summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/forward/tests.sh
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/tests/system/forward/tests.sh135
1 files changed, 135 insertions, 0 deletions
diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh
new file mode 100644
index 0000000..f23cde1
--- /dev/null
+++ b/bin/tests/system/forward/tests.sh
@@ -0,0 +1,135 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="-p ${PORT}"
+
+root=10.53.0.1
+hidden=10.53.0.2
+f1=10.53.0.3
+f2=10.53.0.4
+
+status=0
+
+echo_i "checking that a forward zone overrides global forwarders"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward first zone no forwarders recurses"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward only zone no forwarders fails"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.root dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that global forwarders work"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$f1 > dig.out.f1 || ret=1
+digcomp dig.out.hidden dig.out.f1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward zone works"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that forwarding doesn't spontaneously happen"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.root dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward zone with no specified policy works"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$hidden > dig.out.hidden || ret=1
+$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$f2 > dig.out.f2 || ret=1
+digcomp dig.out.hidden dig.out.f2 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that a forward only doesn't recurse"
+ret=0
+$DIG $DIGOPTS txt.example5. txt @$f2 > dig.out.f2 || ret=1
+grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking for negative caching of forwarder response"
+# prime the cache, shutdown the forwarder then check that we can
+# get the answer from the cache. restart forwarder.
+ret=0
+$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+$PERL ../stop.pl . ns4 || ret=1
+$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+$PERL ../start.pl --restart --noclean --port ${PORT} . ns4 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that forward only zone overrides empty zone"
+ret=0
+$DIG $DIGOPTS 1.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
+grep "status: NOERROR" dig.out.f2 > /dev/null || ret=1
+$DIG $DIGOPTS 2.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
+grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that DS lookups for grafting forward zones are isolated"
+ret=0
+$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q1
+$DIG $DIGOPTS grafted DS @10.53.0.4 > dig.out.q2
+$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q3
+$DIG $DIGOPTS grafted AAAA @10.53.0.4 > dig.out.q4
+grep "status: NOERROR" dig.out.q1 > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.q2 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q3 > /dev/null || ret=1
+grep "status: NOERROR" dig.out.q4 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that rfc1918 inherited 'forward first;' zones are warned about"
+ret=0
+$CHECKCONF rfc1918-inherited.conf | grep "forward first;" >/dev/null || ret=1
+$CHECKCONF rfc1918-notinherited.conf | grep "forward first;" >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that ULA inherited 'forward first;' zones are warned about"
+ret=0
+$CHECKCONF ula-inherited.conf | grep "forward first;" >/dev/null || ret=1
+$CHECKCONF ula-notinherited.conf | grep "forward first;" >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1