From adbe2caf28728a1e24e7741aebc013fe6de13789 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 9 Oct 2018 10:54:51 +0200 Subject: [PATCH] Test whether mirror zones can be added and removed dynamically Extend the "mirror" zone system test to make sure mirror zones can be added and removed dynamically using rndc. --- bin/tests/system/mirror/clean.sh | 1 + bin/tests/system/mirror/ns2/named.conf.in | 5 ++++ bin/tests/system/mirror/ns2/sign.sh | 2 +- bin/tests/system/mirror/ns3/named.conf.in | 1 + bin/tests/system/mirror/tests.sh | 33 +++++++++++++++++++++++ 5 files changed, 41 insertions(+), 1 deletion(-) diff --git a/bin/tests/system/mirror/clean.sh b/bin/tests/system/mirror/clean.sh index fc189a8604..99ee2ae020 100644 --- a/bin/tests/system/mirror/clean.sh +++ b/bin/tests/system/mirror/clean.sh @@ -11,6 +11,7 @@ rm -f */*.conf rm -f */*.db rm -f */*.jnl rm -f */*.mirror +rm -f */*.nzd* rm -f */*.prev rm -f */*.signed rm -f */K* diff --git a/bin/tests/system/mirror/ns2/named.conf.in b/bin/tests/system/mirror/ns2/named.conf.in index ebcce5729a..2979ea9980 100644 --- a/bin/tests/system/mirror/ns2/named.conf.in +++ b/bin/tests/system/mirror/ns2/named.conf.in @@ -45,6 +45,11 @@ zone "initially-unavailable" { allow-transfer { 10.53.0.254; }; }; +zone "verify-addzone" { + type master; + file "verify-addzone.db.original.signed"; +}; + zone "verify-axfr" { type master; file "verify-axfr.db.signed"; diff --git a/bin/tests/system/mirror/ns2/sign.sh b/bin/tests/system/mirror/ns2/sign.sh index e8239b14e0..57df68db1b 100644 --- a/bin/tests/system/mirror/ns2/sign.sh +++ b/bin/tests/system/mirror/ns2/sign.sh @@ -36,7 +36,7 @@ ORIGINAL_SERIAL=`awk '$2 == "SOA" {print $5}' verify.db.in` UPDATED_SERIAL_BAD=`expr ${ORIGINAL_SERIAL} + 1` UPDATED_SERIAL_GOOD=`expr ${ORIGINAL_SERIAL} + 2` -for variant in axfr ixfr load reconfig untrusted; do +for variant in addzone axfr ixfr load reconfig untrusted; do zone=verify-$variant infile=verify.db.in zonefile=verify-$variant.db diff --git a/bin/tests/system/mirror/ns3/named.conf.in b/bin/tests/system/mirror/ns3/named.conf.in index 4b14e8d9a7..edf6a21702 100644 --- a/bin/tests/system/mirror/ns3/named.conf.in +++ b/bin/tests/system/mirror/ns3/named.conf.in @@ -29,6 +29,7 @@ options { recursion yes; allow-query-cache { 10.53.0.1; }; trust-anchor-telemetry yes; + allow-new-zones yes; }; zone "." { diff --git a/bin/tests/system/mirror/tests.sh b/bin/tests/system/mirror/tests.sh index 1768847d6a..8411857d0d 100644 --- a/bin/tests/system/mirror/tests.sh +++ b/bin/tests/system/mirror/tests.sh @@ -427,6 +427,39 @@ nextpart ns3/named.run | grep "No correct RSASHA256 signature for verify-reconfi if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "checking that a mirror zone can be added using rndc ($n)" +ret=0 +# Sanity check: the zone should not exist in the root zone. +$DIG $DIGOPTS @10.53.0.3 +norec verify-addzone SOA > dig.out.ns3.test$n.1 2>&1 || ret=1 +grep "NXDOMAIN" dig.out.ns3.test$n.1 > /dev/null || ret=1 +grep "flags:.* aa" dig.out.ns3.test$n.1 > /dev/null && ret=1 +grep "flags:.* ad" dig.out.ns3.test$n.1 > /dev/null || ret=1 +# Mirror a zone which does not exist in the root zone. +nextpart ns3/named.run > /dev/null +$RNDCCMD 10.53.0.3 addzone verify-addzone '{ type mirror; masters { 10.53.0.2; }; };' > rndc.out.ns3.test$n 2>&1 || ret=1 +wait_for_transfer verify-addzone +# Check whether the mirror zone was added and whether it behaves as expected. +$DIG $DIGOPTS @10.53.0.3 +norec verify-addzone SOA > dig.out.ns3.test$n.2 2>&1 || ret=1 +grep "NOERROR" dig.out.ns3.test$n.2 > /dev/null || ret=1 +grep "flags:.* aa" dig.out.ns3.test$n.2 > /dev/null && ret=1 +grep "flags:.* ad" dig.out.ns3.test$n.2 > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that a mirror zone can be deleted using rndc ($n)" +ret=0 +# Remove the mirror zone added in the previous test. +$RNDCCMD 10.53.0.3 delzone verify-addzone > rndc.out.ns3.test$n 2>&1 || ret=1 +# Check whether the mirror zone was removed. +$DIG $DIGOPTS @10.53.0.3 +norec verify-addzone SOA > dig.out.ns3.test$n 2>&1 || ret=1 +grep "NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +grep "flags:.* aa" dig.out.ns3.test$n > /dev/null && ret=1 +grep "flags:.* ad" dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + n=`expr $n + 1` echo_i "ensuring trust anchor telemetry queries are sent upstream for a mirror zone ($n)" ret=0