From 8c7052e1cf0f7afea16837e8d0b74553e0273c25 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 23 Apr 2019 17:48:07 +1000 Subject: [PATCH 1/3] only test provideixfr if the transport is TCP (cherry picked from commit 18c49853e37614f7a49fd47f51117b1df10f1ff5) --- lib/ns/xfrout.c | 104 ++++++++++++++++++++++++++++++------------------ 1 file changed, 66 insertions(+), 38 deletions(-) diff --git a/lib/ns/xfrout.c b/lib/ns/xfrout.c index 9b3721b062..e7a1ceb8da 100644 --- a/lib/ns/xfrout.c +++ b/lib/ns/xfrout.c @@ -808,11 +808,13 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { question_rdataset = ISC_LIST_HEAD(question_name->list); question_class = question_rdataset->rdclass; INSIST(question_rdataset->type == reqtype); - if (ISC_LIST_NEXT(question_rdataset, link) != NULL) + if (ISC_LIST_NEXT(question_rdataset, link) != NULL) { FAILC(DNS_R_FORMERR, "multiple questions"); + } result = dns_message_nextname(request, DNS_SECTION_QUESTION); - if (result != ISC_R_NOMORE) + if (result != ISC_R_NOMORE) { FAILC(DNS_R_FORMERR, "multiple questions"); + } result = dns_zt_find(client->view->zonetable, question_name, 0, NULL, &zone); @@ -894,8 +896,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Ignore data whose owner name is not the zone apex. */ - if (! dns_name_equal(soa_name, question_name)) + if (! dns_name_equal(soa_name, question_name)) { continue; + } for (soa_rdataset = ISC_LIST_HEAD(soa_name->list); soa_rdataset != NULL; @@ -904,25 +907,29 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Ignore non-SOA data. */ - if (soa_rdataset->type != dns_rdatatype_soa) + if (soa_rdataset->type != dns_rdatatype_soa) { continue; - if (soa_rdataset->rdclass != question_class) + } + if (soa_rdataset->rdclass != question_class) { continue; + } CHECK(dns_rdataset_first(soa_rdataset)); dns_rdataset_current(soa_rdataset, &soa_rdata); result = dns_rdataset_next(soa_rdataset); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { FAILC(DNS_R_FORMERR, "IXFR authority section " "has multiple SOAs"); + } have_soa = true; goto got_soa; } } got_soa: - if (result != ISC_R_NOMORE) + if (result != ISC_R_NOMORE) { CHECK(result); + } xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6), "%s authority section OK", mnemonic); @@ -942,8 +949,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { * AXFR over UDP is not possible. */ if (reqtype == dns_rdatatype_axfr && - (client->attributes & NS_CLIENTATTR_TCP) == 0) + (client->attributes & NS_CLIENTATTR_TCP) == 0) { FAILC(DNS_R_FORMERR, "attempted AXFR over UDP"); + } /* * Look up the requesting server in the peer table. @@ -954,8 +962,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Decide on the transfer format (one-answer or many-answers). */ - if (peer != NULL) + if (peer != NULL) { (void)dns_peer_gettransferformat(peer, &format); + } /* * Get a dynamically allocated copy of the current SOA. @@ -968,21 +977,27 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { current_serial = dns_soa_getserial(¤t_soa_tuple->rdata); if (reqtype == dns_rdatatype_ixfr) { - bool provide_ixfr; - /* * Outgoing IXFR may have been disabled for this peer * or globally. */ - provide_ixfr = client->view->provideixfr; - if (peer != NULL) - (void) dns_peer_getprovideixfr(peer, &provide_ixfr); - if (provide_ixfr == false) - goto axfr_fallback; + if ((client->attributes & NS_CLIENTATTR_TCP) != 0) { + bool provide_ixfr; - if (! have_soa) + provide_ixfr = client->view->provideixfr; + if (peer != NULL) { + (void) dns_peer_getprovideixfr(peer, + &provide_ixfr); + } + if (provide_ixfr == false) { + goto axfr_fallback; + } + } + + if (! have_soa) { FAILC(DNS_R_FORMERR, "IXFR request missing SOA"); + } begin_serial = dns_soa_getserial(&soa_rdata); @@ -1005,16 +1020,16 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { goto have_stream; } journalfile = is_dlz ? NULL : dns_zone_getjournal(zone); - if (journalfile != NULL) + if (journalfile != NULL) { result = ixfr_rrstream_create(mctx, journalfile, begin_serial, current_serial, &data_stream); - else + } else { result = ISC_R_NOTFOUND; - if (result == ISC_R_NOTFOUND || - result == ISC_R_RANGE) { + } + if (result == ISC_R_NOTFOUND || result == ISC_R_RANGE) { xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(4), "IXFR version not in journal, " @@ -1047,7 +1062,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { - if (is_dlz) + if (is_dlz) { CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, zone, db, ver, quota, stream, @@ -1059,7 +1074,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { (format == dns_many_answers) ? true : false, &xfr)); - else + } else { CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, zone, db, ver, quota, stream, @@ -1071,6 +1086,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { (format == dns_many_answers) ? true : false, &xfr)); + } xfr->mnemonic = mnemonic; stream = NULL; @@ -1078,24 +1094,26 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { CHECK(xfr->stream->methods->first(xfr->stream)); - if (xfr->tsigkey != NULL) + if (xfr->tsigkey != NULL) { dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname)); - else + } else { keyname[0] = '\0'; - if (is_poll) + } + if (is_poll) { xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s", (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname); - else if (is_ixfr) + } else if (is_ixfr) { xfrout_log1(client, question_name, question_class, ISC_LOG_INFO, "%s started%s%s (serial %u -> %u)", mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname, begin_serial, current_serial); - else + } else { xfrout_log1(client, question_name, question_class, ISC_LOG_INFO, "%s started%s%s (serial %u)", mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname, current_serial); + } if (zone != NULL) { @@ -1114,8 +1132,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { client->expire = secs - client->now; } } - if (raw != NULL) + if (raw != NULL) { dns_zone_detach(&raw); + } } /* @@ -1129,24 +1148,33 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { result = ISC_R_SUCCESS; failure: - if (result == DNS_R_REFUSED) + if (result == DNS_R_REFUSED) { inc_stats(client, zone, ns_statscounter_xfrrej); - if (quota != NULL) + } + if (quota != NULL) { isc_quota_detach("a); - if (current_soa_tuple != NULL) + } + if (current_soa_tuple != NULL) { dns_difftuple_free(¤t_soa_tuple); - if (stream != NULL) + } + if (stream != NULL) { stream->methods->destroy(&stream); - if (soa_stream != NULL) + } + if (soa_stream != NULL) { soa_stream->methods->destroy(&soa_stream); - if (data_stream != NULL) + } + if (data_stream != NULL) { data_stream->methods->destroy(&data_stream); - if (ver != NULL) + } + if (ver != NULL) { dns_db_closeversion(db, &ver, false); - if (db != NULL) + } + if (db != NULL) { dns_db_detach(&db); - if (zone != NULL) + } + if (zone != NULL) { dns_zone_detach(&zone); + } /* XXX kludge */ if (xfr != NULL) { xfrout_fail(xfr, result, "setting up zone transfer"); From 227b49a8303c91b2006834c419d105e105d6dfba Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 24 Apr 2019 17:50:00 +1000 Subject: [PATCH 2/3] add test for 'provide-ixfr no;' ; add forensics support (cherry picked from commit d547465af5a9f99d22d26e17999e16289148871d) --- bin/tests/system/ixfr/clean.sh | 3 +- bin/tests/system/ixfr/ns3/mytest0.db | 2 + bin/tests/system/ixfr/ns3/mytest1.db | 2 + bin/tests/system/ixfr/ns3/mytest2.db | 2 + bin/tests/system/ixfr/ns5/named.conf.in | 48 ++++++++++ bin/tests/system/ixfr/setup.sh | 1 + bin/tests/system/ixfr/tests.sh | 120 ++++++++++++++++-------- 7 files changed, 136 insertions(+), 42 deletions(-) create mode 100644 bin/tests/system/ixfr/ns5/named.conf.in diff --git a/bin/tests/system/ixfr/clean.sh b/bin/tests/system/ixfr/clean.sh index dad1347e39..1117710c49 100644 --- a/bin/tests/system/ixfr/clean.sh +++ b/bin/tests/system/ixfr/clean.sh @@ -13,11 +13,12 @@ rm -f stats.* rm -f ns1/*.db ns1/*.jnl rm -f ns3/*.jnl ns3/mytest.db ns3/subtest.db rm -f ns4/*.jnl ns4/*.db +rm -f ns5/*.jnl ns5/*.db rm -f */named.memstats rm -f */named.conf rm -f */named.run rm -f */ans.run -rm -f dig.out dig.out1 dig.out2 dig.out3 +rm -f dig.out.test* dig.out1.test* dig.out2.test* dig.out3.test* rm -f ns3/large.db rm -f ns*/named.lock rm -f ns*/managed-keys.bind* ns*/*.mkeys diff --git a/bin/tests/system/ixfr/ns3/mytest0.db b/bin/tests/system/ixfr/ns3/mytest0.db index b05feccd3c..644086fb85 100644 --- a/bin/tests/system/ixfr/ns3/mytest0.db +++ b/bin/tests/system/ixfr/ns3/mytest0.db @@ -18,7 +18,9 @@ test. 15 IN SOA ns1.test. hostmaster.test. ( ) IN NS ns1.test. IN NS ns2.test. + IN NS ns5.test. ns1 IN A 10.53.0.3 ns2 IN A 10.53.0.4 +ns5 IN A 10.53.0.5 host1 IN A 192.168.10.3 host2 IN A 192.168.10.4 diff --git a/bin/tests/system/ixfr/ns3/mytest1.db b/bin/tests/system/ixfr/ns3/mytest1.db index bb9fa4b0e9..ddc7e05d24 100644 --- a/bin/tests/system/ixfr/ns3/mytest1.db +++ b/bin/tests/system/ixfr/ns3/mytest1.db @@ -18,7 +18,9 @@ test. 15 IN SOA ns1.test. hostmaster.test. ( ) IN NS ns1.test. IN NS ns2.test. + IN NS ns5.test. ns1 IN A 10.53.0.3 ns2 IN A 10.53.0.4 +ns5 IN A 10.53.0.5 host1 IN A 192.168.10.13 host2 IN A 192.168.10.4 diff --git a/bin/tests/system/ixfr/ns3/mytest2.db b/bin/tests/system/ixfr/ns3/mytest2.db index 1eb3c9fda4..080f3358b1 100644 --- a/bin/tests/system/ixfr/ns3/mytest2.db +++ b/bin/tests/system/ixfr/ns3/mytest2.db @@ -18,7 +18,9 @@ test. 15 IN SOA ns1.test. hostmaster.test. ( ) IN NS ns1.test. IN NS ns2.test. + IN NS ns5.test. ns1 IN A 10.53.0.3 ns2 IN A 10.53.0.4 +ns5 IN A 10.53.0.5 host1 IN A 192.168.10.13 host2 IN A 192.168.10.14 diff --git a/bin/tests/system/ixfr/ns5/named.conf.in b/bin/tests/system/ixfr/ns5/named.conf.in new file mode 100644 index 0000000000..220b1d39a2 --- /dev/null +++ b/bin/tests/system/ixfr/ns5/named.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + provide-ixfr no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +view "primary" { + ixfr-from-differences yes; + request-ixfr yes; + zone "test" IN { + type slave; + file "mytest.db"; + masters { 10.53.0.3; }; + }; + zone "sub.test" IN { + type slave; + file "subtest.db"; + request-ixfr no; + masters { 10.53.0.3; }; + }; +}; diff --git a/bin/tests/system/ixfr/setup.sh b/bin/tests/system/ixfr/setup.sh index 9ff9a102cd..ebb867653f 100644 --- a/bin/tests/system/ixfr/setup.sh +++ b/bin/tests/system/ixfr/setup.sh @@ -39,6 +39,7 @@ EOF copy_setports ns3/named.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf # Setup initial db files for ns3 cp ns3/mytest0.db ns3/mytest.db diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index 64d11a8529..3f8a2ef457 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -19,12 +19,14 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 +n=0 DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" SENDCMD="$PERL ../send.pl 10.53.0.2 ${EXTRAPORT1}" RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s" -echo_i "testing initial AXFR" +n=$((n+1)) +echo_i "testing initial AXFR ($n)" $SENDCMD < dig.out - grep "SOA" dig.out > /dev/null && break + $DIG $DIGOPTS @10.53.0.1 nil. SOA > dig.out.test$n + grep "SOA" dig.out.test$n > /dev/null && break sleep 1 done @@ -68,7 +70,8 @@ $DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'initial AXFR' >/dev/null || { status=1 } -echo_i "testing successful IXFR" +n=$((n+1)) +echo_i "testing successful IXFR ($n)" # We change the IP address of a.nil., and the TXT record at the apex. # Then we do a SOA-only update. @@ -100,7 +103,8 @@ $DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'successful IXFR' >/dev/null || { status=1 } -echo_i "testing AXFR fallback after IXFR failure" +n=$((n+1)) +echo_i "testing AXFR fallback after IXFR failure ($n)" # Provide a broken IXFR response and a working fallback AXFR response @@ -134,7 +138,8 @@ $DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'fallback AXFR' >/dev/null || { status=1 } -echo_i "testing ixfr-from-differences option" +n=$((n+1)) +echo_i "testing ixfr-from-differences option ($n)" # ns3 is master; ns4 is slave $CHECKZONE test. ns3/mytest.db > /dev/null 2>&1 if [ $? -ne 0 ] @@ -150,8 +155,8 @@ fi # wait for slave to be stable for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out - grep -i "hostmaster\.test\..1" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..1" dig.out.test$n > /dev/null && break sleep 1 done @@ -162,16 +167,16 @@ $RNDCCMD 10.53.0.3 reload | sed 's/^/ns3 /' | cat_i #wait for master to reload load for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG $DIGOPTS +tcp @10.53.0.3 SOA test > dig.out - grep -i "hostmaster\.test\..2" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.3 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..2" dig.out.test$n > /dev/null && break sleep 1 done #wait for slave to transfer zone for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 do - $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out - grep -i "hostmaster\.test\..2" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..2" dig.out.test$n > /dev/null && break # re-notify if we've been waiting a long time if [ $i -ge 5 ]; then @@ -194,7 +199,8 @@ then status=1 fi -echo_i "testing request-ixfr option in view vs zone" +n=$((n+1)) +echo_i "testing request-ixfr option in view vs zone ($n)" # There's a view with 2 zones. In the view, "request-ixfr yes" # but in the zone "sub.test", request-ixfr no" # we want to make sure that a change to sub.test results in AXFR, while @@ -207,16 +213,16 @@ $RNDCCMD 10.53.0.3 reload | sed 's/^/ns3 /' | cat_i #wait for master to reload zone for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG $DIGOPTS +tcp @10.53.0.3 SOA sub.test > dig.out - grep -i "hostmaster\.test\..3" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.3 SOA sub.test > dig.out.test$n + grep -i "hostmaster\.test\..3" dig.out.test$n > /dev/null && break sleep 1 done #wait for slave to transfer zone for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 do - $DIG $DIGOPTS +tcp @10.53.0.4 SOA sub.test > dig.out - grep -i "hostmaster\.test\..3" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.4 SOA sub.test > dig.out.test$n + grep -i "hostmaster\.test\..3" dig.out.test$n > /dev/null && break # re-notify if we've been waiting a long time if [ $i -ge 5 ]; then @@ -247,16 +253,16 @@ $RNDCCMD 10.53.0.3 reload | sed 's/^/ns3 /' | cat_i # wait for master to reload zone for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG +tcp -p 5300 @10.53.0.3 SOA test > dig.out - grep -i "hostmaster\.test\..4" dig.out > /dev/null && break + $DIG +tcp -p 5300 @10.53.0.3 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..4" dig.out.test$n > /dev/null && break sleep 1 done # wait for slave to transfer zone for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 do - $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out - grep -i "hostmaster\.test\..4" dig.out > /dev/null && break + $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..4" dig.out.test$n > /dev/null && break # re-notify if we've been waiting a long time if [ $i -ge 5 ]; then @@ -279,58 +285,90 @@ else echo_i " success: IXFR it was" fi -echo_i "testing DiG's handling of a multi message AXFR style IXFR response" +n=$((n+1)) +echo_i "testing DiG's handling of a multi message AXFR style IXFR response ($n)" ( (sleep 10 && kill $$) 2>/dev/null & sub=$! -$DIG -p ${PORT} ixfr=0 large @10.53.0.3 > dig.out +$DIG -p ${PORT} ixfr=0 large @10.53.0.3 > dig.out.test$n kill $sub ) -lines=`grep hostmaster.large dig.out | wc -l` +lines=`grep hostmaster.large dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || { echo_i "failed"; status=1; } -messages=`sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out` +messages=`sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out.test$n` test ${messages:-0} -gt 1 || { echo_i "failed"; status=1; } -echo_i "test 'dig +notcp ixfr=' vs 'dig ixfr= +notcp' vs 'dig ixfr='" +n=$((n+1)) +echo_i "test 'dig +notcp ixfr=' vs 'dig ixfr= +notcp' vs 'dig ixfr=' ($n)" ret=0 # Should be "switch to TCP" response -$DIG $DIGOPTS +notcp ixfr=1 test @10.53.0.4 > dig.out1 || ret=1 -$DIG $DIGOPTS ixfr=1 +notcp test @10.53.0.4 > dig.out2 || ret=1 -digcomp dig.out1 dig.out2 || ret=1 -awk '$4 == "SOA" { soacnt++} END {if (soacnt == 1) exit(0); else exit(1);}' dig.out1 || ret=1 -awk '$4 == "SOA" { if ($7 == 4) exit(0); else exit(1);}' dig.out1 || ret=1 +$DIG $DIGOPTS +notcp ixfr=1 test @10.53.0.4 > dig.out1.test$n || ret=1 +$DIG $DIGOPTS ixfr=1 +notcp test @10.53.0.4 > dig.out2.test$n || ret=1 +digcomp dig.out1.test$n dig.out2.test$n || ret=1 +awk '$4 == "SOA" { soacnt++} END {if (soacnt == 1) exit(0); else exit(1);}' dig.out1.test$n || ret=1 +awk '$4 == "SOA" { if ($7 == 4) exit(0); else exit(1);}' dig.out1.test$n || ret=1 # Should be incremental transfer. -$DIG $DIGOPTS ixfr=1 test @10.53.0.4 > dig.out3 || ret=1 -awk '$4 == "SOA" { soacnt++} END { if (soacnt == 6) exit(0); else exit(1);}' dig.out3 || ret=1 +$DIG $DIGOPTS ixfr=1 test @10.53.0.4 > dig.out3.test$n || ret=1 +awk '$4 == "SOA" { soacnt++} END { if (soacnt == 6) exit(0); else exit(1);}' dig.out3.test$n || ret=1 if [ ${ret} != 0 ]; then echo_i "failed"; status=1; fi -echo_i "checking whether dig calculates IXFR statistics correctly" +# wait for slave to transfer zone +for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 +do + $DIG $DIGOPTS +tcp @10.53.0.5 SOA test > dig.out.test$n + grep -i "hostmaster\.test\..4" dig.out.test$n > /dev/null && break + + # re-notify if we've been waiting a long time + if [ $i -ge 5 ]; then + $RNDCCMD 10.53.0.3 notify test | set 's/^/ns3 /' | cat_i + fi + sleep 1 +done + +n=$((n+1)) +echo_i "test 'provide-ixfr no;' ($n)" ret=0 -$DIG $DIGOPTS +noedns +stat -b 10.53.0.4 @10.53.0.4 test. ixfr=2 > dig.out1 -get_dig_xfer_stats dig.out1 > stats.dig +# Should be "AXFR style" response +$DIG $DIGOPTS ixfr=1 test @10.53.0.5 > dig.out1.test$n || ret=1 +# Should be "switch to TCP" response +$DIG $DIGOPTS ixfr=1 +notcp test @10.53.0.5 > dig.out2.test$n || ret=1 +awk '$4 == "SOA" { soacnt++} END {if (soacnt == 2) exit(0); else exit(1);}' dig.out1.test$n || ret=1 +awk '$4 == "SOA" { soacnt++} END {if (soacnt == 1) exit(0); else exit(1);}' dig.out2.test$n || ret=1 +if [ ${ret} != 0 ]; then + echo_i "failed"; + status=1; +fi + +n=$((n+1)) +echo_i "checking whether dig calculates IXFR statistics correctly ($n)" +ret=0 +$DIG $DIGOPTS +noedns +stat -b 10.53.0.4 @10.53.0.4 test. ixfr=2 > dig.out1.test$n +get_dig_xfer_stats dig.out1.test$n > stats.dig diff ixfr-stats.good stats.dig || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) # Note: in the next two tests, we use ns4 logs for checking both incoming and # outgoing transfer statistics as ns4 is both a secondary server (for ns3) and a # primary server (for dig queries from the previous test) for "test". -echo_i "checking whether named calculates incoming IXFR statistics correctly" +n=$((n+1)) +echo_i "checking whether named calculates incoming IXFR statistics correctly ($n)" ret=0 get_named_xfer_stats ns4/named.run 10.53.0.3 test "Transfer completed" > stats.incoming diff ixfr-stats.good stats.incoming || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) -echo_i "checking whether named calculates outgoing IXFR statistics correctly" +n=$((n+1)) +echo_i "checking whether named calculates outgoing IXFR statistics correctly ($n)" ret=0 get_named_xfer_stats ns4/named.run 10.53.0.4 test "IXFR ended" > stats.outgoing diff ixfr-stats.good stats.outgoing || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 From 70982380390d53b0003beab07dba2d4d448267f4 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 7 May 2019 13:00:55 +1000 Subject: [PATCH 3/3] add CHANGES (cherry picked from commit ba1d7f3a0709fe562162845f7792dfe5dd515fda) --- CHANGES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index dc52d22826..f3cda8eac8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,7 +1,9 @@ +5224. [bug] Only test provide-ixfr on TCP streams. [GL #991] + 5223. [bug] Fixed a race in the filter-aaaa plugin accessing the hash table. [GL #1005] -5222. [bug] 'delve -t ANY' could leak memory. [GL #983] +5222. [bug] 'delv -t ANY' could leak memory. [GL #983] 5221. [test] Enable parallel execution of system tests on Windows. [GL !4101]