test$n > /dev/null || {
echo_i "failed to report inlinesec.bk.signed"; ret=1;
}
n=`expr $n + 1`
status=`expr $status + $ret`
n=$((n + 1))
status=$((status + ret))
echo_i "restoring secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
@ -331,17 +331,17 @@ _check_restoring_secondary_with_inline() (
grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 5 _check_restoring_secondary_with_inline || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting secondary zone with automatic zone file removal ($n)"
ret=0
retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1
$RNDCCMD 10.53.0.2 delzone -clean inlinesec.example > /dev/null 2>&1
retry_quiet 10 test ! -f ns2/inlinesec.bk.signed -a ! -f ns2/inlinesec.bk
n=`expr $n + 1`
status=`expr $status + $ret`
n=$((n + 1))
status=$((status + ret))
echo_i "modifying zone configuration ($n)"
ret=0
@ -351,23 +351,23 @@ grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
$RNDCCMD 10.53.0.2 modzone 'mod.example { type primary; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/ns2 /' | cat_i
$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'stub' zone works ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'static-stub' zone works ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'primary redirect' zone works ($n)"
ret=0
@ -380,9 +380,9 @@ _check_add_primary_redirect() (
grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_add_primary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that reloading a added 'primary redirect' zone works ($n)"
ret=0
@ -390,16 +390,16 @@ sleep 1
cp -f ns2/redirect.db.2 ns2/redirect.db
$RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n
retry_quiet 10 check_zonestatus 2 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that retransfer of a added 'primary redirect' zone fails ($n)"
ret=0
$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that deleting a 'primary redirect' zone works ($n)"
ret=0
@ -409,9 +409,9 @@ _check_deleting_primary_redirect() (
grep 'not found' showzone.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_primary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that adding a 'secondary redirect' zone works ($n)"
ret=0
@ -424,9 +424,9 @@ _check_adding_secondary_redirect() (
grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_adding_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that retransfering a added 'secondary redirect' zone works ($n)"
ret=0
@ -439,9 +439,9 @@ _check_retransfering_secondary_redirect() (
grep "serial: 1" zonestatus.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_retransfering_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that deleting a 'secondary redirect' zone works ($n)"
ret=0
@ -451,33 +451,33 @@ _check_deleting_secondary_redirect() (
grep 'not found' showzone.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_secondary_redirect || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that zone type 'hint' is properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that zone type 'forward' is properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'in-view' zones are properly rejected ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "reconfiguring server with multiple views"
rm -f ns2/named.conf
@ -502,27 +502,27 @@ grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb; then
echo_i "checking new NZF file has comment ($n)"
ret=0
hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l`
[ $hcount -eq 1 ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
if $FEATURETEST --with-lmdb; then
echo_i "verifying added.example in external view created an external.nzd DB ($n)"
ret=0
[ -e ns2/external.nzd ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)"
@ -536,9 +536,9 @@ _check_rndc_reload_external_view_config() (
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
)
retry_quiet 10 _check_rndc_reload_external_view_config || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking rndc showzone with newly added zone ($n)"
_check_rndc_showzone_newly_added() (
@ -551,9 +551,9 @@ _check_rndc_showzone_newly_added() (
[ "`cat rndc.out.ns2.$n`" = "$expected" ]
)
retry_quiet 10 _check_rndc_showzone_newly_added || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone ($n)"
ret=0
@ -564,9 +564,9 @@ _check_deleting_newly_added_zone() (
! grep '^a.added.example' dig.out.ns2.$n > /dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to add zone to internal view ($n)"
ret=0
@ -578,17 +578,17 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n ||
grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "attempting to delete a policy zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone again to external view ($n)"
ret=0
@ -601,9 +601,9 @@ _check_adding_new_zone_again_external() (
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
)
retry_quiet 10 _check_adding_new_zone_again_external || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "reconfiguring server with multiple views and new-zones-directory"
rm -f ns2/named.conf
@ -615,9 +615,9 @@ ret=0
$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone from external ($n)"
ret=0
@ -625,9 +625,9 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "adding new zone to directory view ($n)"
ret=0
@ -645,9 +645,9 @@ grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $FEATURETEST --with-lmdb; then
echo_i "checking NZD file was created in new-zones-directory ($n)"
@ -659,9 +659,9 @@ fi
$RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
sleep 2
[ -e "$expect" ] || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "deleting newly added zone from directory ($n)"
ret=0
@ -669,17 +669,17 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
$DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "ensure the configuration context is cleaned up correctly ($n)"
ret=0
rndc_reconfig ns2 10.53.0.2
$RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check delzone after reconfig failure ($n)"
ret=0
@ -687,9 +687,9 @@ $RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inline
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reconfig ns3 10.53.0.3
$RNDCCMD 10.53.0.3 delzone inlinesec.example > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if ! $FEATURETEST --with-lmdb
then
@ -700,9 +700,9 @@ then
$RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
grep test2.baz ns3/_default.nzf > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
_check_version_bind() (
@ -741,8 +741,8 @@ $DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' > dig.out.6.test$n || ret=1
grep "status: NOERROR" dig.out.6.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.6.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

196
bin/tests/system/allow-query/tests.sh
View file

@ -64,17 +64,17 @@ n=0
nextpart ns2/named.run > /dev/null
# Test 1 - default, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 2 - explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named02.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -84,10 +84,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 3 - none, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named03.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -99,9 +99,9 @@ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
nextpart ns2/named.run | grep 'recursion not enabled for view' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
DIGNOEDNS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +noedns -p ${PORT}"
echo_i "test $n: none - query refused (no edns)"
@ -111,10 +111,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null && ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 4 - address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named04.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -124,10 +124,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 5 - address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named05.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -138,10 +138,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 6 - address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named06.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -152,10 +152,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 7 - acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named07.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -165,10 +165,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 8 - acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named08.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -179,11 +179,11 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 9 - acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named09.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -194,10 +194,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 10 - key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named10.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -207,10 +207,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.no
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 11 - key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named11.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -221,10 +221,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 12 - key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named12.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -235,13 +235,13 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# The next set of tests check if allow-query works in a view
n=20
# Test 21 - views default, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named21.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -251,10 +251,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 22 - views explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named22.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -264,10 +264,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 23 - views none, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named23.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -278,10 +278,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 24 - views address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named24.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -291,10 +291,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 25 - views address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named25.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -305,10 +305,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 26 - views address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named26.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -319,10 +319,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 27 - views acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named27.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -332,10 +332,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 28 - views acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named28.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -346,10 +346,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 29 - views acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named29.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -360,10 +360,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 30 - views key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named30.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -373,10 +373,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.no
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 31 - views key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named31.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -387,10 +387,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 32 - views key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named32.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -401,10 +401,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 33 - views over options, views allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named33.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -414,10 +414,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 34 - views over options, views disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named34.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -428,14 +428,14 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Tests for allow-query in the zone statements
n=40
# Test 41 - zone default, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named40.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -445,20 +445,20 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 42 - zone explicit any, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone explicit any - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 43 - zone none, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone none - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
@ -466,20 +466,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 44 - zone address allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 45 - zone address not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
@ -487,10 +487,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 46 - zone address disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone address disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
@ -498,20 +498,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 47 - zone acl allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 48 - zone acl not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
@ -519,10 +519,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 49 - zone acl disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone acl disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
@ -530,20 +530,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 50 - zone key allowed, query allowed
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 51 - zone key not allowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
@ -551,10 +551,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 52 - zone key disallowed, query refused
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: zone key disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keydisallow.example a > dig.out.ns2.$n || ret=1
@ -562,10 +562,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 53 - zones over options, zones allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named53.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -575,10 +575,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 54 - zones over options, zones disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named54.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -589,10 +589,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 55 - zones over views, zones allow, query allowed
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named55.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -602,10 +602,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 56 - zones over views, zones disallow, query refused
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named56.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -616,10 +616,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 57 - zones over views, zones disallow, query refused (allow-query-on)
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns2/named57.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
@ -633,10 +633,10 @@ grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 58 - allow-recursion default
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default allow-recursion configuration"
ret=0
nextpart ns3/named.run > /dev/null
@ -647,10 +647,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 59 - allow-query-cache default
n=`expr $n + 1`
n=$((n + 1))
echo_i "test $n: default allow-query-cache configuration"
ret=0
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n
@ -660,10 +660,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 60 - block recursion-on, allow query-cache-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -679,10 +679,10 @@ grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret
grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 61 - inheritance of allow-query-cache-on from allow-recursion-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named3.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -706,10 +706,10 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 62 - inheritance of allow-recursion-on from allow-query-cache-on
n=`expr $n + 1`
n=$((n + 1))
copy_setports ns3/named4.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
@ -733,7 +733,7 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

56
bin/tests/system/auth/tests.sh
View file

@ -20,7 +20,7 @@ DIGOPTS="+tcp -p ${PORT}"
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "wait for zones to finish transferring to ns2 ($n)"
for i in 1 2 3 4 5 6 7 8 9 10
do
@ -34,13 +34,13 @@ do
sleep 1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#
# If recursion is unrequested or unavailable, then cross-zone CNAME records
# should not be followed. If both requested and available, they should be.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
@ -49,9 +49,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +rec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
@ -60,9 +60,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.2 www.example.com > dig.out.test$n || ret=1
@ -71,9 +71,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that cross-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 www.example.com > dig.out.test$n || ret=1
@ -82,12 +82,12 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#
# In-zone CNAME records should always be followed regardless of RD and RA.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=0/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
@ -96,9 +96,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)"
ret=0
$DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
@ -107,9 +107,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=0/ra=1) ($n)"
ret=0
$DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
@ -118,9 +118,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
@ -129,9 +129,9 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com > dig.out.test$n || ret=1
@ -140,9 +140,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone CNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com > dig.out.test$n || ret=1
@ -151,9 +151,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone DNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com > dig.out.test$n || ret=1
@ -164,9 +164,9 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$
grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that in-zone DNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com > dig.out.test$n || ret=1
@ -177,16 +177,16 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$
grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that CHAOS addresses are compared correctly ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos > dig.out.test$n
lines=`wc -l < dig.out.test$n`
[ ${lines:-0} -eq 2 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

56
bin/tests/system/builtin/tests.sh
View file

@ -122,7 +122,7 @@ B.E.F.IP6.ARPA
EMPTY.AS112.ARPA
HOME.ARPA"
n=`expr $n + 1`
n=$((n + 1))
ret=0
count=0
echo_i "Checking expected empty zones were configured ($n)"
@ -138,9 +138,9 @@ lines=`grep "automatic empty zone: " ns1/named.run | wc -l`
test $count -eq $lines -a $count -eq 99 || {
ret=1; echo_i "failed (count mismatch)";
}
if [ $ret != 0 ] ; then status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "Checking that reconfiguring empty zones is silent ($n)"
$RNDCCMD 10.53.0.1 reconfig
ret=0
@ -149,9 +149,9 @@ grep "received control channel command 'reconfig'" ns1/named.run > /dev/null ||
grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
sleep 1
grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "Checking that reloading empty zones is silent ($n)"
rndc_reload ns1 10.53.0.1
ret=0
@ -160,89 +160,89 @@ grep "received control channel command 'reload'" ns1/named.run > /dev/null || re
grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
sleep 1
grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
HOST_NAME=`$FEATURETEST --gethostname`
BIND_VERSION_STRING=$($NAMED -V | head -1)
BIND_VERSION=$($NAMED -V | sed -ne 's/^BIND \([^ ]*\).*/\1/p')
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default version works for rndc ($n)"
$RNDCCMD 10.53.0.1 status > rndc.status.ns1.$n 2>&1
grep -F "version: $BIND_VERSION_STRING" rndc.status.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom version works for rndc ($n)"
$RNDCCMD 10.53.0.3 status > rndc.status.ns3.$n 2>&1
grep -F "version: $BIND_VERSION_STRING (this is a test of version)" rndc.status.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default version works for query ($n)"
$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n
grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom version works for query ($n)"
$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default hostname works for query ($n)"
$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n
grep "^\"$HOST_NAME\"$" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom hostname works for query ($n)"
$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that default server-id is none for query ($n)"
$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that server-id hostname works for query ($n)"
$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n
grep "^\"$HOST_NAME\"$" dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)"
$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n
grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom server-id works for query ($n)"
$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n
grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "Checking that custom server-id works for EDNS name server ID request ($n)"
$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n
grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

60
bin/tests/system/cacheclean/tests.sh
View file

@ -93,19 +93,19 @@ filter_tree () {
' "$file"
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "check correctness of routine cache cleaning ($n)"
$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1
digcomp --lc dig.out.ns2 knowngood.dig.out || status=1
n=`expr $n + 1`
n=$((n + 1))
echo_i "only one tcp socket was used ($n)"
tcpclients=`awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l`
test $tcpclients -eq 1 || { status=1; echo_i "failed"; }
n=`expr $n + 1`
n=$((n + 1))
echo_i "reset and check that records are correctly cached initially ($n)"
ret=0
load_cache
@ -113,9 +113,9 @@ dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
[ $nrecords -eq 18 ] || { ret=1; echo_i "found $nrecords records expected 18"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of the full cache ($n)"
ret=0
clear_cache
@ -123,9 +123,9 @@ dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l`
[ $nrecords -eq 0 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (interior node) ($n)"
ret=0
clear_cache
@ -135,9 +135,9 @@ in_cache txt top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushname top1.flushtest.example
in_cache txt top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (leaf node, under the interior node) ($n)"
ret=0
# leaf node, under the interior node (should still exist)
@ -145,9 +145,9 @@ in_cache txt third2.second1.top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example
in_cache txt third2.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)"
ret=0
# another leaf node, with both positive and negative cache entries
@ -157,16 +157,16 @@ $RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example
in_cache a third1.second1.top1.flushtest.example && ret=1
in_cache txt third1.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing a nonexistent name ($n)"
ret=0
$RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing of namespaces ($n)"
ret=0
clear_cache
@ -191,43 +191,43 @@ in_cache txt second1.top2.flushtest.example && ret=1
in_cache txt second2.top2.flushtest.example && ret=1
in_cache txt second3.top2.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushing a nonexistent namespace ($n)"
ret=0
$RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l`
[ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the check that flushname of a partial match works ($n)"
ret=0
in_cache txt second2.top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushtree example
in_cache txt second2.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
[ $nrecords -eq 1 ] || { ret=1; echo_i "found $nrecords records expected 1"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check flushtree clears adb correctly ($n)"
ret=0
load_cache
@ -245,23 +245,23 @@ sed -n '/plain success\/timeout/,/Unassociated entries/p' \
grep 'plain success/timeout' sed.out.$n.b > /dev/null 2>&1 || ret=1
grep 'ns.flushtest.example' sed.out.$n.b > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check expire option returned from primary zone ($n)"
ret=0
$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
grep EXPIRE: dig.out.expire > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check expire option returned from secondary zone ($n)"
ret=0
$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
grep EXPIRE: dig.out.expire > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

42
bin/tests/system/case/tests.sh
View file

@ -26,7 +26,7 @@ wait_for_serial() (
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "waiting for zone transfer to complete ($n)"
ret=0
for i in 1 2 3 4 5 6 7 8 9
@ -42,16 +42,16 @@ do
sleep 1
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing case preserving responses - no acl ($n)"
ret=0
$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n
grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)"
ret=0
@ -66,27 +66,27 @@ grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1
grep "mail.example" dig.ns2.test$n > /dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "change SOA owner case via update ($n)"
$NSUPDATE << EOF
server 10.53.0.1 ${PORT}
@ -98,27 +98,27 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042408 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check SOA owner case is transferred to secondary ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
#update delete Ns1.DyNaMIC. 300 IN A 10.53.0.1
n=`expr $n + 1`
n=$((n + 1))
echo_i "change A record owner case via update ($n)"
$NSUPDATE << EOF
server 10.53.0.1 ${PORT}
@ -130,22 +130,22 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
digcomp dig.ns1.test$n postns1.good || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042409 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check A owner case is transferred to secondary ($n)"
ret=0
$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
digcomp dig.ns2.test$n postns1.good || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

140
bin/tests/system/chain/tests.sh
View file

@ -25,49 +25,49 @@ sendcmd() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking short DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1
grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking short DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1
grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking long DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1
grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking long DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1
grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1
grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -75,9 +75,9 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon
grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -85,7 +85,7 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon
grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
find_records() {
owner_name="$1"
@ -127,7 +127,7 @@ ensure_no_ds_in_bitmap() {
find_records "$owner_name" "$rr_type" "$file" | awk '{ for (i='"$start_index"'; i<=NF; i++) if ($i == "DS") exit 1 }'
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking secure delegation prepared using CNAME chaining ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -137,9 +137,9 @@ $DIG $DIGOPTS @10.53.0.2 cname.wildcard-secure.example A +norec +dnssec > dig.ou
exactly_one_record_exists_for "delegation.wildcard-secure.example." NS dig.out.2.$n || ret=1
exactly_one_record_exists_for "delegation.wildcard-secure.example." DS dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking secure delegation prepared using wildcard expansion + CNAME chaining ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset, an
@ -154,9 +154,9 @@ exactly_one_record_exists_for "*.wildcard-secure.example." NSEC dig.out.2.$n ||
no_records_exist_for "cname.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
no_records_exist_for "delegation.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -175,9 +175,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -197,9 +197,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -220,7 +220,7 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Relevant NSEC3 hashes:
#
@ -242,7 +242,7 @@ status=`expr $status + $ret`
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3.example.
# SG2DEHEAOGCKP7FTNQAUVC3I3TIPJH0J (salt=-, hash=1, iterations=0)
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -261,9 +261,9 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example."
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -283,9 +283,9 @@ exactly_one_record_exists_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.e
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -306,7 +306,7 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example."
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Relevant NSEC3 hashes:
#
@ -331,7 +331,7 @@ status=`expr $status + $ret`
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3-optout.example.
# V7OTS4791T9SU0HKVL93EVNAJ9JH2CH3 (salt=-, hash=1, iterations=0)
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 with opt-out ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
@ -349,9 +349,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -370,9 +370,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
@ -392,17 +392,17 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to DNAME from authoritative ($n)"
ret=0
$DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname
grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to DNAME from recursive"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -413,9 +413,9 @@ grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -424,9 +424,9 @@ grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -436,9 +436,9 @@ grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-d
grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME loops are detected ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -446,9 +446,9 @@ $DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to external delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -456,9 +456,9 @@ $DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to internal delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -466,27 +466,27 @@ $DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to signed external delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME to signed internal delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking CNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -525,9 +525,9 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1
grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1
grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that only the initial CNAME is cached ($n)"
ret=0
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
@ -539,9 +539,9 @@ $DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1
ttl=`awk '{print $2}' dig.out.2.$n`
[ "$ttl" -eq 86400 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -564,9 +564,9 @@ grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking external CNAME/DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -587,18 +587,18 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking explicit DNAME query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME via ANY query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
@ -606,25 +606,25 @@ $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
$DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Regression test for CVE-2021-25215 (authoritative server).
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME resolution via itself (authoritative) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1
grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Regression test for CVE-2021-25215 (recursive resolver).
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking DNAME resolution via itself (recursive) ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1
grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

234
bin/tests/system/checkconf/tests.sh
View file

@ -20,14 +20,14 @@ n=0
mkdir keys
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf handles a known good config ($n)"
ret=0
$CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf prints a known good config ($n)"
ret=0
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.raw
@ -36,9 +36,9 @@ $CHECKCONF -p good.conf.raw > checkconf.out$n || ret=1
grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
cmp good.conf.raw good.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -x removes secrets ($n)"
ret=0
# ensure there is a secret and that it is not the check string.
@ -48,11 +48,11 @@ $CHECKCONF -p -x good.conf.raw > checkconf.out$n || ret=1
grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
for bad in bad-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects error in $bad ($n)"
ret=0
$CHECKCONF $bad > checkconf.out$n 2>&1
@ -73,12 +73,12 @@ do
;;
esac
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for good in good-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects no error in $good ($n)"
ret=0
if ! $FEATURETEST --with-libnghttp2
@ -90,12 +90,12 @@ do
fi
$CHECKCONF $good > checkconf.out$n 2>&1
if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for lmdb in lmdb-*.conf
do
n=`expr $n + 1`
n=$((n + 1))
ret=0
$FEATURETEST --with-lmdb
@ -108,42 +108,42 @@ do
$CHECKCONF $lmdb > checkconf.out$n 2>&1
if [ $? -eq 0 ]; then echo_i "failed"; ret=1; fi
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that ancient options report a fatal error ($n)"
ret=0
$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1
grep "no longer exists" ancient.out > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
ret=0
$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf catches range errors ($n)"
ret=0
$CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
ret=0
$CHECKCONF notify.conf > checkconf.out$n 2>&1
warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l`
[ $warnings -eq 3 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf dnssec warnings ($n)"
ret=0
# dnssec.1: auto-dnssec warning
@ -158,9 +158,9 @@ if [ $lines != 1 ]; then ret=1; fi
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.3 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf deprecate warnings ($n)"
ret=0
$CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1
@ -173,27 +173,27 @@ grep "option 'avoid-v4-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null
grep "option 'avoid-v6-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
grep "token 'port' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# set -i to ignore deprecate warnings
$CHECKCONF -i deprecated.conf > checkconf.out$n.2 2>&1
grep '.*' < checkconf.out$n.2 > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf servestale warnings ($n)"
ret=0
$CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1
grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
$CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1
grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "range checking fields that do not allow zero ($n)"
ret=0
for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
@ -231,9 +231,9 @@ EOF
[ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking options allowed in inline-signing secondaries ($n)"
ret=0
$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1
@ -246,9 +246,9 @@ $CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1
l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l`
[ $l -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check file + inline-signing for secondary zones ($n)"
$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1
l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l`
@ -260,17 +260,17 @@ $CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1
l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l`
[ $l -eq 1 ] || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf DLZ warnings ($n)"
ret=0
$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1
grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking for missing key directory warning ($n)"
ret=0
rm -rf test.keydir
@ -289,7 +289,7 @@ l=`grep "key-directory" < checkconf.out$n.3 | wc -l`
rm -rf test.keydir
if [ $ret -ne 0 ]; then echo_i "failed"; fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"
ret=0
$CHECKCONF -z max-ttl.conf > check.out 2>&1
@ -297,143 +297,143 @@ grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 ||
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
ret=0
$CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
ret=0
$CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
ret=0
$CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
ret=0
$CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
ret=0
$CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
ret=0
$CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
ret=0
$CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-names fails as configured ($n)"
ret=0
$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-dup-records fails as configured ($n)"
ret=0
$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1
grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-mx-cname fails as configured ($n)"
ret=0
$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that check-srv-cname fails as configured ($n)"
ret=0
$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -p properly print a port range ($n)"
ret=0
$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -z handles in-view ($n)"
ret=0
$CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1
grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -z returns error when a later view is okay ($n)"
ret=0
$CHECKCONF -z check-missing-zone.conf > checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
ret=0
$CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that named-checkconf -l prints out the zone list ($n)"
ret=0
$CHECKCONF -l good.conf |
@ -444,66 +444,66 @@ grep -v "no longer exists" |
grep -v "is obsolete" > checkconf.out$n || ret=1
diff good.zonelist checkconf.out$n > diff.out$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
grep "key without the updated" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not generate a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)"
ret=0
$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a static root key generates a warning ($n)"
ret=0
$CHECKCONF check-root-static-key.conf > checkconf.out$n 2>/dev/null || ret=1
grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a static root DS trust anchor generates a warning ($n)"
ret=0
$CHECKCONF check-root-static-ds.conf > checkconf.out$n 2>/dev/null || ret=1
grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a trusted-keys entry for root generates a warning ($n)"
ret=0
$CHECKCONF check-root-trusted-key.conf > checkconf.out$n 2>/dev/null || ret=1
grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that using trust-anchors and managed-keys generates an error ($n)"
ret=0
$CHECKCONF check-mixed-keys.conf > checkconf.out$n 2>/dev/null && ret=1
grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp errors ($n)"
ret=0
$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
@ -515,9 +515,9 @@ grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < c
grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp nsec3 iterations errors ($n)"
ret=0
if ! ($SHELL ../testcrypto.sh -q RSASHA1); then
@ -532,9 +532,9 @@ grep "dnssec-policy: nsec3 iterations value 151 out of range" < checkconf.out$n
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne $expect ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp nsec3 algorithm errors ($n)"
ret=0
$CHECKCONF kasp-bad-nsec3-alg.conf > checkconf.out$n 2>&1 && ret=1
@ -544,17 +544,17 @@ else
grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" < checkconf.out$n > /dev/null || ret=1
fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp key errors ($n)"
ret=0
$CHECKCONF kasp-bad-keylen.conf > checkconf.out$n 2>&1 && ret=1
grep "dnssec-policy: key with algorithm rsasha256 has invalid key length 511" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp signatures refresh errors ($n)"
ret=0
$CHECKCONF kasp-bad-signatures-refresh.conf > checkconf.out$n 2>&1 && ret=1
@ -563,26 +563,26 @@ grep "dnssec-policy: policy 'bad-sigrefresh-dnskey' signatures-refresh must be a
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne 2 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp key lifetime errors ($n)"
ret=0
$CHECKCONF kasp-bad-lifetime.conf > checkconf.out$n 2>&1 && ret=1
lines=$(grep "dnssec-policy: key lifetime is shorter than the time it takes to do a rollover" < checkconf.out$n | wc -l) || ret=1
if [ $lines -ne 3 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp predefined key length ($n)"
ret=0
$CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1 || ret=1
grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf kasp warns about weird policies ($n)"
ret=0
$CHECKCONF kasp-warning.conf > checkconf.out$n 2>&1 || ret=1
@ -594,16 +594,16 @@ grep "dnssec-policy: key lifetime is shorter than 30 days" < checkconf.out$n > /
lines=$(wc -l < "checkconf.out$n")
if [ $lines -ne 5 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that a good 'kasp' configuration is accepted ($n)"
ret=0
$CHECKCONF good-kasp.conf > checkconf.out$n 2>/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf prints a known good kasp config ($n)"
ret=0
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf > good-kasp.conf.in
@ -611,17 +611,17 @@ awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-ka
$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1
cmp good-kasp.conf.in good-kasp.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that max-ixfr-ratio 100% generates a warning ($n)"
ret=0
$CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1
grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that *-source options with specified port generate warnings ($n)"
ret=0
$CHECKCONF warn-transfer-source.conf > checkconf.out$n 2>/dev/null || ret=1
@ -631,23 +631,23 @@ grep "not recommended" < checkconf.out$n > /dev/null || ret=1
$CHECKCONF warn-parental-source.conf > checkconf.out$n 2>/dev/null || ret=1
grep "not recommended" < checkconf.out$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that 'check-wildcard no;' succeeds as configured ($n)"
ret=0
$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1
grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that 'check-wildcard yes;' warns as configured ($n)"
ret=0
$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1
grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
rmdir keys

44
bin/tests/system/checknames/tests.sh
View file

@ -33,24 +33,24 @@ $DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1
grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist.
echo_i "check for warnings from on zone load for 'check-names warn;' ($n)"
ret=0
grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should not exist.
echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)"
ret=1
grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response warn;' works ($n)"
@ -60,8 +60,8 @@ $DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n ||
digcomp dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response (owner) fails;' works ($n)"
@ -72,8 +72,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1
grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# Entry should exist
echo_i "check that 'check-names response (rdata) fails;' works ($n)"
@ -84,8 +84,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1
grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names fail;' are rejected ($n)"
ret=0
@ -101,8 +101,8 @@ $DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)"
ret=0
@ -116,8 +116,8 @@ $DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)"
ret=0
@ -133,8 +133,8 @@ if [ $not != 0 ]; then ret=1; fi
$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
ret=0
@ -150,8 +150,8 @@ if [ $not != 0 ]; then ret=1; fi
$DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A > dig.out.ns4.test$n || ret=1
grep NOERROR dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0
@ -177,8 +177,8 @@ ret=0
retry_quiet 35 wait_for_record xxx_xxx.master-ignore.update @10.53.0.4 A dig.out.ns4.test$n || ret=1
grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0

146
bin/tests/system/cookie/tests.sh
View file

@ -39,52 +39,52 @@ havetc() {
for bad in bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects error in $bad ($n)"
ret=0
$CHECKCONF $bad > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for good in good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that named-checkconf detects accepts $good ($n)"
ret=0
$CHECKCONF $good > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null && ret=1
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE token is returned to empty COOKIE option ($n)"
ret=0
$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE is not returned when answer-cookie is false ($n)"
ret=0
oldcookie=b71d3138bb984fc50100000064a65cffbbf02482dfb99ba5
@ -92,26 +92,26 @@ $DIG $DIGOPTS +cookie=$oldcookie version.bind txt ch @10.53.0.7 > dig.out.test$n
grep COOKIE: dig.out.test$n > /dev/null && ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size without COOKIE ($n)"
ret=0
$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size without valid COOKIE ($n)"
ret=0
$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n || ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size with COOKIE ($n)"
ret=0
$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l
@ -120,18 +120,18 @@ $DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out
havetc dig.out.test$n && ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking response size with COOKIE recursive ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n
havetc dig.out.test$n && ret=1
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking COOKIE is learnt for TCP retry ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n
@ -140,17 +140,17 @@ if [ $linecount != 3 ]; then ret=1; fi
checkfull=`getcookie dig.out.test$n | fullcookie`
if [ $checkfull != 1 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking for COOKIE value in adb ($n)"
ret=0
rndc_dumpdb ns1
grep "10.53.0.2.*\[cookie=" ns1/named_dump.db.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie default (no) ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n
@ -158,9 +158,9 @@ grep "status: BADCOOKIE" dig.out.test$n > /dev/null && ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie yes ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n
@ -170,9 +170,9 @@ grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking +qr +showbadcookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
@ -187,8 +187,8 @@ if [ $server != 3 ]; then ret=1; fi
if [ $good != 2 ]; then ret=1; fi
if [ $linecount != 4 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking +showbadcookie ($n)"
ret=0
@ -204,9 +204,9 @@ if [ $server != 2 ]; then ret=1; fi
if [ $good != 2 ]; then ret=1; fi
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking require-server-cookie yes with rate-limit ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n
@ -215,9 +215,9 @@ grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking 'server <prefix> { require-cookie yes; };' triggers TCP when cookie not returned ($n)"
ret=0
nextpart ns8/named.run > /dev/null
@ -226,31 +226,31 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
wait_for_log_peek 3 "missing required cookie from 10.53.0.7#" ns8/named.run || ret=1
wait_for_log_peek 3 "connected from" ns8/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send undersized cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send oversized for named cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "send oversized for named cookie with server requiring a good cookie ($n)"
ret=0
$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 > dig.out.test$n || ret=1
grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that BADCOOKIE is returned for a bad server COOKIE ($n)"
ret=0
@ -261,7 +261,7 @@ grep "status: BADCOOKIE" dig.out.test$n > /dev/null || ret=1
linecount=`getcookie dig.out.test$n | wc -l`
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
#
# Test shared cookie-secret support.
@ -280,7 +280,7 @@ status=`expr $status + $ret`
# Force local address so that the client's address is the same to all servers.
#
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS4 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n
@ -288,9 +288,9 @@ grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns4cookie=`getcookie dig.out.test$n`
test -n "$ns4cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS5 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n
@ -298,72 +298,72 @@ grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns5cookie=`getcookie dig.out.test$n`
test -n "$ns5cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "get NS6 cookie for cross server checking ($n)"
ret=0
$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
ns6cookie=`getcookie dig.out.test$n`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS4 cookie on NS5 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS5 cookie on NS4 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "test NS6 cookie on NS5 (expect success) ($n)"
ret=0
$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
@ -426,9 +426,9 @@ grep 'A.10\.53\.0\.10' dig.out.test$n.8 > /dev/null && ret=1
grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.8 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that spoofed response is dropped when we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
@ -446,9 +446,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that gracefully handle server disabling DNS COOKIE we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
@ -466,9 +466,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that spoofed response with a TSIG is dropped when we have a server cookie ($n)"
ret=0
pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
@ -487,7 +487,7 @@ nextpart ns1/named.run > named.run.test$n
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if $PYTHON -c '
import dns.version, sys;
@ -495,7 +495,7 @@ if dns.version.MAJOR > 1: sys.exit(0);
if dns.version.MAJOR == 1 and dns.version.MINOR >= 16: sys.exit(0);
sys.exit(1)'
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that TSIG test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
@ -545,9 +545,9 @@ then
grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that missing COOKIE with a valid TSIG signed response does not trigger TCP fallback ($n)"
ret=0
pat='10\.53\.0\.10 .*\[cookie=................................\] \[ttl'
@ -566,7 +566,7 @@ then
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "exit status: $status"

10
bin/tests/system/database/tests.sh
View file

@ -29,9 +29,9 @@ echo_i "checking pre reload zone ($n)"
ret=0
$DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "hostmaster\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
copy_setports ns1/named2.conf.in ns1/named.conf
$RNDCCMD reload 2>&1 >/dev/null
@ -45,12 +45,12 @@ do
ret=0
$DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "marka\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
try=`expr $try + 1`
try=$((try + 1))
test $ret -eq 0 && break
done
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

8
bin/tests/system/dialup/tests.sh
View file

@ -32,7 +32,7 @@ do
$DIG $DIGOPTS example. @10.53.0.2 soa > dig.out.ns2.test || ret=1
if grep SERVFAIL dig.out.ns2.test > /dev/null
then
try=`expr $try + 1`
try=$((try + 1))
sleep 1
else
digcomp dig.out.ns1.test dig.out.ns2.test || ret=1
@ -41,7 +41,7 @@ do
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that second zone transfer worked"
ret=0
@ -51,7 +51,7 @@ do
$DIG $DIGOPTS example. @10.53.0.3 soa > dig.out.ns3.test || ret=1
if grep SERVFAIL dig.out.ns3.test > /dev/null
then
try=`expr $try + 1`
try=$((try + 1))
sleep 1
else
digcomp dig.out.ns1.test dig.out.ns3.test || ret=1
@ -60,7 +60,7 @@ do
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

48
bin/tests/system/dlzexternal/tests.sh
View file

@ -22,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie"
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "${1} (${n})"
ret=0
}
@ -58,22 +58,22 @@ EOF
}
test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing nxrrset"
$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n
grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing prerequisites are checked correctly"
cat > ns1/update.txt << EOF
@ -86,14 +86,14 @@ $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1
out=`$DIG $DIGOPTS +short a testdc3.example.nil`
[ "$out" = "10.53.0.12" ] && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing passing client info into DLZ driver"
out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'`
addr=`eval echo "$out" | cut -f1 -d'#'`
[ "$addr" = "10.53.0.1" ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing DLZ driver is cleaned up on reload"
rndc_reload ns1 10.53.0.1
@ -104,11 +104,11 @@ for i in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing multiple DLZ drivers"
test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR from DLZ drivers"
$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n
@ -118,7 +118,7 @@ $DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
lines=`cat dig.out.alternate.ns1.test$n | wc -l`
[ ${lines:-0} -eq 5 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR denied from DLZ drivers"
$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n
@ -126,7 +126,7 @@ grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1
$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing AXFR denied based on view ACL"
# 10.53.0.1 should be disallowed
@ -136,25 +136,25 @@ grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2
grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/unregistered DLZ zone is not found"
$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing unsearched/registered DLZ zone is found"
$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing correct behavior with findzone returning ISC_R_NOMORE"
$DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1
@ -164,7 +164,7 @@ lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc
lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l`
[ $lines -eq 1 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing findzone can return different results per client"
$DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1
@ -180,19 +180,19 @@ lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l`
lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l`
[ $lines -gt 2 ] || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing zone returning oversized data"
$DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "testing zone returning oversized data at zone origin"
$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1
grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1
[ "$ret" -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking redirected lookup for nonexistent name"
$DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1
@ -200,14 +200,14 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking no redirected lookup for nonexistent type"
$DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking redirected lookup for a long nonexistent name"
$DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1
@ -217,7 +217,7 @@ grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1
lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l`
[ "$lookups" -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking ECS data is passed to driver in clientinfo"
$DIG $DIGOPTS +short +subnet=192.0/16 source-addr.example.nil txt > dig.out.ns1.test$n.1 || ret=1
@ -225,7 +225,7 @@ grep "192.0.0.0/16/0" dig.out.ns1.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS +short source-addr.example.nil txt > dig.out.ns1.test$n.2 || ret=1
grep "not.*present" dig.out.ns1.test$n.2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

612
bin/tests/system/dns64/tests.sh
View file

File diff suppressed because it is too large Load diff

92
bin/tests/system/dnstap/tests.sh
View file

@ -44,7 +44,7 @@ do
echo_i "checking that named-checkconf detects error in $bad"
$CHECKCONF $bad > /dev/null 2>&1
if [ $? != 1 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for good in good-*.conf
@ -53,7 +53,7 @@ do
echo_i "checking that named-checkconf detects no error in $good"
$CHECKCONF $good > /dev/null 2>&1
if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
status=$((status + ret))
done
echo_i "wait for servers to finish loading"
@ -63,7 +63,7 @@ wait_for_log 20 "all zones loaded" ns2/named.run || ret=1
wait_for_log 20 "all zones loaded" ns3/named.run || ret=1
wait_for_log 20 "all zones loaded" ns4/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# both the 'a.example/A' lookup and the './NS' lookup to ns1
# need to complete before reopening/rolling for the counts to
@ -160,7 +160,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -177,7 +177,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -194,7 +194,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -211,7 +211,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -228,7 +228,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -245,7 +245,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -262,7 +262,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -279,7 +279,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_QUERY message counts"
ret=0
@ -296,7 +296,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -313,7 +313,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking reopened message counts"
@ -365,7 +365,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -382,7 +382,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -399,7 +399,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -416,7 +416,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -433,7 +433,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -450,7 +450,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -467,7 +467,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -484,7 +484,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_QUERY message counts"
ret=0
@ -501,7 +501,7 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -518,13 +518,13 @@ ret=0
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking whether destination UDP port is logged for client queries"
ret=0
$DNSTAPREAD ns3/dnstap.out.save | grep -Eq "CQ [0-9:.]+ -> 10.53.0.3:${PORT} UDP" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
HAS_PYYAML=0
if [ -x "$PYTHON" ] ; then
@ -538,7 +538,7 @@ if [ $HAS_PYYAML -ne 0 ] ; then
$PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1
} | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking dnstap-read hex output"
@ -548,7 +548,7 @@ echo $hex | $WIRETEST > dnstap.hex
grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1
grep 'ANSWER: 3, AUTHORITY: 1' dnstap.hex > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
if [ -n "$FSTRM_CAPTURE" ] ; then
$DIG $DIGOPTS @10.53.0.4 a.example > dig.out
@ -590,7 +590,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -599,7 +599,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -608,7 +608,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -617,7 +617,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -626,7 +626,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -635,7 +635,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -644,7 +644,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -660,7 +660,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -669,7 +669,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
mv dnstap.out dnstap.out.save
@ -708,7 +708,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking TCP message counts"
ret=0
@ -717,7 +717,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_QUERY message counts"
ret=0
@ -726,7 +726,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AUTH_RESPONSE message counts"
ret=0
@ -735,7 +735,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_QUERY message counts"
ret=0
@ -744,7 +744,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking CLIENT_RESPONSE message counts"
ret=0
@ -753,7 +753,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_QUERY message counts"
ret=0
@ -762,7 +762,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RESOLVER_RESPONSE message counts"
ret=0
@ -778,7 +778,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking UPDATE_RESPONSE message counts"
ret=0
@ -787,7 +787,7 @@ EOF
ret=1
}
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
fi
echo_i "checking large packet printing"
@ -797,7 +797,7 @@ ret=0
lines=`$DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY"`
[ $lines -eq 2 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
_test_dnstap_roll() (
ip="$1"
@ -818,7 +818,7 @@ test_dnstap_roll() {
while test $try -lt 12
do
touch "$3/dnstap.out.$try"
try=`expr $try + 1`
try=$((try + 1))
done
_repeat 10 _test_dnstap_roll $2 $3 $4 || ret=1

6
bin/tests/system/dsdigest/tests.sh
View file

@ -29,7 +29,7 @@ $DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1
grep "status: NOERROR" dig.out.good > /dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Check the bad. domain
@ -38,7 +38,7 @@ ret=0
$DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1
grep "SERVFAIL" dig.out.bad > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that validation with no supported digest algorithms results in insecure"
ret=0
@ -49,7 +49,7 @@ $DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1
grep "NOERROR" dig.out.insecure > /dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

28
bin/tests/system/dyndb/tests.sh
View file

@ -22,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT}"
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
echo_i "${1} (${n})"
ret=0
}
@ -118,49 +118,49 @@ EOF
}
test_add test1.ipv4.example.nil. A "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test2.ipv4.example.nil. A "10.53.0.11" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test3.ipv4.example.nil. A "10.53.0.12" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test4.ipv6.example.nil. AAAA "2001:db8::1" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test1.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test2.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test3.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test4.ipv6.example.nil. AAAA || ret=1
status=`expr $status + $ret`
status=$((status + ret))
newtest "checking parameter logging"
grep "loading params for dyndb 'sample' from .*named.conf:" ns1/named.run > /dev/null || ret=1
grep "loading params for dyndb 'sample2' from .*named.conf:" ns1/named.run > /dev/null || ret=1
[ $ret -eq 1 ] && echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking dyndb still works after reload"
rndc_reload ns1 10.53.0.1
test_add test5.ipv4.example.nil. A "10.53.0.10" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_add test6.ipv6.example.nil. AAAA "2001:db8::1" || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test5.ipv4.example.nil. A || ret=1
status=`expr $status + $ret`
status=$((status + ret))
test_del test6.ipv6.example.nil. AAAA || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

38
bin/tests/system/ednscompliance/tests.sh
View file

@ -21,31 +21,31 @@ status=0
n=0
zone=.
n=`expr $n + 1`
n=$((n + 1))
echo_i "check +edns=100 sets version 100 ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n
grep "EDNS: version: 100," dig.out$n > /dev/null || { ret=1; reason="version"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
ret=0 reason=
echo_i "check +ednsopt=100 adds option 100 ($n)"
$DIG $DIGOPTS @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n
grep "; OPT=100" dig.out$n > /dev/null || { ret=1; reason="option"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check +ednsflags=0x80 sets flags to 0x0080 ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n
grep "MBZ: 0x0080," dig.out$n > /dev/null || { ret=1; reason="flags"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n
@ -53,9 +53,9 @@ grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; }
grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS option ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n
@ -64,9 +64,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version + option ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n
@ -75,8 +75,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed: $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "Unknown EDNS flag ($n)"
ret=0 reason=
@ -86,9 +86,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
grep ".IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Unknown EDNS version + flag ($n)"
ret=0 reason=
$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n
@ -97,8 +97,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "DiG's EDNS negotiation ($n)"
ret=0 reason=
@ -107,8 +107,8 @@ grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; }
grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="soa"; }
if [ $ret != 0 ]; then echo_i "failed $reason"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

8
bin/tests/system/emptyzones/tests.sh
View file

@ -21,7 +21,7 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that switching to automatic empty zones works ($n)"
ret=0
rndc_reload ns1 10.53.0.1
@ -32,15 +32,15 @@ sleep 5
$DIG $DIGOPTS +vc version.bind txt ch @10.53.0.1 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that allow-transfer { none; } works ($n)"
ret=0
$DIG $DIGOPTS axfr 10.in-addr.arpa @10.53.0.1 +all > dig.out.test$n || ret=1
grep "status: REFUSED" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

556
bin/tests/system/filter-aaaa/tests.sh
View file

File diff suppressed because it is too large Load diff

6
bin/tests/system/formerr/tests.sh
View file

@ -22,7 +22,7 @@ $PERL formerr.pl -a 10.53.0.1 -p ${PORT} nametoolong > nametoolong.out
ans=`grep got: nametoolong.out`
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
echo_i "two questions"
@ -30,7 +30,7 @@ $PERL formerr.pl -a 10.53.0.1 -p ${PORT} twoquestions > twoquestions.out
ans=`grep got: twoquestions.out`
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
# this would be NOERROR if it included a COOKIE option,
@ -40,7 +40,7 @@ $PERL formerr.pl -a 10.53.0.1 -p ${PORT} noquestions > noquestions.out
ans=`grep got: noquestions.out`
if [ "${ans}" != "got: 000080010000000000000000" ];
then
echo_i "failed"; status=`expr $status + 1`;
echo_i "failed"; status=$((status + 1));
fi
echo_i "exit status: $status"

102
bin/tests/system/geoip2/tests.sh
View file

@ -26,25 +26,25 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
for conf in conf/good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by code using IPv4 ($n)"
ret=0
lret=0
@ -56,11 +56,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by code using IPv6 ($n)"
ret=0
lret=0
@ -72,7 +72,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country code test"
fi
@ -83,7 +83,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database with nested ACLs using IPv4 ($n)"
ret=0
lret=0
@ -95,11 +95,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database with nested ACLs using IPv6 ($n)"
ret=0
lret=0
@ -111,7 +111,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country nested ACL test"
fi
@ -122,7 +122,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by name using IPv4 ($n)"
ret=0
lret=0
@ -134,11 +134,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by name using IPv6 ($n)"
ret=0
lret=0
@ -150,7 +150,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 country name test"
fi
@ -161,7 +161,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by continent code using IPv4 ($n)"
ret=0
lret=0
@ -174,11 +174,11 @@ for i in 1 2 3 5 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Country database by continent code using IPv6 ($n)"
ret=0
lret=0
@ -191,7 +191,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 continent code test"
fi
@ -202,7 +202,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by region code using IPv4 ($n)"
ret=0
lret=0
@ -215,11 +215,11 @@ for i in 1 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by region code using IPv6 ($n)"
ret=0
lret=0
@ -232,19 +232,19 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 region code test"
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "reloading server"
copy_setports ns2/named6.conf.in ns2/named.conf
$CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by city name using IPv4 ($n)"
ret=0
lret=0
@ -256,11 +256,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking City database by city name using IPv6 ($n)"
ret=0
lret=0
@ -272,7 +272,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 city test"
fi
@ -283,7 +283,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ISP database using IPv4 ($n)"
ret=0
lret=0
@ -295,11 +295,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ISP database using IPv6 ($n)"
ret=0
lret=0
@ -311,7 +311,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ISP test"
fi
@ -322,7 +322,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database by org name using IPv4 ($n)"
ret=0
lret=0
@ -334,11 +334,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database by org name using IPv6 ($n)"
ret=0
lret=0
@ -350,7 +350,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -361,7 +361,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking GeoIP6 ASN database, ASNNNN only, using IPv4 ($n)"
ret=0
lret=0
@ -373,11 +373,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database, ASNNNN only, using IPv6 ($n)"
ret=0
lret=0
@ -389,7 +389,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -400,7 +400,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking GeoIP6 ASN database, NNNN only, using IPv4 ($n)"
ret=0
lret=0
@ -412,11 +412,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking ASN database, NNNN only, using IPv6 ($n)"
ret=0
lret=0
@ -428,7 +428,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 ASN test"
fi
@ -439,7 +439,7 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Domain database using IPv4 ($n)"
ret=0
lret=0
@ -451,11 +451,11 @@ for i in 1 2 3 4 5 6 7; do
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
if testsock6 fd92:7065:b8e:ffff::3
then
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking Domain database using IPv6 ($n)"
ret=0
lret=0
@ -467,7 +467,7 @@ then
done
[ $lret -eq 1 ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping IPv6 Domain test"
fi
@ -478,13 +478,13 @@ $CHECKCONF ns2/named.conf | cat_i
rndc_reload ns2 10.53.0.2
sleep 3
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking geoip blackhole ACL ($n)"
ret=0
$DIG $DIGOPTS txt example -b 10.53.0.7 > dig.out.ns2.test$n || ret=1
$RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

16
bin/tests/system/include-multiplecfg/tests.sh
View file

@ -23,42 +23,42 @@ status=0
n=0
# Test 1 - check if zone1 was loaded.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking glob include of zone1 config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone1.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^zone1.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 2 - check if zone2 was loaded.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking glob include of zone2 config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone2.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^zone2.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 3 - check if standard file path (no magic chars) works.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking include of standard file path config ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 mars.com. a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^mars.com.' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# Test 4: named-checkconf correctly parses glob includes.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking named-checkconf with glob include ($n)"
ret=0
(cd ns2; $CHECKCONF named.conf) || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

48
bin/tests/system/integrity/tests.sh
View file

@ -25,108 +25,108 @@ ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-fail > dig.out.test$n || ret=1
grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-fail/IN: mx-cname-fail/MX 'cname.mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-mx-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-warn/IN: mx-cname-warn/MX 'cname.mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-mx-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx mx-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone mx-cname-ignore/IN: mx-cname-ignore/MX 'cname.mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-fail > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-fail/IN: no-mx-cname-fail/MX 'cname.no-mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-warn/IN: no-mx-cname-warn/MX 'cname.no-mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-mx-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-mx-cname-ignore/IN: no-mx-cname-ignore/MX 'cname.no-mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-fail > dig.out.test$n || ret=1
grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-fail/IN: srv-cname-fail/SRV 'cname.srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-warn/IN: srv-cname-warn/SRV 'cname.srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity yes; check-srv-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv srv-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone srv-cname-ignore/IN: srv-cname-ignore/SRV 'cname.srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname fail;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-fail > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-fail/IN: no-srv-cname-fail/SRV 'cname.no-srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname warn;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-warn > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-warn/IN: no-srv-cname-warn/SRV 'cname.no-srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "check that 'check-integrity no; check-srv-cname ignore;' works ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-ignore > dig.out.test$n || ret=1
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
grep "zone no-srv-cname-ignore/IN: no-srv-cname-ignore/SRV 'cname.no-srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
test $status -eq 0 || exit 1

86
bin/tests/system/journal/tests.sh
View file

@ -26,7 +26,7 @@ rndc_with_opts() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journal rolled forward (dynamic) ($n)"
ret=0
dig_with_opts changed soa > dig.out.test$n
@ -34,33 +34,33 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone changed/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated empty journal did not cause an error (dynamic) ($n)"
ret=0
dig_with_opts unchanged soa > dig.out.test$n
grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010901' dig.out.test$n > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journals were updated or removed (dynamic) ($n)"
ret=0
cat -v ns1/changed.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ -f ns1/unchanged.db.jnl ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check updated journal has correct RR count (dynamic) ($n)"
ret=0
$JOURNALPRINT -x ns1/changed.db.jnl | grep "rrcount 3 " > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format journal rolled forward (dynamic) ($n)"
ret=0
dig_with_opts changed2 soa > dig.out.test$n
@ -69,9 +69,9 @@ grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone changed2/IN: journal rollforward completed successfully: success' ns1/named.run > /dev/null || ret=1
grep 'zone changed2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format empty journal did not cause error (dynamic) ($n)"
ret=0
dig_with_opts unchanged2 soa > dig.out.test$n
@ -80,17 +80,17 @@ grep '2012010901' dig.out.test$n > /dev/null || ret=1
grep 'zone unchanged2/IN: journal rollforward completed successfully' ns1/named.run > /dev/null && ret=1
grep 'zone unchanged2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check new-format journals were updated or removed (dynamic) ($n)"
ret=0
cat -v ns1/changed2.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ -f ns1/unchanged2.db.jnl ] && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated up-to-date journal succeeded (ixfr-from-differences) ($n)"
ret=0
dig_with_opts -t soa ixfr > dig.out.test$n
@ -98,16 +98,16 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
grep '2012010902' dig.out.test$n > /dev/null || ret=1
grep 'zone ixfr/IN: journal rollforward completed successfully using old journal format: up to date' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check outdated journal was updated (ixfr-from-differences) ($n)"
ret=0
cat -v ns1/ixfr.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers succeeded (version 1,2,1,2) ($n)"
ret=0
dig_with_opts -t soa hdr1d1d2d1d2 > dig.out.test$n
@ -117,9 +117,9 @@ grep 'zone hdr1d1d2d1d2/IN: journal rollforward completed successfully using old
grep 'zone_journal_compact: zone hdr1d1d2d1d2/IN: repair full journal' ns1/named.run > /dev/null || ret=1
grep 'hdr1d1d2d1d2/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers was updated (version 1,2,1,2) ($n)"
ret=0
[ $($JOURNALPRINT -x ns1/d1212.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1
@ -127,9 +127,9 @@ ret=0
[ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 1") -eq 0 ] || ret=1
[ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 2") -eq 4 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers succeeded (version 2,1,2,1) ($n)"
ret=0
dig_with_opts -t soa hdr1d2d1d2d1 > dig.out.test$n
@ -139,9 +139,9 @@ grep 'zone hdr1d2d1d2d1/IN: journal rollforward completed successfully using old
grep 'zone_journal_compact: zone hdr1d2d1d2d1/IN: repair full journal' ns1/named.run > /dev/null || ret=1
grep 'zone hdr1d2d1d2d1/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal with mixed headers was updated (version 2,1,2,1) ($n)"
ret=0
[ $($JOURNALPRINT -x ns1/d2121.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1
@ -149,18 +149,18 @@ ret=0
[ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 1") -eq 0 ] || ret=1
[ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 2") -eq 4 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check there are no journals left un-updated ($n)"
ret=0
c1=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9")
c2=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9.2")
[ ${c1} -eq ${c2} ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Check that journal with mixed headers can be compacted (version 1,2,1,2) ($n)"
ret=0
journal=ns1/d1212.jnl.saved
@ -171,9 +171,9 @@ do
$JOURNALPRINT -c $serial tmp.jnl || ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "Check that journal with mixed headers can be compacted (version 2,1,2,1) ($n)"
ret=0
journal=ns1/d2121.jnl.saved
@ -184,18 +184,18 @@ do
$JOURNALPRINT -c $serial tmp.jnl || ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check upgrade of managed-keys.bind.jnl succeeded($n)"
ret=0
$JOURNALPRINT ns1/managed-keys.bind.jnl > journalprint.out.test$n
lines=$(awk '$1 == "add" && $5 == "SOA" && $8 == "3297" { print }' journalprint.out.test$n | wc -l)
test $lines -eq 1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal downgrade/upgrade ($n)"
ret=0
cp ns1/changed.db.jnl ns1/temp.jnl
@ -206,9 +206,9 @@ $JOURNALPRINT -u ns1/temp.jnl
$JOURNALPRINT -x ns1/temp.jnl | grep -q "Header version = 2" || ret=1
[ $($JOURNALPRINT -x ns1/temp.jnl | grep -c "version 2") -eq 1 ] || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check max-journal-size works after journal update ($n)"
ret=0
# journal was repaired, it should still be big
@ -221,9 +221,9 @@ check_size() (
)
retry_quiet 10 check_size || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check max-journal-size works with non-updated journals ($n)"
ret=0
# journal was not repaired, so it should still be big
@ -236,18 +236,18 @@ check_size() (
)
retry_quiet 10 check_size || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check journal index consistency ($n)"
ret=0
for jnl in ns1/*.jnl; do
$JOURNALPRINT -x $jnl 2>&1 | grep -q "Offset mismatch" && ret=1
done
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check that journal is applied to zone with keydata placeholder record"
ret=0
grep 'managed-keys-zone: journal rollforward completed successfully: up to date' ns2/named.run > /dev/null 2>&1 || ret=1

32
bin/tests/system/keepalive/tests.sh
View file

@ -23,65 +23,65 @@ status=0
echo_i "checking that dig handles TCP keepalive ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that dig added TCP keepalive ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD stats
grep "EDNS TCP keepalive option received" ns2/named.stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that TCP keepalive is added for TCP responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that TCP keepalive requires TCP ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking default value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.3 > dig.out.test$n
grep "; TCP KEEPALIVE: 30.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking configured value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE: 15.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking re-configured value ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD tcp-timeouts 300 300 300 200 > output
diff -b output expected || ret=1
$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking server config entry ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$RNDCCMD stats
oka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \
tail -1 | awk '{ print $1}'`
@ -93,7 +93,7 @@ nka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \
#echo nka ':' $nka
if [ "$oka" -eq "$nka" ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

80
bin/tests/system/legacy/tests.sh
View file

@ -47,7 +47,7 @@ resolution_fails() {
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking formerr edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.8 ednsformerr soa > dig.out.1.test$n || ret=1
@ -57,16 +57,16 @@ $DIG $DIGOPTS +noedns @10.53.0.8 ednsformerr soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to formerr edns server succeeds ($n)"
ret=0
resolution_succeeds ednsformerr. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking notimp edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.9 ednsnotimp soa > dig.out.1.test$n || ret=1
@ -76,16 +76,16 @@ $DIG $DIGOPTS +noedns @10.53.0.9 ednsnotimp soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to notimp edns server fails ($n)"
ret=0
resolution_fails ednsnotimp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking refused edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.10 ednsrefused soa > dig.out.1.test$n || ret=1
@ -95,16 +95,16 @@ $DIG $DIGOPTS +noedns @10.53.0.10 ednsrefused soa > dig.out.2.test$n || ret=1
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to refused edns server fails ($n)"
ret=0
resolution_fails ednsrefused. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking drop edns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n && ret=1
@ -120,16 +120,16 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n && ret=1
grep "timed out" dig.out.4.test$n > /dev/null || ret=1
grep ";; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to drop edns server fails ($n)"
ret=0
resolution_fails dropedns. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking drop edns + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n && ret=1
@ -141,16 +141,16 @@ $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1
grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to drop edns + no tcp server fails ($n)"
ret=0
resolution_fails dropedns-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking plain dns server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.4 plain soa > dig.out.1.test$n || ret=1
@ -160,16 +160,16 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.4 plain soa > dig.out.2.test$n
grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to plain dns server succeeds ($n)"
ret=0
resolution_succeeds plain. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking plain dns + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa > dig.out.1.test$n || ret=1
@ -178,15 +178,15 @@ grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1
$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n
grep "connection refused" dig.out.2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)"
ret=0
resolution_succeeds plain-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking edns 512 server setup ($n)"
ret=0
@ -204,16 +204,16 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1
grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 server succeeds ($n)"
ret=0
retry_quiet 3 resolution_succeeds edns512. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking edns 512 + no tcp server setup ($n)"
ret=0
$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1
@ -229,16 +229,16 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1
grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1
grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp server fails ($n)"
ret=0
resolution_fails edns512-notcp. || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp server does not cause query loops ($n)"
ret=0
sent=`grep -c -F "sending packet to 10.53.0.7" ns1/named.run`
@ -247,13 +247,13 @@ if [ $sent -ge 10 ]; then
ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
stop_server --use-rndc --port ${CONTROLPORT} ns1
copy_setports ns1/named2.conf.in ns1/named.conf
start_server --noclean --restart --port ${PORT} ns1
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)"
# retry loop in case the server restart above causes transient failure
for try in 0 1 2 3 4 5 6 7 8 9; do
@ -263,7 +263,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

8
bin/tests/system/logfileconfig/tests.sh
View file

@ -218,7 +218,7 @@ try=0
while test $try -lt 12
do
touch ns1/named_inc.$try
try=`expr $try + 1`
try=$((try + 1))
done
rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n
_found2() (
@ -229,7 +229,7 @@ _found2() (
while test $try -lt 12
do
[ -f ns1/named_inc.$try ] && return 1
try=`expr $try + 1`
try=$((try + 1))
done
set -- ns1/named_inc.*
[ "$#" -eq 1 ] || return 1
@ -246,7 +246,7 @@ try=0
while test $try -lt 12
do
touch $TMPDIR/example.log.$try
try=`expr $try + 1`
try=$((try + 1))
done
rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n
_found2() (
@ -257,7 +257,7 @@ _found2() (
while test $try -lt 12
do
[ -f $TMPDIR/example.log.$try ] && return 1
try=`expr $try + 1`
try=$((try + 1))
done
set -- $TMPDIR/example.log.*
[ "$#" -eq 1 ] || return 1

16
bin/tests/system/masterfile/tests.sh
View file

@ -21,7 +21,7 @@ status=0
n=0
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test master file \$INCLUDE semantics ($n)"
$DIG $DIGOPTS +nostats +nocmd include. axfr @10.53.0.1 >dig.out.$n
@ -33,31 +33,31 @@ $DIG $DIGOPTS +nostats +nocmd ttl2. axfr @10.53.0.1 >>dig.out.$n
diff dig.out.$n knowngood.dig.out || status=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test that the nameserver is running with a missing master file ($n)"
$DIG $DIGOPTS +tcp +noall +answer example soa @10.53.0.2 > dig.out.$n
grep SOA dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test that the nameserver returns SERVFAIL for a missing master file ($n)"
$DIG $DIGOPTS +tcp +all missing soa @10.53.0.2 > dig.out.$n
grep "status: SERVFAIL" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
ret=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "test owner inheritance after "'$INCLUDE'" ($n)"
$CHECKZONE -Dq example zone/inheritownerafterinclude.db > checkzone.out$n
diff checkzone.out$n zone/inheritownerafterinclude.good || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

4
bin/tests/system/names/tests.sh
View file

@ -35,14 +35,14 @@ echo_i "Checking if responses are identical other than in message size"
diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null
ret=$?
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking if message with compression disabled is significantly larger"
echo_i "Disabled $COMPDIS vs enabled $COMPEN"
val=`expr \( $COMPDIS \* 3 / 2 \) / $COMPEN`
if [ $val -le 1 ]; then
echo_i "failed"
status=`expr $status + 1`
status=$((status + 1))
fi;
echo_i "exit status: $status"

40
bin/tests/system/padding/tests.sh
View file

@ -29,71 +29,71 @@ getcookie() {
echo_i "checking that dig handles padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "; QUERY SIZE: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that dig added padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
nextpart ns2/named.stats | grep "EDNS padding option received" > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding is added for TCP responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding is added to valid cookie responses ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +cookie foo.example @10.53.0.2 > dig.out.testc
cookie=`getcookie dig.out.testc`
$DIG $DIGOPTS +cookie=$cookie +padding=128 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null || ret=1
grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding must be requested (TCP) ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding must be requested (valid cookie) ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +cookie=$cookie foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that padding can be filtered out ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +vc +padding=128 -b 10.53.0.8 foo.example @10.53.0.2 > dig.out.test$n
grep "; PAD" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that a TCP and padding server config enables padding ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
@ -104,11 +104,11 @@ wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
if [ "$opad" -eq "$npad" ]; then echo_i "error: opad ($opad) == npad ($npad)"; ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that a padding server config should enforce TCP ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
nextpart ns2/named.stats > /dev/null
$RNDCCMD 10.53.0.2 stats
wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
@ -119,17 +119,17 @@ wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1
npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'`
if [ "$opad" -ne "$npad" ]; then echo_i "error: opad ($opad) != npad ($npad)"; ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that zero-length padding option has no effect ($n)"
ret=0
n=`expr $n + 1`
n=$((n + 1))
$DIG $DIGOPTS +qr +ednsopt=12 foo.example @10.53.0.2 > dig.out.test$n.1
grep "; PAD" dig.out.test$n.1 > /dev/null || ret=1
$DIG $DIGOPTS +qr +ednsopt=12:00 foo.example @10.53.0.2 > dig.out.test$n.2
grep "; PAD" dig.out.test$n.2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

34
bin/tests/system/pending/tests.sh
View file

@ -56,7 +56,7 @@ expect="10 mail.example."
ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking that bogus additional is not returned with +CD."
ret=0
@ -64,7 +64,7 @@ expect="10.0.0.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with pending additional records. These should not be promoted
@ -76,17 +76,17 @@ expect="10 mail.example.com."
ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending A"
ret=0
replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending AAAA"
ret=0
replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking updated data to be returned (without CD)"
ret=0
@ -94,7 +94,7 @@ expect="192.0.2.3"
ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Checking updated data to be returned (with CD)"
ret=0
@ -102,7 +102,7 @@ expect="2001:db8::3"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with a pending answer record. It can be returned (without
@ -114,12 +114,12 @@ expect="192.0.2.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending data"
ret=0
replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming cached pending data to be returned with CD"
ret=0
@ -127,7 +127,7 @@ expect="192.0.2.2"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Prime cache with a pending answer record. It should not be returned
@ -139,12 +139,12 @@ expect="192.0.2.102"
ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Replacing pending data"
ret=0
replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming updated data returned, not the cached one, without CD"
ret=0
@ -152,7 +152,7 @@ expect="192.0.2.103"
ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Try to fool the resolver with an out-of-bailiwick CNAME
@ -164,7 +164,7 @@ ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1
ans=`echo $ans | awk '{print $NF}'`
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD"
ret=0
@ -173,7 +173,7 @@ ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1
ans=`echo $ans | awk '{print $NF}'`
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
#
# Make sure the resolver doesn't cache bogus NXDOMAIN
@ -185,7 +185,7 @@ ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1
ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'`
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "Confirming the bogus NXDOMAIN was not cached"
ret=0
@ -194,7 +194,7 @@ ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1
ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'`
test "$ans" = "$expect" || ret=1
test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

36
bin/tests/system/reclimit/tests.sh
View file

@ -61,7 +61,7 @@ check_query_count() {
echo_i "set max-recursion-depth=12"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "1000" > ans2/ans.limit
@ -74,9 +74,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 27 14
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -90,11 +90,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 50 26
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=5"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -107,9 +107,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 13 7
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "5" > ans2/ans.limit
@ -123,11 +123,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 22 12
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=100, max-recursion-queries=50"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-queries lookup ($n)"
ret=0
echo "13" > ans2/ans.limit
@ -144,9 +144,9 @@ $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1
eval count=`cat dig.out.2.test$n`
[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "12" > ans2/ans.limit
@ -158,11 +158,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "set max-recursion-depth=100, max-recursion-queries=40"
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt excessive-queries lookup ($n)"
ret=0
echo "11" > ans2/ans.limit
@ -176,9 +176,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempt permissible lookup ($n)"
ret=0
echo "9" > ans2/ans.limit
@ -190,9 +190,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1
eval count=`cat dig.out.2.test$n`
[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "attempting NS explosion ($n)"
ret=0
ns3_reset ns3/named4.conf.in
@ -205,7 +205,7 @@ $DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1
eval count=`cat dig.out.3.test$n`
[ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50"; }
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
#grep "duplicate query" ns3/named.run
echo_i "exit status: $status"

212
bin/tests/system/redirect/tests.sh
View file

@ -28,9 +28,9 @@ do
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
@ -38,9 +38,9 @@ do
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
echo_i "checking A zone redirect works for nonexist ($n)"
@ -48,9 +48,9 @@ ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect updates statistics ($n)"
ret=0
@ -62,18 +62,18 @@ rm ns2/named.stats 2>/dev/null
$RNDCCMD 10.53.0.2 stats || ret=1
POST=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats`
if [ `expr $POST - $PRE` != 1 ]; then ret=1; fi
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist ($n)"
ret=0
@ -81,27 +81,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss ($n)"
ret=0
@ -109,27 +109,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
@ -137,27 +137,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
@ -165,9 +165,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -175,9 +175,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.te
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -185,9 +185,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2
grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -196,27 +196,27 @@ grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for nonexist authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist authoritative ($n)"
ret=0
@ -224,27 +224,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
@ -252,27 +252,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
@ -280,27 +280,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -308,9 +308,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -318,9 +318,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.te
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -328,9 +328,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
@ -339,17 +339,17 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking zone redirect works (with noerror) when qtype is not found ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that redirect zones reload correctly"
ret=0
@ -369,18 +369,18 @@ for i in 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $tmp -eq 1 ] && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect works for nonexist ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect works for nonexist ($n)"
ret=0
@ -391,9 +391,9 @@ PRE_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were r
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect updates statistics ($n)"
ret=0
@ -403,9 +403,9 @@ POST_RED=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were
POST_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats`
if [ `expr $POST_RED - $PRE_RED` != 1 ]; then ret=1; fi
if [ `expr $POST_SUC - $PRE_SUC` != 1 ]; then ret=1; fi
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for nonexist ($n)"
ret=0
@ -413,27 +413,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
@ -441,27 +441,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
@ -469,9 +469,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -479,9 +479,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.te
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -489,9 +489,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
@ -500,50 +500,50 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking nxdomain-redirect works (with noerror) when qtype is not found ($n)"
ret=0
$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking nxdomain-redirect against authoritative zone ($n)"
ret=0
$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking extended error is not set on allow-recursion ($n)"
ret=0
$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "EDE" dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

80
bin/tests/system/rootkeysentinel/tests.sh
View file

@ -23,7 +23,7 @@ rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
newtest() {
n=`expr $n + 1`
n=$((n + 1))
case $# in
1)
echo_i "$1 ($n)"
@ -48,250 +48,250 @@ echo_i "test id: oldid=${oldid} (configured)"
echo_i "test id: newid=${newid} (not configured)"
echo_i "test id: badid=${badid}"
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check authoritative server (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.2 example SOA > dig.out.ns2.test$n
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check test zone resolves with 'root-key-sentinel yes;'" " (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 example SOA > dig.out.ns3.test$n
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta, CD=1 and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check test zone resolves with 'root-key-sentinel no;'" " (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 example SOA > dig.out.ns4.test$n
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
$DIG $DIGOPTS @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
$DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

46
bin/tests/system/rpz/tests.sh
View file

@ -107,7 +107,7 @@ make_dignm () {
setret () {
ret=1
status=`expr $status + 1`
status=$((status + 1))
echo_i "$*"
}
@ -147,7 +147,7 @@ dnsrps_loaded() {
#echo "$Z @$M serial=$SN"
break
fi
n=`expr $n + 1`
n=$((n + 1))
if test "$n" -gt $TEN_SECS; then
echo_i "dnsrps serial for $Z is $RSN instead of $SN"
exit 1
@ -172,7 +172,7 @@ ck_soa() {
get_sn "$2" "$3"
test "$SN" -eq "$1" && return
fi
n=`expr $n + 1`
n=$((n + 1))
if test "$n" -gt $TEN_SECS; then
echo_i "got serial number \"$SN\" instead of \"$1\" from $2 @$3"
return
@ -303,7 +303,7 @@ produce_librpz_rules() {
# $2=optional test file name
start_group () {
ret=0
t=`expr $t + 1`
t=$((t + 1))
test -n "$1" && date "+${TS}checking $1 (${t})" | cat_i
TEST_FILE=$2
if test -n "$TEST_FILE"; then
@ -833,7 +833,7 @@ EOF
if [ native = "$mode" ]; then
# restart the main test RPZ server with a bad zone.
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that ns3 with broken rpz does not crash (${t})"
stop_server --use-rndc --port ${CONTROLPORT} ns3
cp ns3/broken.db.in ns3/bl.db
@ -842,7 +842,7 @@ EOF
stop_server --use-rndc --port ${CONTROLPORT} ns3
restart 3 "rebuild-bl-rpz"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})"
sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp
copy_setports ns3/named.conf.tmp ns3/named.conf
@ -852,13 +852,13 @@ EOF
copy_setports ns3/named.conf.in ns3/named.conf
$RNDCCMD $ns3 reconfig || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking the configured extended DNS error code (EDE) (${t})"
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t
grep -F "EDE: 4 (Forged Answer)" dig.out.$t > /dev/null || setret "failed"
# reload a RPZ zone that is now deliberately broken.
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz failed update will keep previous rpz rules (${t})"
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
@ -869,12 +869,12 @@ EOF
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking the default (unset) extended DNS error code (EDE) (${t})"
$DIG -p ${PORT} @$ns3 a6-2.tld2. A > dig.out.$t
grep -F "EDE: " dig.out.$t > /dev/null && setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking reload of a mixed-case RPZ zone (${t})"
# First, a sanity check: the A6-2.TLD2.mixed-case-rpz RPZ record should
# cause a6-2.tld2 NOERROR answers to be rewritten to NXDOMAIN answers.
@ -893,13 +893,13 @@ EOF
grep "status: NXDOMAIN" dig.out.$t.after >/dev/null || setret "failed"
fi
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
$DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t
ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.$t`
if test ${ttl:=0} -eq 0; then setret "failed"; fi
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz updates/transfers with parent nodes added after children (${t})"
# regression test for RT #36272: the success condition
# is the secondary server not crashing.
@ -913,7 +913,7 @@ EOF
done
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that going from an empty policy zone works (${t})"
nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2.
add_librpz_rule "update add *.x.servfail.policy2 300 CNAME ."
@ -922,25 +922,25 @@ EOF
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
grep NXDOMAIN dig.out.${t} > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that 'ede none' works same way as when \"ede\" is unset (${t})"
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
grep -F "EDE: " dig.out.${t} > /dev/null && setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that 'add-soa no' at rpz zone level works (${t})"
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
grep SOA dig.out.${t} > /dev/null && setret "failed"
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that 'add-soa yes' at response-policy level works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns3 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "reconfiguring server with 'add-soa no' (${t})"
cp ns3/named.conf ns3/named.conf.tmp
sed -e "s/add-soa yes/add-soa no/g" < ns3/named.conf.tmp > ns3/named.conf
@ -951,7 +951,7 @@ EOF
fi
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that 'add-soa unset' works (${t})"
$DIG walled.tld2 -p ${PORT} +noall +add @$ns8 > dig.out.${t}
grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed"
@ -960,12 +960,12 @@ EOF
# dnsrps does not allow NS RRs in policy zones, so this check
# with dnsrps results in no rewriting.
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking rpz with delegation fails correctly (${t})"
$DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t
grep "status: SERVFAIL" dig.out.$t > /dev/null || setret "failed"
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking policies from expired zone are no longer in effect ($t)"
$DIG -p ${PORT} @$ns3 a expired > dig.out.$t
grep "expired.*10.0.0.10" dig.out.$t > /dev/null && setret "failed"
@ -978,7 +978,7 @@ EOF
do
for type in AAAA A
do
t=`expr $t + 1`
t=$((t + 1))
case $label in
a-only)
echo_i "checking rpz 'CNAME *.' (NODATA) with dns64, $type lookup with A-only (${t})"
@ -996,12 +996,12 @@ EOF
grep "ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2$" dig.out.$t > /dev/null || ret=1
grep "^rpz" dig.out.$t > /dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
done
done
if [ native = "$mode" ]; then
t=`expr $t + 1`
t=$((t + 1))
echo_i "checking that rewriting CD=1 queries handles pending data correctly (${t})"
$RNDCCMD $ns3 flush
$RNDCCMD $ns6 flush

20
bin/tests/system/rrchecker/tests.sh
View file

@ -18,20 +18,20 @@ set -e
status=0
n=0
n=`expr $n + 1`
n=$((n + 1))
echo_i "class list ($n)"
$RRCHECKER -C > classlist.out
diff classlist.out classlist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff classlist.out classlist.good || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "type list ($n)"
$RRCHECKER -T > typelist.out
diff typelist.out typelist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff typelist.out typelist.good || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "private type list ($n)"
$RRCHECKER -P > privatelist.out
diff privatelist.out privatelist.good || { echo_i "failed"; status=`expr $status + 1`; }
diff privatelist.out privatelist.good || { echo_i "failed"; status=$((status + 1)); }
myecho() {
cat << EOF
@ -39,7 +39,7 @@ $*
EOF
}
n=`expr $n + 1`
n=$((n + 1))
echo_i "check conversions to canonical format ($n)"
ret=0
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 0 > tempzone
@ -56,9 +56,9 @@ do
echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'"
}
done < checkzone.out$n
test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; }
test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); }
n=`expr $n + 1`
n=$((n + 1))
echo_i "check conversions to and from unknown record format ($n)"
ret=0
$CHECKZONE -Dq . tempzone | sed '/^;/d' > checkzone.out$n
@ -79,7 +79,7 @@ do
echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'"
}
done < checkzone.out$n
test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; }
test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); }
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

8
bin/tests/system/rsabigexponent/tests.sh
View file

@ -27,7 +27,7 @@ do
ret=0
$CHECKCONF $f > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for f in conf/bad*.conf
@ -36,14 +36,14 @@ do
ret=0
$CHECKCONF $f > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
echo_i "checking that RSA big exponent keys can't be loaded"
ret=0
grep "out of range" ns2/signer.err > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking that RSA big exponent signature can't validate"
ret=0
@ -52,7 +52,7 @@ $DIG $DIGOPTS a.example @10.53.0.3 > dig.out.ns3 || ret=1
grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1
grep "status: SERVFAIL" dig.out.ns3 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

4
bin/tests/system/spf/tests.sh
View file

@ -39,9 +39,9 @@ grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1
grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1
grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1
n=`expr $n + 1`
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

68
bin/tests/system/staticstub/tests.sh
View file

@ -23,68 +23,68 @@ n=0
for conf in conf/good*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is accepted ($n)"
ret=0
$CHECKCONF "$conf" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
for conf in conf/bad*.conf
do
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that $conf is rejected ($n)"
ret=0
$CHECKCONF "$conf" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=`expr $n + 1`
n=$((n + 1))
echo_i "trying an axfr that should be denied (NOTAUTH) ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example. @10.53.0.2 axfr > dig.out.ns2.test$n || ret=1
grep "; Transfer failed." dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt > dig.out.ns2.test$n \
|| ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n \
|| ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "allow-query ACL ($n)"
ret=0
$DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt -b 10.53.0.7 \
> dig.out.ns2.test$n || ret=1
grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for static-stub zone data with recursion (should be found) ($n)"
ret=0
$DIG $DIGOPTS +tcp +noauth data.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
digcomp knowngood.dig.out.rec dig.out.ns2.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking authoritative NS is ignored for delegation ($n)"
ret=0
# the auth server returns a different (and incorrect) NS for .example.
@ -94,9 +94,9 @@ grep "ns4.example." dig.out.ns2.test1.$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp data2.example. @10.53.0.2 txt > dig.out.ns2.test2.$n || ret=1
grep "2nd test data" dig.out.ns2.test2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking queries for a child zone of the static-stub zone ($n)"
ret=0
# prime the delegation to a child zone of the static-stub zone
@ -120,9 +120,9 @@ copy_setports ns3/named.conf.in tmp
sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type primary; file "example.db.signed"; };/' tmp > ns3/named.conf
rndc_reload ns3 10.53.0.3
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking authoritative NS addresses are ignored for delegation ($n)"
ret=0
# the auth server returns a different (and incorrect) A/AAA RR for .example.
@ -137,29 +137,29 @@ rndc_reload ns2 10.53.0.2
$DIG $DIGOPTS +tcp data3.example. @10.53.0.2 txt > dig.out.ns2.test3.$n || ret=1
grep "3rd test data" dig.out.ns2.test3.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# the authoritative server of the query domain (example.com) is the apex
# name of the static-stub zone (example). in this case the static-stub
# configuration must be ignored and cached information must be used.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking NS of static-stub is ignored when referenced from other domain ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example.com. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example com data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# check server-names
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking static-stub with a server-name ($n)"
ret=0
$DIG $DIGOPTS +tcp data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example org data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
# Note: for a short term workaround we use ::1, assuming it's configured and
# usable for our tests. We should eventually use the test ULA and available
# checks introduced in change 2916.
@ -170,31 +170,31 @@ then
$DIG $DIGOPTS +tcp data.example.info. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "example info data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
else
echo_i "SKIPPED: checking IPv6 static-stub address ($n)"
fi
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for static-stub zone data with DNSSEC validation ($n)"
ret=0
$DIG $DIGOPTS +tcp +dnssec data4.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
grep "4th test data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "look for a child of static-stub zone data with DNSSEC validation ($n)"
ret=0
$DIG $DIGOPTS +tcp +dnssec data3.sub.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1
grep "3rd sub test data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
# reload with a different name server: existing zone shouldn't be reused.
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking server reload with a different static-stub config ($n)"
ret=0
copy_setports ns2/named.conf.in tmp
@ -203,9 +203,9 @@ rndc_reload ns2 10.53.0.2
$DIG $DIGOPTS +tcp data2.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking static-stub of a undelegated tld resolves after DS query ($n)"
ret=0
$DIG $DIGOPTS undelegated. @10.53.0.2 ds > dig.out.ns2.ds.test$n
@ -213,7 +213,7 @@ $DIG $DIGOPTS undelegated. @10.53.0.2 soa > dig.out.ns2.soa.test$n
grep "status: NXDOMAIN" dig.out.ns2.ds.test$n > /dev/null || ret=1
grep "status: NOERROR" dig.out.ns2.soa.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

76
bin/tests/system/statistics/tests.sh
View file

@ -38,35 +38,35 @@ rndc_stats() {
echo_i "fetching a.example from ns2's initial configuration ($n)"
$DIGCMD +noauth a.example. @10.53.0.2 any > dig.out.ns2.1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "dumping initial stats for ns2 ($n)"
rndc_stats ns2 10.53.0.2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying adb records in named.stats ($n)"
grep "ADB stats" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking for 1 entry in adb hash table in named.stats ($n)"
grep "1 Addresses in hash table" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying cache statistics in named.stats ($n)"
grep "Cache Statistics" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking for 2 entries in adb hash table in named.stats ($n)"
@ -74,8 +74,8 @@ $DIGCMD a.example.info. @10.53.0.2 any > /dev/null 2>&1
rndc_stats ns2 10.53.0.2 || ret=1
grep "2 Addresses in hash table" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "dumping initial stats for ns3 ($n)"
@ -83,8 +83,8 @@ rndc_stats ns3 10.53.0.3 || ret=1
nsock0nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'`
[ 0 -ne ${nsock0nstat:-0} ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "sending queries to ns3"
$DIGCMD +tries=2 +time=1 +recurse @10.53.0.3 foo.info. any > /dev/null 2>&1
@ -97,30 +97,30 @@ getstats() {
}
retry_quiet 5 getstats || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying recursing clients output in named.stats ($n)"
grep "2 recursing clients" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying active fetches output in named.stats ($n)"
grep "1 active fetches" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying active sockets output in named.stats ($n)"
nsock1nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'`
[ `expr ${nsock1nstat:-0} - ${nsock0nstat:-0}` -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
# there should be 1 UDP and no TCP queries. As the TCP counter is zero
# no status line is emitted.
@ -129,22 +129,22 @@ echo_i "verifying queries in progress in named.stats ($n)"
grep "1 UDP queries in progress" $last_stats > /dev/null || ret=1
grep "TCP queries in progress" $last_stats > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "verifying bucket size output ($n)"
grep "bucket size" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking priming queries are counted ($n)"
grep "priming queries" $last_stats > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking that zones with slash are properly shown in XML output ($n)"
@ -155,8 +155,8 @@ else
echo_i "skipping test as libxml2 and/or curl was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking that zones return their type ($n)"
@ -167,8 +167,8 @@ else
echo_i "skipping test as libxml2 and/or curl was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking bind9.xsl vs xml ($n)"
@ -223,8 +223,8 @@ else
echo_i "skipping test as libxml2 and/or curl with HTTP/1.1 support and/or xsltproc was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
ret=0
echo_i "checking bind9.xml socket statistics ($n)"
@ -247,8 +247,8 @@ else
echo_i "skipping test as libxml2 and/or stats.xml.out file and/or xsltproc was not found"
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "Check that 'zone-statistics full;' is processed by 'rndc reconfig' ($n)"
ret=0
@ -271,8 +271,8 @@ rndc_reconfig ns2 10.53.0.2
rndc_stats ns2 10.53.0.2 || ret=1
sed -n '/Per Zone Query Statistics/,/^++/p' $last_stats | grep -F '[example]' > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

6
bin/tests/system/tools/tests.sh
View file

@ -19,7 +19,7 @@ checkout() {
case $? in
0) : ok ;;
*) echo_i "failed"
status=`expr $status + 1`
status=$((status + 1))
return 1 ;;
esac
case $out in
@ -27,7 +27,7 @@ checkout() {
*) echo_i "expect $hash"
echo_i "output $out"
echo_i "failed"
status=`expr $status + 1` ;;
status=$((status + 1)) ;;
esac
}
@ -86,7 +86,7 @@ checkempty
checkfail() {
case $? in
0) echo_i "failed to fail"
status=`expr $status + 1`
status=$((status + 1))
return 1 ;;
esac
}

34
bin/tests/system/unknown/tests.sh
View file

@ -36,7 +36,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -50,7 +50,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -64,7 +64,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -73,7 +73,7 @@ ret=0
dig_cmd +short @10.53.0.1 null.example null in > dig.out.test$n
echo '\# 1 00' | diff - dig.out.test$n || ret=1
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "querying for empty NULL record ($n)"
@ -81,7 +81,7 @@ ret=0
dig_cmd +short @10.53.0.1 empty.example null in > dig.out.test$n
echo '\# 0' | diff - dig.out.test$n || ret=1
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "querying for various representations of a CLASS10 TYPE1 record ($n)"
@ -94,7 +94,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -108,7 +108,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -122,7 +122,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -136,7 +136,7 @@ do
then
echo_i "#$i failed"
fi
status=`expr $status + $ret`
status=$((status + ret))
done
n=$((n+1))
@ -149,7 +149,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "checking large unknown record loading on secondary ($n)"
@ -161,7 +161,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "stop and restart secondary"
stop_server ns2
@ -179,7 +179,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "checking large unknown record loading on inline secondary ($n)"
@ -187,7 +187,7 @@ ret=0
dig_cmd @10.53.0.3 +tcp +short large.example TYPE45234 > dig.out.test$n
diff large.out dig.out.test$n > /dev/null || { ret=1 ; echo_i "diff failed"; }
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "stop and restart inline secondary"
stop_server ns3
@ -205,7 +205,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do
sleep 1
done
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "check that '"'"\\#"'"' is not treated as the unknown escape sequence ($n)"
@ -213,7 +213,7 @@ ret=0
dig_cmd @10.53.0.1 +tcp +short txt8.example txt > dig.out.test$n
echo '"#" "2" "0145"' | diff - dig.out.test$n || ret=1
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "check that 'TXT \# text' is not treated as the unknown escape sequence ($n)"
@ -221,7 +221,7 @@ ret=0
dig_cmd @10.53.0.1 +tcp +short txt9.example txt > dig.out.test$n
echo '"#" "text"' | diff - dig.out.test$n || ret=1
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
n=$((n+1))
echo_i "check that 'TYPE353 \# cat' produces 'not a valid number' ($n)"
@ -229,7 +229,7 @@ ret=0
$CHECKZONE nan.bad zones/nan.bad > check.out 2>&1
grep "not a valid number" check.out > /dev/null || ret=1
[ $ret = 0 ] || echo_i "failed"
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

146
bin/tests/system/upforwd/tests.sh
View file

@ -65,35 +65,35 @@ do
test $ret = 0 && break
sleep 1
done
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching primary copy of zone before update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.1 axfr > dig.out.ns1.example.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 1 copy of zone before update ($n)"
$DIG $DIGOPTS example.\
@10.53.0.2 axfr > dig.out.ns2.example.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 2 copy of zone before update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.3 axfr > dig.out.ns3.example.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "comparing pre-update copies to known good data ($n)"
ret=0
digcomp knowngood.before dig.out.ns1.example.before || ret=1
digcomp knowngood.before dig.out.ns2.example.before || ret=1
digcomp knowngood.before dig.out.ns3.example.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "checking update forwarding of a zone (signed) (Do53 -> DoT) ($n)"
nextpart_thrice
@ -105,36 +105,36 @@ update add updated.example. 600 A 10.10.10.1
update add updated.example. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
echo_i "fetching primary copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.1 axfr > dig.out.ns1.example.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 1 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.2 axfr > dig.out.ns2.example.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "fetching secondary 2 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.3 axfr > dig.out.ns3.example.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "comparing post-update copies to known good data ($n)"
ret=0
digcomp knowngood.after1 dig.out.ns1.example.after1 || ret=1
digcomp knowngood.after1 dig.out.ns2.example.after1 || ret=1
digcomp knowngood.after1 dig.out.ns3.example.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "checking update forwarding of a zone (signed) (DoT -> DoT) ($n)"
nextpart_thrice
@ -146,43 +146,43 @@ update add updated-dot.example. 600 A 10.10.10.1
update add updated-dot.example. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
echo_i "fetching primary copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.1 axfr > dig.out.ns1.example.after2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 1 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.2 axfr > dig.out.ns2.example.after2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "fetching secondary 2 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.3 axfr > dig.out.ns3.example.after2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "comparing post-update copies to known good data ($n)"
ret=0
digcomp knowngood.after2 dig.out.ns1.example.after2 || ret=1
digcomp knowngood.after2 dig.out.ns2.example.after2 || ret=1
digcomp knowngood.after2 dig.out.ns3.example.after2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "checking 'forwarding update for zone' is logged twice ($n)"
ret=0
cnt=$(grep -F "forwarding update for zone 'example/IN'" ns3/named.run | wc -l || ret=1)
test "${cnt}" -eq 2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
if $FEATURETEST --enable-dnstap
then
@ -191,8 +191,8 @@ then
capture_dnstap
uq_equals_ur example || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
fi
echo_i "updating zone (unsigned) ($n)"
@ -205,62 +205,62 @@ update add unsigned.example. 600 A 10.10.10.1
update add unsigned.example. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
echo_i "fetching primary copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.1 axfr > dig.out.ns1.example.after3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "fetching secondary 1 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.2 axfr > dig.out.ns2.example.after3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 2 copy of zone after update ($n)"
ret=0
$DIG $DIGOPTS example.\
@10.53.0.3 axfr > dig.out.ns3.example.after3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "comparing post-update copies to known good data ($n)"
ret=0
digcomp knowngood.after3 dig.out.ns1.example.after3 || ret=1
digcomp knowngood.after3 dig.out.ns2.example.after3 || ret=1
digcomp knowngood.after3 dig.out.ns3.example.after3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "fetching primary copy of zone before update, first primary fails ($n)"
ret=0
$DIG $DIGOPTS example3.\
@10.53.0.1 axfr > dig.out.ns1.example3.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 1 copy of zone before update, first primary fails ($n)"
$DIG $DIGOPTS example3.\
@10.53.0.2 axfr > dig.out.ns2.example3.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 2 copy of zone before update, first primary fails ($n)"
ret=0
$DIG $DIGOPTS example3.\
@10.53.0.3 axfr > dig.out.ns3.example3.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "comparing pre-update copies to known good data, first primary fails ($n)"
ret=0
digcomp knowngood.before.example3 dig.out.ns1.example3.before || ret=1
digcomp knowngood.before.example3 dig.out.ns2.example3.before || ret=1
digcomp knowngood.before.example3 dig.out.ns3.example3.before || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "checking update forwarding of a zone (signed) (Do53 -> DoT) ($n)"
nextpart_thrice
@ -272,36 +272,36 @@ update add updated.example3. 600 A 10.10.10.1
update add updated.example3. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
echo_i "fetching primary copy of zone after update, first primary fails ($n)"
ret=0
$DIG $DIGOPTS example3.\
@10.53.0.1 axfr > dig.out.ns1.example3.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "fetching secondary 1 copy of zone after update, first primary fails ($n)"
ret=0
$DIG $DIGOPTS example3.\
@10.53.0.2 axfr > dig.out.ns2.example3.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
echo_i "fetching secondary 2 copy of zone after update, first primary fails ($n)"
ret=0
$DIG $DIGOPTS example3.\
@10.53.0.3 axfr > dig.out.ns3.example3.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "comparing post-update copies to known good data, first primary fails ($n)"
ret=0
digcomp knowngood.after1.example3 dig.out.ns1.example3.after1 || ret=1
digcomp knowngood.after1.example3 dig.out.ns2.example3.after1 || ret=1
digcomp knowngood.after1.example3 dig.out.ns3.example3.after1 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
if $FEATURETEST --enable-dnstap
then
@ -310,10 +310,10 @@ then
capture_dnstap
uq_equals_ur example3 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
fi
n=`expr $n + 1`
n=$((n + 1))
if test -f keyname
then
@ -329,15 +329,15 @@ then
update add unsigned.example2. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
$DIG -p ${PORT} unsigned.example2 A @10.53.0.1 > dig.out.ns1.test$n
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
if $FEATURETEST --enable-dnstap
then
@ -346,8 +346,8 @@ EOF
capture_dnstap
uq_equals_ur example2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
fi
echo_i "checking update forwarding with sig0 (DoT -> Do53) ($n)"
@ -362,15 +362,15 @@ EOF
update add unsigned-dot.example2. 600 TXT Foo
send
EOF
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
wait_for_log_thrice
$DIG -p ${PORT} unsigned-dot.example2 A @10.53.0.1 > dig.out.ns1.test$n
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
if $FEATURETEST --enable-dnstap
then
@ -379,8 +379,8 @@ EOF
capture_dnstap
uq_equals_ur example2 || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
fi
fi
@ -396,8 +396,8 @@ ret=0
EOF
} > nsupdate.out.$n 2>&1
grep REFUSED nsupdate.out.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "checking update forwarding to dead primary ($n)"
count=0
@ -418,12 +418,12 @@ EOF
grep "status: NOERROR" dig.out.ns3.test$n.$count > /dev/null || ret=1
count=`expr $count + 1`
done
if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
n=`expr $n + 1`
if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
n=$((n + 1))
echo_i "waiting for nsupdate to finish ($n)"
wait
n=`expr $n + 1`
n=$((n + 1))
if $FEATURETEST --enable-dnstap
then
@ -432,8 +432,8 @@ then
capture_dnstap
uq_equals_ur noprimary && ret=1
if [ $ret != 0 ] ; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
fi
n=$((n + 1))

100
bin/tests/system/wildcard/tests.sh
View file

@ -22,41 +22,41 @@ rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC wildcard non-existence proof is returned auth ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC wildcard non-existence proof is returned non-validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns2.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC wildcard non-existence proof is returned validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC wildcard non-existence proof is returned validating + CD ($n)"
ret=0
$DIG $DIGOPTS +cd a b.wild.nsec @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns5.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns5.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
status=$((status + ret))
n=$((n + 1))
echo_i "checking that returned NSEC wildcard non-existence proof validates ($n)"
ret=0
@ -64,91 +64,91 @@ $DIG $DIGOPTS a b.wild.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC wildcard non-existence proof is returned private, validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that returned NSEC wildcard non-existence proof for private zone validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC3 wildcard non-existence proof is returned auth ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC3 wildcard non-existence proof is returned non-validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns2.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC3 wildcard non-existence proof is returned validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC3 wildcard non-existence proof is returned validating + CD ($n)"
ret=0
$DIG $DIGOPTS +cd a b.wild.nsec3 @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns5.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns5.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that returned NSEC3 wildcard non-existence proof validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that NSEC3 wildcard non-existence proof is returned private, validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking that returned NSEC3 wildcard non-existence proof for private zone validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking RFC 4592 responses ..."
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: host3.example. QTYPE=MX, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 host3.example. MX IN > dig.out.ns1.test$n || ret=1
@ -156,18 +156,18 @@ grep '^host3.example..*IN.MX.10 host1.example.' dig.out.ns1.test$n > /dev/null |
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: host3.example. QTYPE=A, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 host3.example. A IN > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: foo.bar.example. QTYPE=TXT, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 foo.bar.example TXT IN > dig.out.ns1.test$n || ret=1
@ -175,45 +175,45 @@ grep '^foo.bar.example..*IN.TXT."this is a wildcard"' dig.out.ns1.test$n > /dev/
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: sub.*.example. QTYPE=MX, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 "sub.*.example." MX IN > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: _telnet._tcp.host1.example. QTYPE=SRV, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 _telnet._tcp.host1.example. SRV IN > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: host.subdel.example. QTYPE=A, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 host.subdel.example A IN > dig.out.ns1.test$n || ret=1
@ -223,27 +223,27 @@ grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1
grep "subdel.example..*IN.NS.ns.example.com." dig.out.ns1.test$n > /dev/null || ret=1
grep "subdel.example..*IN.NS.ns.example.net." dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: ghost.*.example. QTYPE=MX, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 "ghost.*.example" MX IN > dig.out.ns1.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "checking RFC 4592: _foo._udp.bar.example. QTYPE=SRV, QCLASS=IN ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.1 "_foo._udp.bar.example" SRV IN > dig.out.ns1.test$n || ret=1
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
n=`expr $n + 1`
n=$((n + 1))
echo_i "check wild card expansions by code point ($n)"
ret=0
i=0
@ -276,7 +276,7 @@ do
i=`expr $i + 1`
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

46
bin/tests/system/zonechecks/tests.sh
View file

@ -24,13 +24,13 @@ status=0
echo_i "checking that we detect a NS which refers to a CNAME"
if $CHECKZONE . cname.db > cname.out 2>&1
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "is a CNAME" cname.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -38,13 +38,13 @@ fi
echo_i "checking that we detect a NS which is below a DNAME"
if $CHECKZONE . dname.db > dname.out 2>&1
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "is below a DNAME" dname.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -52,13 +52,13 @@ fi
echo_i "checking that we detect a NS which has no address records (A/AAAA)"
if $CHECKZONE . noaddress.db > noaddress.out
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "has no address records" noaddress.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -66,13 +66,13 @@ fi
echo_i "checking that we detect a NS which has no records"
if $CHECKZONE . nxdomain.db > nxdomain.out
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "has no address records" noaddress.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -80,13 +80,13 @@ fi
echo_i "checking that we detect a NS which looks like a A record (fail)"
if $CHECKZONE -n fail . a.db > a.out 2>&1
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "appears to be an address" a.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -98,10 +98,10 @@ then
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
else
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
fi
#
@ -110,25 +110,25 @@ if $CHECKZONE -n ignore . a.db > a.out 2>&1
then
if grep "appears to be an address" a.out > /dev/null
then
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
else
:
fi
else
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
fi
#
echo_i "checking that we detect a NS which looks like a AAAA record (fail)"
if $CHECKZONE -n fail . aaaa.db > aaaa.out 2>&1
then
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
else
if grep "appears to be an address" aaaa.out > /dev/null
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
fi
@ -140,10 +140,10 @@ then
then
:
else
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
fi
else
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
fi
#
@ -152,12 +152,12 @@ if $CHECKZONE -n ignore . aaaa.db > aaaa.out 2>&1
then
if grep "appears to be an address" aaaa.out > /dev/null
then
echo_i "failed (message)"; status=`expr $status + 1`
echo_i "failed (message)"; status=$((status + 1))
else
:
fi
else
echo_i "failed (status)"; status=`expr $status + 1`
echo_i "failed (status)"; status=$((status + 1))
fi
#
@ -234,7 +234,7 @@ $RNDCCMD 10.53.0.1 zonestatus reload.example > rndc.out.removeinclude 2>&1
checkfor "files: reload.db$" rndc.out.removeinclude
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking 'rdnc zonestatus' with duplicated zone name"
ret=0
@ -245,14 +245,14 @@ checkfor "name: duplicate.example" rndc.out.duplicate
$RNDCCMD 10.53.0.1 zonestatus nosuchzone.example > rndc.out.duplicate 2>&1
checkfor "no matching zone 'nosuchzone.example' in any view" rndc.out.duplicate
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "checking 'rdnc zonestatus' with big serial value"
ret=0
$RNDCCMD 10.53.0.1 zonestatus bigserial.example > rndc.out.bigserial 2>&1
checkfor "serial: 3003113544" rndc.out.bigserial
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1