diff --git a/bin/tests/system/upforwd/knowngood.after2 b/bin/tests/system/upforwd/knowngood.after2 index eab7a2cf06..04a001f813 100644 --- a/bin/tests/system/upforwd/knowngood.after2 +++ b/bin/tests/system/upforwd/knowngood.after2 @@ -4,8 +4,8 @@ example. 3600 IN NS ns3.example. ns1.example. 3600 IN A 10.53.0.1 ns2.example. 3600 IN A 10.53.0.2 ns3.example. 3600 IN A 10.53.0.3 -unsigned.example. 600 IN TXT "Foo" -unsigned.example. 600 IN A 10.10.10.1 updated.example. 600 IN TXT "Foo" updated.example. 600 IN A 10.10.10.1 +updated-dot.example. 600 IN TXT "Foo" +updated-dot.example. 600 IN A 10.10.10.1 example. 3600 IN SOA n1.example. hostmaster.ns1.example. 3 3600 1200 604800 7200 diff --git a/bin/tests/system/upforwd/knowngood.after3 b/bin/tests/system/upforwd/knowngood.after3 new file mode 100644 index 0000000000..18407f09e6 --- /dev/null +++ b/bin/tests/system/upforwd/knowngood.after3 @@ -0,0 +1,13 @@ +example. 3600 IN SOA n1.example. hostmaster.ns1.example. 4 3600 1200 604800 7200 +example. 3600 IN NS ns2.example. +example. 3600 IN NS ns3.example. +ns1.example. 3600 IN A 10.53.0.1 +ns2.example. 3600 IN A 10.53.0.2 +ns3.example. 3600 IN A 10.53.0.3 +unsigned.example. 600 IN TXT "Foo" +unsigned.example. 600 IN A 10.10.10.1 +updated.example. 600 IN TXT "Foo" +updated.example. 600 IN A 10.10.10.1 +updated-dot.example. 600 IN TXT "Foo" +updated-dot.example. 600 IN A 10.10.10.1 +example. 3600 IN SOA n1.example. hostmaster.ns1.example. 4 3600 1200 604800 7200 diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in index 83ba6040c4..dad7b2ffbf 100644 --- a/bin/tests/system/upforwd/ns1/named.conf.in +++ b/bin/tests/system/upforwd/ns1/named.conf.in @@ -21,8 +21,10 @@ options { notify-source 10.53.0.1; transfer-source 10.53.0.1; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; + listen-on tls ephemeral { 10.53.0.1; }; listen-on-v6 { none; }; recursion yes; notify yes; diff --git a/bin/tests/system/upforwd/ns3/named.conf.in b/bin/tests/system/upforwd/ns3/named.conf.in index 75eed2ed93..abb6770c09 100644 --- a/bin/tests/system/upforwd/ns3/named.conf.in +++ b/bin/tests/system/upforwd/ns3/named.conf.in @@ -16,8 +16,10 @@ options { notify-source 10.53.0.3; transfer-source 10.53.0.3; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; + listen-on tls ephemeral { 10.53.0.3; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -37,7 +39,7 @@ zone "example" { type secondary; file "example.bk"; allow-update-forwarding { any; }; - primaries { 10.53.0.1; }; + primaries { 10.53.0.1 port @TLSPORT@ tls ephemeral; }; }; zone "example2" { diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh index 6d53af1c61..33227c363d 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -78,7 +78,7 @@ digcomp knowngood.before dig.out.ns2 || ret=1 digcomp knowngood.before dig.out.ns3 || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -echo_i "updating zone (signed) ($n)" +echo_i "checking update forwarding of a zone (signed) (Do53 -> DoT) ($n)" ret=0 $NSUPDATE -y "${DEFAULT_HMAC}:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K" -- - < DoT) ($n)" ret=0 -grep "forwarding update for zone 'example/IN'" ns3/named.run > /dev/null || ret=1 +$NSUPDATE -y "${DEFAULT_HMAC}:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K" -S -O -- - < dig.out.ns1 || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +n=`expr $n + 1` + +echo_i "fetching secondary 1 copy of zone after update ($n)" +ret=0 +$DIG $DIGOPTS example.\ + @10.53.0.2 axfr > dig.out.ns2 || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi + +echo_i "fetching secondary 2 copy of zone after update ($n)" +ret=0 +$DIG $DIGOPTS example.\ + @10.53.0.3 axfr > dig.out.ns3 || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +n=`expr $n + 1` + +echo_i "comparing post-update copies to known good data ($n)" +ret=0 +digcomp knowngood.after2 dig.out.ns1 || ret=1 +digcomp knowngood.after2 dig.out.ns2 || ret=1 +digcomp knowngood.after2 dig.out.ns3 || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi + +echo_i "checking 'forwarding update for zone' is logged twice ($n)" +ret=0 +cnt=$(grep -F "forwarding update for zone 'example/IN'" ns3/named.run | wc -l || ret=1) +test "${cnt}" -eq 2 || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi n=`expr $n + 1` @@ -171,9 +213,9 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi echo_i "comparing post-update copies to known good data ($n)" ret=0 -digcomp knowngood.after2 dig.out.ns1 || ret=1 -digcomp knowngood.after2 dig.out.ns2 || ret=1 -digcomp knowngood.after2 dig.out.ns3 || ret=1 +digcomp knowngood.after3 dig.out.ns1 || ret=1 +digcomp knowngood.after3 dig.out.ns2 || ret=1 +digcomp knowngood.after3 dig.out.ns3 || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi if $FEATURETEST --enable-dnstap @@ -222,7 +264,7 @@ fi if test -f keyname then - echo_i "checking update forwarding to with sig0 ($n)" + echo_i "checking update forwarding to with sig0 (Do53 -> Do53) ($n)" ret=0 keyname=`cat keyname` $NSUPDATE -k $keyname.private -- - < Do53) ($n)" + ret=0 + keyname=`cat keyname` + $NSUPDATE -k $keyname.private -S -O -- - < dig.out.ns1.test$n + grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 + if [ $ret != 0 ] ; then echo_i "failed"; fi + status=`expr $status + $ret` + n=`expr $n + 1` + + if $FEATURETEST --enable-dnstap + then + echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)" + ret=0 + capture_dnstap + uq_equals_ur || ret=1 + if [ $ret != 0 ] ; then echo_i "failed"; fi + status=`expr $status + $ret` + n=`expr $n + 1` + fi fi echo_i "exit status: $status"