diff --git a/bin/tests/system/Makefile.am b/bin/tests/system/Makefile.am index dc73117b27..34a7ddd0c1 100644 --- a/bin/tests/system/Makefile.am +++ b/bin/tests/system/Makefile.am @@ -105,10 +105,12 @@ TESTS += \ checknames \ checkzone \ database \ + dialup \ dlzexternal \ dns64 \ dscp \ dsdigest \ + dupsigs \ dyndb \ ecdsa \ eddsa \ @@ -170,12 +172,6 @@ TESTS += \ xferquota \ zonechecks -# The "stress" test is not run by default since it creates enough -# load on the machine to make it unusable to other users. -# The "dialup" and "dupsigs" tests are also not run by -# default because they take a very long time to complete. -# TESTS += dialup dupsigs stress - if HAVE_LMDB TESTS += nzd2nzf endif # HAVE_LMDB @@ -188,6 +184,7 @@ TESTS += \ nsupdate \ resolver \ statistics \ + stress \ upforwd \ zero diff --git a/bin/tests/system/common/controls.conf b/bin/tests/system/common/controls.conf deleted file mode 100644 index 36bd38d0b6..0000000000 --- a/bin/tests/system/common/controls.conf +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -key rndc_key { - secret "1234abcd8765"; - algorithm hmac-sha256; -}; - -controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; -}; - diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index e0811c8eaa..54cfb05f38 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -26,11 +26,6 @@ export LANG=C # # Common lists of system tests to run. # -# The "stress" test is not run by default since it creates enough -# load on the machine to make it unusable to other users. -# The "dialup" and "dupsigs" tests are also not run by -# default because they take a very long time to complete. -# # The following tests are hard-coded to use ports 5300 and 9953. For # this reason, these must be run sequentially. # @@ -51,7 +46,10 @@ SEQUENTIAL_COMMON="" # rpzrecurse are scheduled first, in order to get more benefit from # parallelism. # -PARALLEL_COMMON="rpzrecurse serve-stale +PARALLEL_COMMON=" +rpzrecurse +serve-stale +dupsigs acl additional addzone diff --git a/bin/tests/system/dialup/clean.sh b/bin/tests/system/dialup/clean.sh index 581c3ccdfa..9318255bfa 100644 --- a/bin/tests/system/dialup/clean.sh +++ b/bin/tests/system/dialup/clean.sh @@ -14,3 +14,5 @@ rm -f ns2/example.bk rm -f ns3/example.bk rm -f */named.memstats */named.run +rm -f ns*/named.conf +rm -f ns*/named.lock diff --git a/bin/tests/system/dialup/ns1/named.conf b/bin/tests/system/dialup/ns1/named.conf.in similarity index 98% rename from bin/tests/system/dialup/ns1/named.conf rename to bin/tests/system/dialup/ns1/named.conf.in index 14852d13f9..4b8302bcfa 100644 --- a/bin/tests/system/dialup/ns1/named.conf +++ b/bin/tests/system/dialup/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dialup/ns2/named.conf b/bin/tests/system/dialup/ns2/named.conf.in similarity index 98% rename from bin/tests/system/dialup/ns2/named.conf rename to bin/tests/system/dialup/ns2/named.conf.in index d36d4346aa..382f5ce9a4 100644 --- a/bin/tests/system/dialup/ns2/named.conf +++ b/bin/tests/system/dialup/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dialup/ns3/named.conf b/bin/tests/system/dialup/ns3/named.conf.in similarity index 98% rename from bin/tests/system/dialup/ns3/named.conf rename to bin/tests/system/dialup/ns3/named.conf.in index 5158ef963f..054a65893c 100644 --- a/bin/tests/system/dialup/ns3/named.conf +++ b/bin/tests/system/dialup/ns3/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dialup/setup.sh b/bin/tests/system/dialup/setup.sh new file mode 100644 index 0000000000..dad3589a35 --- /dev/null +++ b/bin/tests/system/dialup/setup.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../conf.sh + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/dialup/tests.sh b/bin/tests/system/dialup/tests.sh index efc976177a..3a8f5e8980 100644 --- a/bin/tests/system/dialup/tests.sh +++ b/bin/tests/system/dialup/tests.sh @@ -17,7 +17,7 @@ status=0 rm -f dig.out.* -DIGOPTS="+norec +tcp +noadd +nosea +nostat +noquest +nocmd -p 5300" +DIGOPTS="+norec +tcp +noadd +nosea +nostat +noquest +nocmd -p ${PORT}" # Check the example. domain diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index 939560737f..c630ae1e8a 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -1023,7 +1023,7 @@ if [ -x "$DIG" ] ; then echo_i "check that dig tries the next server after a UDP socket network unreachable error ($n)" ret=0 dig_with_opts @192.0.2.128 @10.53.0.3 a.example > dig.out.test$n 2>&1 || ret=1 - test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1 + test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" -e "host unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1 grep -F "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1032,7 +1032,7 @@ if [ -x "$DIG" ] ; then echo_i "check that dig tries the next server after a TCP socket network unreachable error ($n)" ret=0 dig_with_opts +tcp @192.0.2.128 @10.53.0.3 a.example > dig.out.test$n 2>&1 || ret=1 - test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1 + test $(grep -F -e "connection refused" -e "timed out" -e "network unreachable" -e "host unreachable" dig.out.test$n | wc -l) -eq 3 || ret=1 grep -F "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/bin/tests/system/dupsigs/check_journal.pl b/bin/tests/system/dupsigs/check_journal.pl index 99bf6907e8..074743205c 100644 --- a/bin/tests/system/dupsigs/check_journal.pl +++ b/bin/tests/system/dupsigs/check_journal.pl @@ -197,11 +197,6 @@ if( @changeset ) { if( $n_signing_keys == 0 ) { print "at serial $newserial $rrsig_id went unsigned\n"; } - elsif( $rrsig_id =~ /:DNSKEY$/ ) { - if( $n_signing_keys != 2 ) { - print "at serial $newserial $rrsig_id was signed $n_signing_keys time(s) when it should have been signed twice\n"; - } - } elsif( $n_signing_keys > 1 ) { my @signing_keys = sort { $a <=> $b } keys %{ $rrsig_db{$rrsig_id} }; print "at serial $newserial $rrsig_id was signed too many times, keys (@signing_keys)\n"; diff --git a/bin/tests/system/dupsigs/clean.sh b/bin/tests/system/dupsigs/clean.sh index 9db0799490..68ddace99e 100644 --- a/bin/tests/system/dupsigs/clean.sh +++ b/bin/tests/system/dupsigs/clean.sh @@ -9,6 +9,7 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +rm -f dig.out* rm -f ns1/named.conf rm -f ns1/named.lock rm -f ns1/named.memstats diff --git a/bin/tests/system/dupsigs/ns1/named.conf.in b/bin/tests/system/dupsigs/ns1/named.conf.in index c5ade8bf8e..494ecfb9e3 100644 --- a/bin/tests/system/dupsigs/ns1/named.conf.in +++ b/bin/tests/system/dupsigs/ns1/named.conf.in @@ -29,5 +29,5 @@ zone "signing.test" { key-directory "keys/signing.test"; inline-signing yes; auto-dnssec maintain; - sig-validity-interval 120 30; + sig-validity-interval 20 5; }; diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh index 28b1191b29..cc9bef78f5 100644 --- a/bin/tests/system/dupsigs/ns1/reset_keys.sh +++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh @@ -11,7 +11,7 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -. ../conf.sh +. ../../conf.sh zone=signing.test rm -rf keys/signing.test @@ -52,14 +52,14 @@ $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK $SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 # schedule the first roll -R1=`expr $BASE + 300` +R1=`expr $BASE + 50` R1T=`timetodnssec $R1` $SETTIME -I $R1T $KEYDIR/$ZSK0 $SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 # schedule the second roll (which includes the delete of the first key) -R2=`expr $R1 + 300` +R2=`expr $R1 + 50` R2T=`timetodnssec $R2` DT=$R2 DTT=`timetodnssec $DT` @@ -69,8 +69,7 @@ $SETTIME -I $R2T $KEYDIR/$ZSK1 $SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 # schedule the third roll -# this isn't long enough for the signing to complete -R3=`expr $R2 + 60` +R3=`expr $R2 + 25` R3T=`timetodnssec $R3` $SETTIME -D $R3T $KEYDIR/$ZSK1 @@ -89,8 +88,10 @@ echo ZSK4=$ZSK4 exit # schedule the fourth roll -# this isn't long enough for the signing to complete -R4=`expr $R3 + 30` +# this isn't long enough for the signing to complete and would result in +# duplicate signatures, see +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 +R4=`expr $R3 + 10` R4T=`timetodnssec $R4` $SETTIME -D $R4T $KEYDIR/$ZSK2 diff --git a/bin/tests/system/dupsigs/ns1/signing.test.db.in b/bin/tests/system/dupsigs/ns1/signing.test.db.in index f4c6643533..b522b6f0ef 100644 --- a/bin/tests/system/dupsigs/ns1/signing.test.db.in +++ b/bin/tests/system/dupsigs/ns1/signing.test.db.in @@ -15,4 +15,4 @@ $TTL 3600 ns A 127.0.0.1 ns AAAA ::1 -$GENERATE 0-1999 a${0,4,d} AAAA ::$ +$GENERATE 0-499 a${0,4,d} AAAA ::$ diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh index 9778ff9a2e..2901fede3b 100644 --- a/bin/tests/system/dupsigs/tests.sh +++ b/bin/tests/system/dupsigs/tests.sh @@ -13,22 +13,23 @@ status=0 start=`date +%s` -end=`expr $start + 1200` -now=$start +end=`expr $start + 150` +sleep 10 # wait for a bit for the initial signing +now=`expr $start + 10` while test $now -lt $end do et=`expr $now - $start` echo "=============== $et ============" $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl - $DIG axfr signing.test -p 5300 @10.53.0.1 > dig.out.at$et + $DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c lines=`awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l` - if [ ${et} -ne 0 -a ${lines} -ne 4009 ] + if [ ${et} -ne 0 -a ${lines} -ne 1008 ] then echo_i "failed" status=`expr $status + 1` fi - sleep 20 + sleep 5 now=`date +%s` done diff --git a/bin/tests/system/rrl/broken.conf b/bin/tests/system/rrl/broken.conf.in similarity index 91% rename from bin/tests/system/rrl/broken.conf rename to bin/tests/system/rrl/broken.conf.in index bf98736ee5..020542cfe7 100644 --- a/bin/tests/system/rrl/broken.conf +++ b/bin/tests/system/rrl/broken.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; statistics-file "named.stats"; listen-on { 10.53.0.5; }; @@ -41,6 +41,6 @@ key rndc_key { algorithm hmac-sha256; }; controls { - inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh index abb10bd744..5709d9f7fd 100644 --- a/bin/tests/system/rrl/clean.sh +++ b/bin/tests/system/rrl/clean.sh @@ -16,5 +16,6 @@ rm -f */named.memstats */named.run */named.stats */log-* */session.key rm -f ns3/bl*.db */*.jnl */*.core */*.pid rm -f ns*/named.lock rm -f ns*/named.conf +rm -f broken.conf rm -f broken.out rm -f ns*/managed-keys.bind* diff --git a/bin/tests/system/rrl/setup.sh b/bin/tests/system/rrl/setup.sh index 49a642683d..752b02ceed 100644 --- a/bin/tests/system/rrl/setup.sh +++ b/bin/tests/system/rrl/setup.sh @@ -15,6 +15,7 @@ $SHELL clean.sh +copy_setports broken.conf.in broken.conf copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/stress/clean.sh b/bin/tests/system/stress/clean.sh index 0f8403c83a..b365d7cc77 100644 --- a/bin/tests/system/stress/clean.sh +++ b/bin/tests/system/stress/clean.sh @@ -17,9 +17,12 @@ rm -f ns?/zones.conf rm -f ns?/zone*.bk rm -f ns1/delegations.db +rm -f ns1/root.db rm -f ns2/zone0*.db rm -f ns2/zone0*.jnl rm -f */named.memstats rm -f ns*/named.lock rm -f ns*/managed-keys.bind* +rm -f ns*/named.run +rm -f ns*/named.conf diff --git a/bin/tests/system/stress/ns1/named.conf b/bin/tests/system/stress/ns1/named.conf.in similarity index 98% rename from bin/tests/system/stress/ns1/named.conf rename to bin/tests/system/stress/ns1/named.conf.in index a8378d2034..74ad00787b 100644 --- a/bin/tests/system/stress/ns1/named.conf +++ b/bin/tests/system/stress/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/stress/ns2/named.conf b/bin/tests/system/stress/ns2/named.conf.in similarity index 98% rename from bin/tests/system/stress/ns2/named.conf rename to bin/tests/system/stress/ns2/named.conf.in index f8317823b1..5bbea78aca 100644 --- a/bin/tests/system/stress/ns2/named.conf +++ b/bin/tests/system/stress/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/stress/ns3/named.conf b/bin/tests/system/stress/ns3/named.conf.in similarity index 91% rename from bin/tests/system/stress/ns3/named.conf rename to bin/tests/system/stress/ns3/named.conf.in index d4f331c4ce..036ffdbac2 100644 --- a/bin/tests/system/stress/ns3/named.conf +++ b/bin/tests/system/stress/ns3/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -32,7 +32,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/stress/ns4/named.conf b/bin/tests/system/stress/ns4/named.conf.in similarity index 98% rename from bin/tests/system/stress/ns4/named.conf rename to bin/tests/system/stress/ns4/named.conf.in index e41d194705..57f7e40fdd 100644 --- a/bin/tests/system/stress/ns4/named.conf +++ b/bin/tests/system/stress/ns4/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/stress/setup.sh b/bin/tests/system/stress/setup.sh index 7d7d8b34a9..cc751d3b7a 100644 --- a/bin/tests/system/stress/setup.sh +++ b/bin/tests/system/stress/setup.sh @@ -19,3 +19,8 @@ # $PERL setup.pl + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf diff --git a/bin/tests/system/stress/tests.sh b/bin/tests/system/stress/tests.sh index e0c6ea7466..43e373e09f 100644 --- a/bin/tests/system/stress/tests.sh +++ b/bin/tests/system/stress/tests.sh @@ -17,7 +17,7 @@ status=0 ( $SHELL -c "while true - do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | + do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p $CONTROLPORT reload 2>&1 | sed 's/^/I:ns3 /'; sleep 1 done" & echo $! >reload.pid @@ -25,7 +25,7 @@ $SHELL -c "while true for i in 0 1 2 3 4 do - $PERL update.pl -s 10.53.0.2 -p 5300 zone00000$i.example. & + $PERL update.pl -s 10.53.0.2 -p $PORT zone00000$i.example. & done echo_i "waiting for background processes to finish" @@ -34,5 +34,9 @@ wait echo_i "killing reload loop" kill `cat reload.pid` +# If the test has run to completion without named crashing, it has succeeded. +# Otherwise, the crash will be detected by the test framework and the test will +# fail. + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/synthfromdnssec/ns4/named.conf.in b/bin/tests/system/synthfromdnssec/ns4/named.conf.in index 780562ffcd..c9d921092e 100644 --- a/bin/tests/system/synthfromdnssec/ns4/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns4/named.conf.in @@ -46,4 +46,3 @@ zone "." { }; include "../ns1/trusted.conf"; -// include "../../common/controls.conf";