From 9597a3aaca3f269e5533785003f0e5922d19a2aa Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 28 Dec 2022 15:55:43 +0000 Subject: [PATCH] Add nsupdate timeout tests * nsupdate should take 12 seconds (one try and three retries with 3 second timeout for each), UDP mode * nsupdate -u 4 -r 1 should take 8 seconds (one try and one retry with 4 second timeout for each), UDP mode * nsupdate -u 0 -t 8 -r 1 should also take 8 seconds, UDP mode * nsupdate -u 4 -t 30 -r 1 should also take 8 seconds, as -u takes precedence over -t, UDP mode * nsupdate -t 8 -v should also take 8 seconds, TCP mode (cherry picked from commit 5ce2ed068845e6d05e843fc7f720d08e12f266d7) --- bin/tests/system/nsupdate/ans4/ans.pl | 5 + bin/tests/system/nsupdate/tests.sh | 250 +++++++++++++++++--------- 2 files changed, 171 insertions(+), 84 deletions(-) diff --git a/bin/tests/system/nsupdate/ans4/ans.pl b/bin/tests/system/nsupdate/ans4/ans.pl index d4299c492b..30c792f1cf 100644 --- a/bin/tests/system/nsupdate/ans4/ans.pl +++ b/bin/tests/system/nsupdate/ans4/ans.pl @@ -31,6 +31,8 @@ if (!$localport) { $localport = 5300; } my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!"; +my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => $localport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; print "listening on $server_addr:$localport.\n"; @@ -49,6 +51,7 @@ for (;;) { $rin = ''; vec($rin, fileno($udpsock), 1) = 1; + vec($rin, fileno($tcpsock), 1) = 1; select($rout = $rin, undef, undef, undef); @@ -56,5 +59,7 @@ for (;;) { printf "UDP request\n"; my $buf; $udpsock->recv($buf, 512); + } elsif (vec($rout, fileno($tcpsock), 1)) { + printf "TCP request\n"; } } diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index c3ad998505..9b6c774753 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -738,7 +738,7 @@ grep "TXT.*everywhere" dig.out.2.test$n > /dev/null || ret=1 n=$((n + 1)) ret=0 echo_i "check 'grant' in deny name + grant subdomain ($n)" -$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 key hmac-sha256:subkey 1234abcd8765 server 10.53.0.9 ${PORT} zone denyname.example @@ -752,7 +752,7 @@ grep "added" dig.out.ns9.test$n > /dev/null || ret=1 n=$((n + 1)) ret=0 echo_i "check 'deny' in deny name + grant subdomain ($n)" -$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 key hmac-sha256:subkey 1234abcd8765 server 10.53.0.9 ${PORT} zone denyname.example @@ -1033,7 +1033,7 @@ grep "bad name" nsupdate.out4-$n > /dev/null && ret=1 n=$((n + 1)) echo_i "check adding of delegating NS records processing ($n)" ret=0 -$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.3 ${PORT} zone delegation.test. update add child.delegation.test. 3600 NS foo.example.net. @@ -1048,7 +1048,7 @@ grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 n=$((n + 1)) echo_i "check deleting of delegating NS records processing ($n)" ret=0 -$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.3 ${PORT} zone delegation.test. update del child.delegation.test. 3600 NS foo.example.net. @@ -1062,13 +1062,13 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 n=$((n + 1)) echo_i "check that adding too many records is blocked ($n)" ret=0 -$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} zone too-big.test. update add r1.too-big.test 3600 IN TXT r1.too-big.test send EOF -grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1 +grep "update failed: SERVFAIL" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1 @@ -1076,15 +1076,97 @@ grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || n=$((n + 1)) ret=0 -echo_i "check whether valid addresses are used for primary failover ($n)" -$NSUPDATE -t 1 < nsupdate.out-$n 2>&1 && ret=1 +echo_i "check whether valid addresses are used for primary failover (UDP with defaults) ($n)" +t1=$($PERL -e 'print time()') +$NSUPDATE < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.4 ${PORT} zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1 -grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1 +t2=`$PERL -e 'print time()'` +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 +elapsed=$((t2 - t1)) +# Check that default timeout value is respected, there should be 4 tries with 3 seconds each. +test $elapsed -lt 12 && ret=1 +test $elapsed -gt 15 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=$((n + 1)) +ret=0 +echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout) ($n)" +t1=$($PERL -e 'print time()') +$NSUPDATE -u 4 -r 1 < nsupdate.out.test$n 2>&1 && ret=1 +server 10.53.0.4 ${PORT} +zone unreachable. +update add unreachable. 600 A 192.0.2.1 +send +END +t2=`$PERL -e 'print time()'` +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 +elapsed=$((t2 - t1)) +# Check that given timeout value is respected, there should be 2 tries with 4 seconds each. +test $elapsed -lt 8 && ret=1 +test $elapsed -gt 12 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=$((n + 1)) +ret=0 +echo_i "check whether valid addresses are used for primary failover (UDP with -t timeout) ($n)" +t1=$($PERL -e 'print time()') +$NSUPDATE -u 0 -t 8 -r 1 < nsupdate.out.test$n 2>&1 && ret=1 +server 10.53.0.4 ${PORT} +zone unreachable. +update add unreachable. 600 A 192.0.2.1 +send +END +t2=`$PERL -e 'print time()'` +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 +elapsed=$((t2 - t1)) +# Check that given timeout value is respected, there should be 2 tries with 4 seconds each. +test $elapsed -lt 8 && ret=1 +test $elapsed -gt 12 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=$((n + 1)) +ret=0 +echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout -t timeout) ($n)" +t1=$($PERL -e 'print time()') +$NSUPDATE -u 4 -t 30 -r 1 < nsupdate.out.test$n 2>&1 && ret=1 +server 10.53.0.4 ${PORT} +zone unreachable. +update add unreachable. 600 A 192.0.2.1 +send +END +t2=`$PERL -e 'print time()'` +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 +elapsed=$((t2 - t1)) +# Check that given timeout value is respected, there should be 2 tries with 4 seconds each, as -u takes precedence over -t. +test $elapsed -lt 8 && ret=1 +test $elapsed -gt 12 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=$((n + 1)) +ret=0 +echo_i "check whether valid addresses are used for primary failover (TCP with -t timeout) ($n)" +t1=$($PERL -e 'print time()') +$NSUPDATE -t 8 -v < nsupdate.out.test$n 2>&1 && ret=1 +server 10.53.0.4 ${PORT} +zone unreachable. +update add unreachable. 600 A 192.0.2.1 +send +END +t2=`$PERL -e 'print time()'` +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 +elapsed=$((t2 - t1)) +# Check that given timeout value is respected, there should be 1 try with 8 seconds. +test $elapsed -lt 8 && ret=1 +test $elapsed -gt 12 && ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) @@ -1148,39 +1230,39 @@ grep "syntax error" nsupdate.out > /dev/null && ret=1 n=$((n + 1)) ret=0 echo_i "check nsupdate -4 -6 ($n)" -$NSUPDATE -4 -6 < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -4 -6 < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} zone delegation.test. update del child.delegation.test. 3600 NS foo.example.net. update del child.delegation.test. 3600 NS bar.example.net. send END -grep "only one of -4 and -6 allowed" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +grep "only one of -4 and -6 allowed" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) ret=0 echo_i "check nsupdate -4 with an IPv6 server address ($n)" -$NSUPDATE -4 < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -4 < nsupdate.out.test$n 2>&1 && ret=1 server fd92:7065:b8e:ffff::2 ${PORT} zone delegation.test. update del child.delegation.test. 3600 NS foo.example.net. update del child.delegation.test. 3600 NS bar.example.net. send END -grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +grep "address family not supported" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) ret=0 echo_i "check that TKEY in a update is rejected ($n)" -$NSUPDATE -d < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw== send END -grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1 -grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +grep "UPDATE, status: NOERROR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 +grep "UPDATE, status: FORMERR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) @@ -1250,7 +1332,7 @@ grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1 nextpart ns3/named.run > /dev/null # specify zone to override the default of adding to parent zone -$NSUPDATE -d < nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.3 ${PORT} zone example update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C @@ -1269,7 +1351,7 @@ echo_i "check that CDS with mismatched algorithm to DNSSEC multisigner zone is n $DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1 grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1 -$NSUPDATE -d < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} zone multisigner.test update add multisigner.test 3600 IN CDS 14364 14 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C @@ -1289,7 +1371,7 @@ $DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1 nextpart ns3/named.run > /dev/null -$NSUPDATE -d < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} zone multisigner.test update add multisigner.test 3600 IN CDNSKEY 257 3 14 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ== @@ -1308,7 +1390,7 @@ echo_i "check that CDS to DNSSEC multisigner zone is allowed ($n)" $DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1 grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1 -$NSUPDATE -d < nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.3 ${PORT} zone multisigner.test update add multisigner.test 3600 IN CDS 14364 13 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C @@ -1323,7 +1405,7 @@ echo_i "check that CDNSKEY to DNSSEC multisigner zone is allowed ($n)" $DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1 grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1 -$NSUPDATE -d < nsupdate.out-$n 2>&1 || ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.3 ${PORT} zone multisigner.test update add multisigner.test 3600 IN CDNSKEY 257 3 13 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ== @@ -1335,12 +1417,12 @@ retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1 n=$((n + 1)) ret=0 echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)" -$NSUPDATE -d < nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -d < nsupdate.out.test$n 2>&1 && ret=1 server 10.53.0.3 ${PORT} zone example update add example 0 in NSEC3PARAM 1 0 151 - END -grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1 +grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) @@ -1351,13 +1433,13 @@ echo_i "check nsupdate retries with another server on REFUSED response ($n)" # that's what we're testing for. (failure is still expected, however, # because the address lookup for the primary doesn't use the overridden # resolv.conf file). -$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1 +$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out.test$n 2>&1 && ret=1 zone example update add a 3600 IN A 1.2.3.4 send EOF -grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1 -grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1 +grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1 +grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } n=$((n + 1)) @@ -1396,7 +1478,7 @@ else echo_i "check krb5-self match ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1414,7 +1496,7 @@ EOF echo_i "check krb5-self no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1422,7 +1504,7 @@ EOF update add foo.example.com 3600 IN A 10.53.0.7 send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1432,7 +1514,7 @@ EOF echo_i "check krb5-subdomain match ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1450,7 +1532,7 @@ EOF echo_i "check krb5-subdomain no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1458,7 +1540,7 @@ EOF update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1468,7 +1550,7 @@ EOF echo_i "check krb5-subdomain-self-rhs match PTR ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1486,7 +1568,7 @@ EOF echo_i "check krb5-subdomain-self-rhs no-match PTR ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1494,7 +1576,7 @@ EOF update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 5.3.2.1.in-addr.arpa PTR > dig.out.ns7.test$n grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1504,7 +1586,7 @@ EOF echo_i "check krb5-subdomain-self-rhs match SRV ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1522,7 +1604,7 @@ EOF echo_i "check krb5-subdomain-self-rhs no listed types match (SRV & TXT) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1542,7 +1624,7 @@ EOF echo_i "check krb5-subdomain-self-rhs no-match RDATA (SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1550,7 +1632,7 @@ EOF update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com SRV > dig.out.ns7.test$n grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1560,7 +1642,7 @@ EOF echo_i "check krb5-subdomain-self-rhs no-match TYPE (TXT) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1568,7 +1650,7 @@ EOF update add _yyy.self-srv.example.com 3600 IN TXT a-txt-record send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com TXT > dig.out.ns7.test$n grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1581,7 +1663,7 @@ EOF grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1598,7 +1680,7 @@ EOF echo_i "check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1606,7 +1688,7 @@ EOF update delete many.ptr.self-ptr.in-addr.arpa PTR send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1 @@ -1620,7 +1702,7 @@ EOF grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1637,7 +1719,7 @@ EOF echo_i "check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1645,7 +1727,7 @@ EOF update delete many.any.self-ptr.in-addr.arpa send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1 @@ -1659,7 +1741,7 @@ EOF grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1676,7 +1758,7 @@ EOF echo_i "check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1684,7 +1766,7 @@ EOF update delete many.srv.self-srv.example.com SRV send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 many.srv.self-srv.example.com SRV > dig.out.ns7.test$n grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1 @@ -1698,7 +1780,7 @@ EOF grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1715,7 +1797,7 @@ EOF echo_i "check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.7 ${PORT} @@ -1723,7 +1805,7 @@ EOF update delete many.any.self-srv.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-srv.example.com SRV > dig.out.ns7.test$n grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1 @@ -1734,7 +1816,7 @@ EOF echo_i "check krb5-selfsub match ($n)" KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.8 ${PORT} @@ -1752,7 +1834,7 @@ EOF echo_i "check krb5-selfsub no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.8 ${PORT} @@ -1760,7 +1842,7 @@ EOF update add foo.example.com 3600 IN A 10.53.0.8 send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1770,7 +1852,7 @@ EOF echo_i "check ms-self match ($n)" KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.9 ${PORT} @@ -1788,7 +1870,7 @@ EOF echo_i "check ms-self no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.9 ${PORT} @@ -1796,7 +1878,7 @@ EOF update add foo.example.com 3600 IN A 10.53.0.9 send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1806,7 +1888,7 @@ EOF echo_i "check ms-subdomain match ($n)" KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.9 ${PORT} @@ -1824,7 +1906,7 @@ EOF echo_i "check ms-subdomain no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.9 ${PORT} @@ -1832,7 +1914,7 @@ EOF update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1842,7 +1924,7 @@ EOF echo_i "check ms-subdomain-self-rhs match (PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1860,7 +1942,7 @@ EOF echo_i "check ms-subdomain-self-rhs no-match (PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1868,7 +1950,7 @@ EOF update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 5.3.2.1.in-addr.arpa PTR > dig.out.ns10.test$n grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1878,7 +1960,7 @@ EOF echo_i "check ms-subdomain-self-rhs match (SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1896,7 +1978,7 @@ EOF echo_i "check ms-subdomain-self-rhs no-match (SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1904,7 +1986,7 @@ EOF update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 _yyy.self-srv.example.com SRV > dig.out.ns10.test$n grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } @@ -1917,7 +1999,7 @@ EOF grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1934,7 +2016,7 @@ EOF echo_i "check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1942,7 +2024,7 @@ EOF update delete many.srv.self-srv.example.com SRV send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 many.srv.self-srv.example.com SRV > dig.out.ns10.test$n grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1 @@ -1956,7 +2038,7 @@ EOF grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1973,7 +2055,7 @@ EOF echo_i "check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -1981,7 +2063,7 @@ EOF update delete many.ptr.self-ptr.in-addr.arpa PTR send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1 @@ -1995,7 +2077,7 @@ EOF grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2012,7 +2094,7 @@ EOF echo_i "check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2020,7 +2102,7 @@ EOF update delete many.any.self-ptr.in-addr.arpa send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1 @@ -2034,7 +2116,7 @@ EOF grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1 KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2051,7 +2133,7 @@ EOF echo_i "check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2059,7 +2141,7 @@ EOF update delete many.any.self-srv.example.com send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-srv.example.com SRV > dig.out.ns10.test$n grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1 @@ -2070,7 +2152,7 @@ EOF echo_i "check ms-selfsub match ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2088,7 +2170,7 @@ EOF echo_i "check ms-selfsub no-match ($n)" KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache" export KRB5CCNAME - $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1 gsstsig realm EXAMPLE.COM server 10.53.0.10 ${PORT} @@ -2096,7 +2178,7 @@ EOF update add foo.example.com 3600 IN A 10.53.0.10 send EOF - grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; }