429 lines
15 KiB
Perl
429 lines
15 KiB
Perl
#!/usr/bin/perl
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
#
|
|
# Dynamic update test suite.
|
|
#
|
|
# Usage:
|
|
#
|
|
# perl update_test.pl [-s server] [-p port] zone
|
|
#
|
|
# The server defaults to 127.0.0.1.
|
|
# The port defaults to 53.
|
|
#
|
|
# The "Special NS rules" tests will only work correctly if the
|
|
# zone has no NS records to begin with, or alternatively has a
|
|
# single NS record pointing at the name "ns1" (relative to
|
|
# the zone name).
|
|
#
|
|
# Installation notes:
|
|
#
|
|
# This program uses the Net::DNS::Resolver module.
|
|
# You can install it by saying
|
|
#
|
|
# perl -MCPAN -e "install Net::DNS"
|
|
#
|
|
|
|
use Getopt::Std;
|
|
use Net::DNS;
|
|
use Net::DNS::Update;
|
|
use Net::DNS::Resolver;
|
|
|
|
$opt_s = "127.0.0.1";
|
|
$opt_p = 53;
|
|
|
|
getopt('s:p:');
|
|
|
|
$res = new Net::DNS::Resolver;
|
|
$res->nameservers($opt_s);
|
|
$res->port($opt_p);
|
|
$res->defnames(0); # Do not append default domain.
|
|
|
|
@ARGV == 1 or die
|
|
"usage: perl update_test.pl [-s server] [-p port] zone\n";
|
|
|
|
$zone = shift @ARGV;
|
|
|
|
my $failures = 0;
|
|
|
|
sub assert {
|
|
my ($cond, $explanation) = @_;
|
|
if (!$cond) {
|
|
print "Test Failed: $explanation ***\n";
|
|
$failures++;
|
|
}
|
|
}
|
|
|
|
sub test {
|
|
my ($expected, @records) = @_;
|
|
|
|
my $update = new Net::DNS::Update("$zone");
|
|
|
|
foreach $rec (@records) {
|
|
$update->push(@$rec);
|
|
}
|
|
|
|
$reply = $res->send($update);
|
|
|
|
# Did it work?
|
|
if (defined $reply) {
|
|
my $rcode = $reply->header->rcode;
|
|
assert($rcode eq $expected, "expected $expected, got $rcode");
|
|
} else {
|
|
print "Update failed: ", $res->errorstring, "\n";
|
|
$failures++;
|
|
}
|
|
}
|
|
|
|
sub section {
|
|
my ($msg) = @_;
|
|
print "$msg\n";
|
|
}
|
|
|
|
section("Delete any leftovers from previous tests");
|
|
test("NOERROR", ["update", rr_del("a.$zone")]);
|
|
test("NOERROR", ["update", rr_del("b.$zone")]);
|
|
test("NOERROR", ["update", rr_del("c.$zone")]);
|
|
test("NOERROR", ["update", rr_del("d.$zone")]);
|
|
test("NOERROR", ["update", rr_del("e.$zone")]);
|
|
test("NOERROR", ["update", rr_del("f.$zone")]);
|
|
test("NOERROR", ["update", rr_del("ns.s.$zone")]);
|
|
test("NOERROR", ["update", rr_del("s.$zone")]);
|
|
test("NOERROR", ["update", rr_del("t.$zone")]);
|
|
test("NOERROR", ["update", rr_del("*.$zone")]);
|
|
test("NOERROR", ["update", rr_del("u.$zone")]);
|
|
test("NOERROR", ["update", rr_del("a.u.$zone")]);
|
|
test("NOERROR", ["update", rr_del("b.u.$zone")]);
|
|
|
|
section("Simple prerequisites in the absence of data");
|
|
# Name is in Use
|
|
test("NXDOMAIN", ["pre", yxdomain("a.$zone")]);
|
|
# RRset exists (value independent)
|
|
test("NXRRSET", ["pre", yxrrset("a.$zone A")]);
|
|
# Name is not in use
|
|
test("NOERROR", ["pre", nxdomain("a.$zone")]);
|
|
# RRset does not exist
|
|
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
|
|
# RRset exists (value dependent)
|
|
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
|
|
|
|
|
|
section ("Simple creation of data");
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
|
|
|
|
section ("Simple prerequisites in the presence of data");
|
|
# Name is in use
|
|
test("NOERROR", ["pre", yxdomain("a.$zone")]);
|
|
# RRset exists (value independent)
|
|
test("NOERROR", ["pre", yxrrset("a.$zone A")]);
|
|
# Name is not in use
|
|
test("YXDOMAIN", ["pre", nxdomain("a.$zone")]);
|
|
# RRset does not exist
|
|
test("YXRRSET", ["pre", nxrrset("a.$zone A")]);
|
|
# RRset exists (value dependent)
|
|
test("NOERROR", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
|
|
|
|
#
|
|
# Merging of RRsets
|
|
#
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
|
|
|
|
section("Detailed tests of \"RRset exists (value dependent)\" prerequisites");
|
|
test("NOERROR", ["pre",
|
|
yxrrset("a.$zone A 73.80.65.49"),
|
|
yxrrset("a.$zone A 73.80.65.50")]);
|
|
test("NOERROR", ["pre",
|
|
yxrrset("a.$zone A 73.80.65.50"),
|
|
yxrrset("a.$zone A 73.80.65.49")]);
|
|
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
|
|
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.50")]);
|
|
test("NXRRSET", ["pre",
|
|
yxrrset("a.$zone A 73.80.65.49"),
|
|
yxrrset("a.$zone A 73.80.65.50"),
|
|
yxrrset("a.$zone A 73.80.65.51")]);
|
|
|
|
|
|
section("Torture test of \"RRset exists (value dependent)\" prerequisites.");
|
|
|
|
test("NOERROR", ["update",
|
|
rr_add("e.$zone 300 A 73.80.65.49"),
|
|
rr_add("e.$zone 300 TXT 'one'"),
|
|
rr_add("e.$zone 300 A 73.80.65.50")]);
|
|
test("NOERROR", ["update",
|
|
rr_add("e.$zone 300 A 73.80.65.52"),
|
|
rr_add("f.$zone 300 A 73.80.65.52"),
|
|
rr_add("e.$zone 300 A 73.80.65.51")]);
|
|
test("NOERROR", ["update",
|
|
rr_add("e.$zone 300 TXT 'three'"),
|
|
rr_add("e.$zone 300 TXT 'two'")]);
|
|
test("NOERROR", ["update",
|
|
rr_add("e.$zone 300 MX 10 mail.$zone")]);
|
|
|
|
test("NOERROR", ["pre",
|
|
yxrrset("e.$zone A 73.80.65.52"),
|
|
yxrrset("e.$zone TXT 'two'"),
|
|
yxrrset("e.$zone A 73.80.65.51"),
|
|
yxrrset("e.$zone TXT 'three'"),
|
|
yxrrset("e.$zone A 73.80.65.50"),
|
|
yxrrset("f.$zone A 73.80.65.52"),
|
|
yxrrset("e.$zone A 73.80.65.49"),
|
|
yxrrset("e.$zone TXT 'one'")]);
|
|
|
|
|
|
section("Subtraction of RRsets");
|
|
test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.49")]);
|
|
test("NOERROR", ["pre",
|
|
yxrrset("a.$zone A 73.80.65.50")]);
|
|
|
|
test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.50")]);
|
|
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
|
|
test("NOERROR", ["pre", nxdomain("a.$zone")]);
|
|
|
|
section("Other forms of deletion");
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 MX 10 mail.$zone")]);
|
|
test("NOERROR", ["update", rr_del("a.$zone A")]);
|
|
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
|
|
test("NOERROR", ["update", rr_del("a.$zone")]);
|
|
test("NOERROR", ["pre", nxdomain("a.$zone")]);
|
|
|
|
section("Case insensitivity");
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 PTR foo.net.")]);
|
|
test("NOERROR", ["pre", yxrrset("A.$zone PTR fOo.NeT.")]);
|
|
|
|
section("Special CNAME rules");
|
|
test("NOERROR", ["update", rr_add("b.$zone 300 CNAME foo.net.")]);
|
|
test("NOERROR", ["update", rr_add("b.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["pre", yxrrset("b.$zone CNAME foo.net.")]);
|
|
test("NOERROR", ["pre", nxrrset("b.$zone A")]);
|
|
|
|
test("NOERROR", ["update", rr_add("c.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["update", rr_add("c.$zone 300 CNAME foo.net.")]);
|
|
test("NOERROR", ["pre", yxrrset("c.$zone A")]);
|
|
test("NOERROR", ["pre", nxrrset("c.$zone CNAME")]);
|
|
|
|
# XXX should test with SIG, KEY, NXT, too.
|
|
|
|
#
|
|
# Currently commented out because Net::DNS does not properly
|
|
# support WKS records.
|
|
#
|
|
#section("Special WKS rules");
|
|
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP telnet ftp")]);
|
|
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp")]);
|
|
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]);
|
|
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP smtp")]);
|
|
#test("NOERROR", ["pre",
|
|
# yxrrset("c.$zone WKS 73.80.65.49 TCP smtp"),
|
|
# yxrrset("c.$zone WKS 73.80.65.49 UDP telnet ftp"),
|
|
# yxrrset("c.$zone WKS 73.80.65.50 TCP telnet ftp")]);
|
|
|
|
|
|
section("Special NS rules");
|
|
|
|
# Deleting the last NS record using "Delete an RR from an RRset"
|
|
# should fail at the zone apex and work elsewhere. The pseudocode
|
|
# in RFC2136 says it should fail everywhere, but this is in conflict
|
|
# with the actual text.
|
|
|
|
# Apex
|
|
test("NOERROR", ["update",
|
|
rr_add("$zone 300 NS ns1.$zone"),
|
|
rr_add("$zone 300 NS ns2.$zone")]);
|
|
test("NOERROR", ["update", rr_del("$zone NS ns1.$zone")]);
|
|
test("NOERROR", ["update", rr_del("$zone NS ns2.$zone")]);
|
|
test("NOERROR", ["pre",
|
|
yxrrset("$zone NS ns2.$zone")]);
|
|
|
|
# Non-apex
|
|
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
|
|
test("NOERROR", ["update", rr_del("n.$zone NS ns1.$zone")]);
|
|
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
|
|
|
|
# Other ways of deleting NS records should also fail at the apex
|
|
# and work elsewhere.
|
|
|
|
# Non-apex
|
|
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
|
|
test("NOERROR", ["update", rr_del("n.$zone NS")]);
|
|
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
|
|
|
|
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
|
|
test("NOERROR", ["pre", yxrrset("n.$zone NS")]);
|
|
test("NOERROR", ["update", rr_del("n.$zone")]);
|
|
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
|
|
|
|
# Apex
|
|
test("NOERROR", ["update", rr_del("$zone NS")]);
|
|
test("NOERROR", ["pre",
|
|
yxrrset("$zone NS ns2.$zone")]);
|
|
|
|
test("NOERROR", ["update", rr_del("$zone")]);
|
|
test("NOERROR", ["pre",
|
|
yxrrset("$zone NS ns2.$zone")]);
|
|
|
|
# They should not touch the SOA, either.
|
|
|
|
test("NOERROR", ["update", rr_del("$zone SOA")]);
|
|
test("NOERROR", ["pre", yxrrset("$zone SOA")]);
|
|
|
|
|
|
section("Idempotency");
|
|
|
|
test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["pre", yxrrset("d.$zone A 73.80.65.49")]);
|
|
test("NOERROR", ["update",
|
|
rr_add("d.$zone 300 A 73.80.65.49"),
|
|
rr_del("d.$zone A")]);
|
|
test("NOERROR", ["pre", nxrrset("d.$zone A")]);
|
|
|
|
test("NOERROR", ["update", rr_del("d.$zone A 73.80.65.49")]);
|
|
test("NOERROR", ["pre", nxrrset("d.$zone A")]);
|
|
test("NOERROR", ["update",
|
|
rr_del("d.$zone A"),
|
|
rr_add("d.$zone 300 A 73.80.65.49")]);
|
|
|
|
test("NOERROR", ["pre", yxrrset("d.$zone A")]);
|
|
|
|
section("Out-of-zone prerequisites and updates");
|
|
test("NOTZONE", ["pre", yxrrset("a.somewhere.else. A 73.80.65.49")]);
|
|
test("NOTZONE", ["update", rr_add("a.somewhere.else. 300 A 73.80.65.49")]);
|
|
|
|
|
|
section("Glue");
|
|
test("NOERROR", ["update", rr_add("s.$zone 300 NS ns.s.$zone")]);
|
|
test("NOERROR", ["update", rr_add("ns.s.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["pre", yxrrset("ns.s.$zone A 73.80.65.49")]);
|
|
|
|
section("Wildcards");
|
|
test("NOERROR", ["update", rr_add("*.$zone 300 MX 10 mail.$zone")]);
|
|
test("NOERROR", ["pre", yxrrset("*.$zone MX 10 mail.$zone")]);
|
|
test("NXRRSET", ["pre", yxrrset("w.$zone MX 10 mail.$zone")]);
|
|
test("NOERROR", ["pre", nxrrset("w.$zone MX")]);
|
|
test("NOERROR", ["pre", nxdomain("w.$zone")]);
|
|
|
|
|
|
section("SOA serial handling");
|
|
|
|
my $soatimers = "20 20 1814400 3600";
|
|
|
|
# Get the current SOA serial number.
|
|
my $query = $res->query($zone, "SOA");
|
|
my ($old_soa) = $query->answer;
|
|
|
|
my $old_serial = $old_soa->serial;
|
|
|
|
# Increment it by 10.
|
|
my $new_serial = $old_serial + 10;
|
|
if ($new_serial > 0xFFFFFFFF) {
|
|
$new_serial -= 0x80000000;
|
|
$new_serial -= 0x80000000;
|
|
}
|
|
|
|
# Replace the SOA with a new one.
|
|
test("NOERROR", ["update", rr_add("$zone 300 SOA mname1. . $new_serial $soatimers")]);
|
|
|
|
# Check that the SOA really got replaced.
|
|
($db_soa) = $res->query($zone, "SOA")->answer;
|
|
assert($db_soa->mname eq "mname1");
|
|
|
|
# Check that attempts to decrement the serial number are ignored.
|
|
$new_serial = $old_serial - 10;
|
|
if ($new_serial < 0) {
|
|
$new_serial += 0x80000000;
|
|
$new_serial += 0x80000000;
|
|
}
|
|
test("NOERROR", ["update", rr_add("$zone 300 SOA mname2. . $new_serial $soatimers")]);
|
|
assert($db_soa->mname eq "mname1");
|
|
|
|
# Check that attempts to leave the serial number unchanged are ignored.
|
|
($old_soa) = $res->query($zone, "SOA")->answer;
|
|
$old_serial = $old_soa->serial;
|
|
test("NOERROR", ["update", rr_add("$zone 300 SOA mname3. . $old_serial " .
|
|
$soatimers)]);
|
|
($db_soa) = $res->query($zone, "SOA")->answer;
|
|
assert($db_soa->mname eq "mname1");
|
|
|
|
#
|
|
# Currently commented out because Net::DNS does not properly
|
|
# support multiple strings in TXT records.
|
|
#
|
|
#section("Big data");
|
|
#test("NOERROR", ["update", rr_add("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
|
|
#test("NOERROR", ["update", rr_del("a.$zone TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
|
|
test("NOERROR", ["update", rr_add("a.$zone 300 TXT " . ("foo " x 3))]);
|
|
|
|
section("Updating TTLs only");
|
|
|
|
test("NOERROR", ["update", rr_add("t.$zone 300 A 73.80.65.49")]);
|
|
($a) = $res->query("t.$zone", "A")->answer;
|
|
$ttl = $a->ttl;
|
|
assert($ttl == 300, "incorrect TTL value $ttl != 300");
|
|
test("NOERROR", ["update",
|
|
rr_del("t.$zone A 73.80.65.49"),
|
|
rr_add("t.$zone 301 A 73.80.65.49")]);
|
|
($a) = $res->query("t.$zone", "A")->answer;
|
|
$ttl = $a->ttl;
|
|
assert($ttl == 301, "incorrect TTL value $ttl != 301");
|
|
|
|
# Add an RR that is identical to an existing one except for the TTL.
|
|
# RFC2136 is not clear about what this should do; it says "duplicate RRs
|
|
# will be silently ignored" but is an RR differing only in TTL
|
|
# to be considered a duplicate or not? The test assumes that it
|
|
# should not be considered a duplicate.
|
|
test("NOERROR", ["update", rr_add("t.$zone 302 A 73.80.65.50")]);
|
|
($a) = $res->query("t.$zone", "A")->answer;
|
|
$ttl = $a->ttl;
|
|
assert($ttl == 302, "incorrect TTL value $ttl != 302");
|
|
|
|
section("TTL normalization");
|
|
|
|
# The desired behaviour is that the old RRs get their TTL
|
|
# changed to match the new one. RFC2136 does not explicitly
|
|
# specify this, but I think it makes more sense than the
|
|
# alternatives.
|
|
|
|
test("NOERROR", ["update", rr_add("t.$zone 303 A 73.80.65.51")]);
|
|
(@answers) = $res->query("t.$zone", "A")->answer;
|
|
$nanswers = scalar @answers;
|
|
assert($nanswers == 3, "wrong number of answers $nanswers != 3");
|
|
foreach $a (@answers) {
|
|
$ttl = $a->ttl;
|
|
assert($ttl == 303, "incorrect TTL value $ttl != 303");
|
|
}
|
|
|
|
section("Obscuring existing data by zone cut");
|
|
test("NOERROR", ["update", rr_add("a.u.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["update", rr_add("b.u.$zone 300 A 73.80.65.49")]);
|
|
test("NOERROR", ["update", rr_add("u.$zone 300 TXT txt-not-in-nxt")]);
|
|
test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
|
|
|
|
test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]);
|
|
|
|
if ($Net::DNS::VERSION < 1.01) {
|
|
print "skipped Excessive NSEC3PARAM iterations; Net::DNS too old.\n";
|
|
} else {
|
|
section("Excessive NSEC3PARAM iterations");
|
|
test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 51 -")]);
|
|
test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 50 -")]);
|
|
}
|
|
|
|
if ($failures) {
|
|
print "$failures tests failed.\n";
|
|
} else {
|
|
print "All tests successful.\n";
|
|
}
|
|
exit $failures;
|