diff options
Diffstat (limited to '')
52 files changed, 3300 insertions, 0 deletions
diff --git a/bin/tests/system/nsupdate/ans4/ans.pl b/bin/tests/system/nsupdate/ans4/ans.pl new file mode 100644 index 0000000..6a4461b --- /dev/null +++ b/bin/tests/system/nsupdate/ans4/ans.pl @@ -0,0 +1,58 @@ +#!/usr/bin/perl +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +use IO::Socket; +use IO::File; +use strict; + +# Ignore SIGPIPE so we won't fail if peer closes a TCP socket early +local $SIG{PIPE} = 'IGNORE'; + +# Flush logged output after every line +local $| = 1; + +my $server_addr = "10.53.0.4"; +if (@ARGV > 0) { + $server_addr = @ARGV[0]; +} + +my $localport = int($ENV{'PORT'}); +if (!$localport) { $localport = 5300; } + +my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!"; + +print "listening on $server_addr:$localport.\n"; + +my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; +print $pidf "$$\n" or die "cannot write pid file: $!"; +$pidf->close or die "cannot close pid file: $!";; +sub rmpid { unlink "ans.pid"; exit 1; }; + +$SIG{INT} = \&rmpid; +$SIG{TERM} = \&rmpid; + +# Main +for (;;) { + my $rin; + my $rout; + + $rin = ''; + vec($rin, fileno($udpsock), 1) = 1; + + select($rout = $rin, undef, undef, undef); + + if (vec($rout, fileno($udpsock), 1)) { + printf "UDP request\n"; + my $buf; + $udpsock->recv($buf, 512); + } +} diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh new file mode 100644 index 0000000..c780219 --- /dev/null +++ b/bin/tests/system/nsupdate/clean.sh @@ -0,0 +1,60 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# +# Clean up after zone transfer tests. +# + +rm -f verylarge +rm -f */named.memstats +rm -f */named.run */ans.run +rm -f */named.conf +rm -f Kxxx.* +rm -f dig.out.* +rm -f jp.out.ns3.* +rm -f ns*/named.lock +rm -f */*.jnl +rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.db ns1/keytests.db +rm -f ns1/many.test.db +rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key +rm -f ns1/sha512.key ns1/ddns.key +rm -f ns2/example.bk +rm -f ns2/update.bk ns2/update.alt.bk +rm -f ns3/*.signed +rm -f ns3/K* +rm -f ns3/delegation.test.db +rm -f ns3/dnskey.test.db +rm -f ns3/dsset-* +rm -f ns3/example.db +rm -f ns3/many.test.bk +rm -f ns3/nsec3param.test.db +rm -f ns3/too-big.test.db +rm -f ns5/local.db +rm -f ns6/in-addr.db +rm -f ns7/in-addr.db +rm -f ns7/example.com.db +rm -f ns7/_default.tsigkeys +rm -f ns8/in-addr.db +rm -f ns8/example.com.db +rm -f ns8/_default.tsigkeys +rm -f ns9/in-addr.db +rm -f ns9/example.com.db +rm -f ns9/_default.tsigkeys +rm -f ns10/example.com.db +rm -f ns10/in-addr.db +rm -f ns10/_default.tsigkeys +rm -f nsupdate.out* +rm -f typelist.out.* +rm -f ns1/sample.db +rm -f ns2/sample.db +rm -f update.out.* +rm -f check.out.* +rm -f update.out.* diff --git a/bin/tests/system/nsupdate/commandlist b/bin/tests/system/nsupdate/commandlist new file mode 100644 index 0000000..41c8049 --- /dev/null +++ b/bin/tests/system/nsupdate/commandlist @@ -0,0 +1,15 @@ +server 127.0.0.1 +server 127.0.0.1 port +update +update delete +update delete dummy +update delete dummy in +update delete dummy in a +update delete dummy in a 127.0.0.1 +update add +update add domain +update add domain 0 +update add domain 0 in +update add domain 0 in a +update add domain 0 a +update add domain 0 a in diff --git a/bin/tests/system/nsupdate/knowngood.ns1.after b/bin/tests/system/nsupdate/knowngood.ns1.after new file mode 100644 index 0000000..4114159 --- /dev/null +++ b/bin/tests/system/nsupdate/knowngood.ns1.after @@ -0,0 +1,99 @@ +example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 2 2000 2000 1814400 3600 +example.nil. 300 IN NS ns1.example.nil. +example.nil. 300 IN NS ns2.example.nil. +*.example.nil. 300 IN MX 10 mail.example.nil. +a.example.nil. 300 IN TXT "foo foo foo" +a.example.nil. 300 IN PTR foo.net. +a01.example.nil. 3600 IN A 0.0.0.0 +a02.example.nil. 3600 IN A 255.255.255.255 +a601.example.nil. 3600 IN AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +afsdb01.example.nil. 3600 IN AFSDB 0 hostname.example.nil. +afsdb02.example.nil. 3600 IN AFSDB 65535 . +b.example.nil. 300 IN CNAME foo.net. +c.example.nil. 300 IN A 73.80.65.49 +cert01.example.nil. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= +cname01.example.nil. 3600 IN CNAME cname-target. +cname02.example.nil. 3600 IN CNAME cname-target.example.nil. +cname03.example.nil. 3600 IN CNAME . +d.example.nil. 300 IN A 73.80.65.49 +dname01.example.nil. 3600 IN DNAME dname-target. +dname02.example.nil. 3600 IN DNAME dname-target.example.nil. +dname03.example.nil. 3600 IN DNAME . +e.example.nil. 300 IN MX 10 mail.example.nil. +e.example.nil. 300 IN TXT "one" +e.example.nil. 300 IN TXT "two" +e.example.nil. 300 IN TXT "three" +e.example.nil. 300 IN A 73.80.65.49 +e.example.nil. 300 IN A 73.80.65.50 +e.example.nil. 300 IN A 73.80.65.51 +e.example.nil. 300 IN A 73.80.65.52 +f.example.nil. 300 IN A 73.80.65.52 +gpos01.example.nil. 3600 IN GPOS "-22.6882" "116.8652" "250.0" +gpos02.example.nil. 3600 IN GPOS "" "" "" +hinfo01.example.nil. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" +hinfo02.example.nil. 3600 IN HINFO "PC" "NetBSD" +isdn01.example.nil. 3600 IN ISDN "isdn-address" +isdn02.example.nil. 3600 IN ISDN "isdn-address" "subaddress" +isdn03.example.nil. 3600 IN ISDN "isdn-address" +isdn04.example.nil. 3600 IN ISDN "isdn-address" "subaddress" +key01.example.nil. 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= +kx01.example.nil. 3600 IN KX 10 kdc.example.nil. +kx02.example.nil. 3600 IN KX 10 . +loc01.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +loc02.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +mb01.example.nil. 3600 IN MG madname.example.nil. +mb02.example.nil. 3600 IN MG . +mg01.example.nil. 3600 IN MG mgmname.example.nil. +mg02.example.nil. 3600 IN MG . +minfo01.example.nil. 3600 IN MINFO rmailbx.example.nil. emailbx.example.nil. +minfo02.example.nil. 3600 IN MINFO . . +mr01.example.nil. 3600 IN MR mrname.example.nil. +mr02.example.nil. 3600 IN MR . +mx01.example.nil. 3600 IN MX 10 mail.example.nil. +mx02.example.nil. 3600 IN MX 10 . +naptr01.example.nil. 3600 IN NAPTR 0 0 "" "" "" . +naptr02.example.nil. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blllbb" foo. +ns1.example.nil. 300 IN A 10.53.0.1 +ns2.example.nil. 300 IN A 10.53.0.2 +nsap-ptr01.example.nil. 3600 IN NSAP-PTR . +nsap-ptr01.example.nil. 3600 IN NSAP-PTR foo. +nsap01.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100 +nsap02.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100 +nxt01.example.nil. 3600 IN NXT a.secure.example.nil. NS SOA MX SIG KEY LOC NXT +nxt02.example.nil. 3600 IN NXT . NSAP-PTR NXT +nxt03.example.nil. 3600 IN NXT . A +nxt04.example.nil. 3600 IN NXT . 127 +ptr01.example.nil. 3600 IN PTR example.nil. +px01.example.nil. 3600 IN PX 65535 foo. bar. +px02.example.nil. 3600 IN PX 65535 . . +rp01.example.nil. 3600 IN RP mbox-dname.example.nil. txt-dname.example.nil. +rp02.example.nil. 3600 IN RP . . +rt01.example.nil. 3600 IN RT 0 intermediate-host.example.nil. +rt02.example.nil. 3600 IN RT 65535 . +s.example.nil. 300 IN NS ns.s.example.nil. +ns.s.example.nil. 300 IN A 73.80.65.49 +sig01.example.nil. 3600 IN SIG NXT 1 3 3600 20000102030405 19961211100908 2143 foo.example.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= +srv01.example.nil. 3600 IN SRV 0 0 0 . +srv02.example.nil. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. +txt01.example.nil. 3600 IN TXT "foo" +txt02.example.nil. 3600 IN TXT "foo" "bar" +txt03.example.nil. 3600 IN TXT "foo" +txt04.example.nil. 3600 IN TXT "foo" "bar" +txt05.example.nil. 3600 IN TXT "foo bar" +txt06.example.nil. 3600 IN TXT "foo bar" +txt07.example.nil. 3600 IN TXT "foo bar" +txt08.example.nil. 3600 IN TXT "foo\010bar" +txt09.example.nil. 3600 IN TXT "foo\010bar" +txt10.example.nil. 3600 IN TXT "foo bar" +txt11.example.nil. 3600 IN TXT "\"foo\"" +txt12.example.nil. 3600 IN TXT "\"foo\"" +u.example.nil. 300 IN TXT "txt-not-in-nxt" +a.u.example.nil. 300 IN A 73.80.65.49 +b.u.example.nil. 300 IN A 73.80.65.49 +updated.example.nil. 600 IN TXT "Foo" +updated.example.nil. 600 IN A 10.10.10.1 +wks01.example.nil. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 +wks02.example.nil. 3600 IN WKS 10.0.0.1 17 0 1 2 53 +wks03.example.nil. 3600 IN WKS 10.0.0.2 6 65535 +x2501.example.nil. 3600 IN X25 "123456789" +example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 2 2000 2000 1814400 3600 diff --git a/bin/tests/system/nsupdate/knowngood.ns1.afterstop b/bin/tests/system/nsupdate/knowngood.ns1.afterstop new file mode 100644 index 0000000..e871d4c --- /dev/null +++ b/bin/tests/system/nsupdate/knowngood.ns1.afterstop @@ -0,0 +1,3 @@ +updated4.example.nil. 600 IN A 10.10.10.3 +example.nil. 300 IN NS ns1.example.nil. +example.nil. 300 IN NS ns2.example.nil. diff --git a/bin/tests/system/nsupdate/knowngood.ns1.before b/bin/tests/system/nsupdate/knowngood.ns1.before new file mode 100644 index 0000000..4a5e630 --- /dev/null +++ b/bin/tests/system/nsupdate/knowngood.ns1.before @@ -0,0 +1,98 @@ +example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 1 2000 2000 1814400 3600 +example.nil. 300 IN NS ns1.example.nil. +example.nil. 300 IN NS ns2.example.nil. +*.example.nil. 300 IN MX 10 mail.example.nil. +a.example.nil. 300 IN TXT "foo foo foo" +a.example.nil. 300 IN PTR foo.net. +a01.example.nil. 3600 IN A 0.0.0.0 +a02.example.nil. 3600 IN A 255.255.255.255 +a601.example.nil. 3600 IN AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +afsdb01.example.nil. 3600 IN AFSDB 0 hostname.example.nil. +afsdb02.example.nil. 3600 IN AFSDB 65535 . +b.example.nil. 300 IN CNAME foo.net. +c.example.nil. 300 IN A 73.80.65.49 +cert01.example.nil. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= +cname01.example.nil. 3600 IN CNAME cname-target. +cname02.example.nil. 3600 IN CNAME cname-target.example.nil. +cname03.example.nil. 3600 IN CNAME . +d.example.nil. 300 IN A 73.80.65.49 +dname01.example.nil. 3600 IN DNAME dname-target. +dname02.example.nil. 3600 IN DNAME dname-target.example.nil. +dname03.example.nil. 3600 IN DNAME . +e.example.nil. 300 IN MX 10 mail.example.nil. +e.example.nil. 300 IN TXT "one" +e.example.nil. 300 IN TXT "two" +e.example.nil. 300 IN TXT "three" +e.example.nil. 300 IN A 73.80.65.49 +e.example.nil. 300 IN A 73.80.65.50 +e.example.nil. 300 IN A 73.80.65.51 +e.example.nil. 300 IN A 73.80.65.52 +f.example.nil. 300 IN A 73.80.65.52 +gpos01.example.nil. 3600 IN GPOS "-22.6882" "116.8652" "250.0" +gpos02.example.nil. 3600 IN GPOS "" "" "" +hinfo01.example.nil. 3600 IN HINFO "Generic PC clone" "NetBSD-1.4" +hinfo02.example.nil. 3600 IN HINFO "PC" "NetBSD" +isdn01.example.nil. 3600 IN ISDN "isdn-address" +isdn02.example.nil. 3600 IN ISDN "isdn-address" "subaddress" +isdn03.example.nil. 3600 IN ISDN "isdn-address" +isdn04.example.nil. 3600 IN ISDN "isdn-address" "subaddress" +key01.example.nil. 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= +kx01.example.nil. 3600 IN KX 10 kdc.example.nil. +kx02.example.nil. 3600 IN KX 10 . +loc01.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +loc02.example.nil. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +mb01.example.nil. 3600 IN MG madname.example.nil. +mb02.example.nil. 3600 IN MG . +mg01.example.nil. 3600 IN MG mgmname.example.nil. +mg02.example.nil. 3600 IN MG . +minfo01.example.nil. 3600 IN MINFO rmailbx.example.nil. emailbx.example.nil. +minfo02.example.nil. 3600 IN MINFO . . +mr01.example.nil. 3600 IN MR mrname.example.nil. +mr02.example.nil. 3600 IN MR . +mx01.example.nil. 3600 IN MX 10 mail.example.nil. +mx02.example.nil. 3600 IN MX 10 . +naptr01.example.nil. 3600 IN NAPTR 0 0 "" "" "" . +naptr02.example.nil. 3600 IN NAPTR 65535 65535 "blurgh" "blorf" "blllbb" foo. +ns1.example.nil. 300 IN A 10.53.0.1 +ns2.example.nil. 300 IN A 10.53.0.2 +nsap-ptr01.example.nil. 3600 IN NSAP-PTR . +nsap-ptr01.example.nil. 3600 IN NSAP-PTR foo. +nsap01.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100 +nsap02.example.nil. 3600 IN NSAP 0x47000580005a0000000001e133ffffff00016100 +nxt01.example.nil. 3600 IN NXT a.secure.example.nil. NS SOA MX SIG KEY LOC NXT +nxt02.example.nil. 3600 IN NXT . NSAP-PTR NXT +nxt03.example.nil. 3600 IN NXT . A +nxt04.example.nil. 3600 IN NXT . 127 +ptr01.example.nil. 3600 IN PTR example.nil. +px01.example.nil. 3600 IN PX 65535 foo. bar. +px02.example.nil. 3600 IN PX 65535 . . +rp01.example.nil. 3600 IN RP mbox-dname.example.nil. txt-dname.example.nil. +rp02.example.nil. 3600 IN RP . . +rt01.example.nil. 3600 IN RT 0 intermediate-host.example.nil. +rt02.example.nil. 3600 IN RT 65535 . +s.example.nil. 300 IN NS ns.s.example.nil. +ns.s.example.nil. 300 IN A 73.80.65.49 +sig01.example.nil. 3600 IN SIG NXT 1 3 3600 20000102030405 19961211100908 2143 foo.example.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY= +srv01.example.nil. 3600 IN SRV 0 0 0 . +srv02.example.nil. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. +t.example.nil. 301 IN A 73.80.65.49 +txt01.example.nil. 3600 IN TXT "foo" +txt02.example.nil. 3600 IN TXT "foo" "bar" +txt03.example.nil. 3600 IN TXT "foo" +txt04.example.nil. 3600 IN TXT "foo" "bar" +txt05.example.nil. 3600 IN TXT "foo bar" +txt06.example.nil. 3600 IN TXT "foo bar" +txt07.example.nil. 3600 IN TXT "foo bar" +txt08.example.nil. 3600 IN TXT "foo\010bar" +txt09.example.nil. 3600 IN TXT "foo\010bar" +txt10.example.nil. 3600 IN TXT "foo bar" +txt11.example.nil. 3600 IN TXT "\"foo\"" +txt12.example.nil. 3600 IN TXT "\"foo\"" +u.example.nil. 300 IN TXT "txt-not-in-nxt" +a.u.example.nil. 300 IN A 73.80.65.49 +b.u.example.nil. 300 IN A 73.80.65.49 +wks01.example.nil. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 +wks02.example.nil. 3600 IN WKS 10.0.0.1 17 0 1 2 53 +wks03.example.nil. 3600 IN WKS 10.0.0.2 6 65535 +x2501.example.nil. 3600 IN X25 "123456789" +example.nil. 300 IN SOA ns1.example.nil. hostmaster.example.nil. 1 2000 2000 1814400 3600 diff --git a/bin/tests/system/nsupdate/krb/setup.sh b/bin/tests/system/nsupdate/krb/setup.sh new file mode 100644 index 0000000..3c37777 --- /dev/null +++ b/bin/tests/system/nsupdate/krb/setup.sh @@ -0,0 +1,113 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -x + +PWD=`pwd` + +KRB5_CONFIG="${PWD}/krb5.conf" +export KRB5_CONFIG + +KRB5_KDC_PROFILE=${PWD}/krb5kdc +export KRB5_KDC_PROFILE + +now=`date +%s` +lifetime=`expr 2147483647 - $now` +lifetime=`expr $lifetime / 3600 / 24 - 30` + +cat << EOF > "${KRB5_CONFIG}" +[libdefaults] + default_realm = EXAMPLE.COM + dns_lookup_kdc = false + # Depending on what you are testing, you may want something like: + # default_keytab_name = FILE:/usr/local/var/keytab +[realms] + EXAMPLE.COM = { + admin_server = 127.0.0.1:50001 + kdc = 127.0.0.1:50000 + database_module = DB2 + kdc_ports = 50000 + kadmind_port = 50001 + } +[dbmodules] + DB2 = { + db_library = db2 + } +[logging] + # Use any pathnames you want here. + kdc = FILE:${PWD}/kdc.log + admin_server = FILE:${PWD}/kadmin.log +# Depending on what you are testing, you may want: +# [domain_realm] +# your.domain = EXAMPLE.COM +EOF + +rm -rf ${KRB5_KDC_PROFILE} +mkdir -p ${KRB5_KDC_PROFILE} +chmod 700 ${KRB5_KDC_PROFILE} + +cat << EOF > "${KRB5_KDC_PROFILE}"/kdc.conf +[kdcdefaults] + kdc_ports = 50000 + kdc_tcp_ports = 50000 + +[realms] + EXAMPLE.COM = { + key_stash_file = ${KRB5_KDC_PROFILE}/.k5.EXAMPLE.COM + database_module = EXAMPLE.COM + max_life = ${lifetime}d +} + +[dbmodules] + EXAMPLE.COM = { + db_library = db2 + database_name = ${KRB5_KDC_PROFILE}/principal + } +EOF + +kdb5_util create -s <<EOF +master +master +EOF + +krb5kdc -n & +krb5kdcpid=$! +#trap "kill $krb5kdcpid; wait; trap 0; exit" 0 15 + + +kadmin.local addprinc -maxlife ${lifetime}d -randkey DNS/ns7.example.com@EXAMPLE.COM +kadmin.local addprinc -maxlife ${lifetime}d -randkey DNS/ns8.example.com@EXAMPLE.COM +kadmin.local addprinc -maxlife ${lifetime}d -randkey host/machine.example.com@EXAMPLE.COM + +kadmin.local ktadd -k ns7-server.keytab DNS/ns7.example.com@EXAMPLE.COM +kadmin.local ktadd -k ns8-server.keytab DNS/ns8.example.com@EXAMPLE.COM +kadmin.local ktadd -k krb5-machine.keytab host/machine.example.com@EXAMPLE.COM + +kadmin.local addprinc -maxlife ${lifetime}d -randkey 'DNS/ns9.example.com@EXAMPLE.COM' +kadmin.local addprinc -maxlife ${lifetime}d -randkey 'DNS/ns10.example.com@EXAMPLE.COM' +kadmin.local addprinc -maxlife ${lifetime}d -randkey 'machine$@EXAMPLE.COM' + +kadmin.local ktadd -k ns9-server.keytab 'DNS/ns9.example.com@EXAMPLE.COM' +kadmin.local ktadd -k ns10-server.keytab 'DNS/ns10.example.com@EXAMPLE.COM' +kadmin.local ktadd -k ms-machine.keytab 'machine$@EXAMPLE.COM' + +kinit -V -k -t krb5-machine.keytab -l ${lifetime}d -c krb5-machine.ccache host/machine.example.com@EXAMPLE.COM +kinit -V -k -t ms-machine.keytab -l ${lifetime}d -c ms-machine.ccache 'machine$@EXAMPLE.COM' + +cp ns7-server.keytab ../ns7/dns.keytab +cp ns8-server.keytab ../ns8/dns.keytab +cp ns9-server.keytab ../ns9/dns.keytab +cp ns10-server.keytab ../ns10/dns.keytab + +cp krb5-machine.ccache ../ns7/machine.ccache +cp krb5-machine.ccache ../ns8/machine.ccache +cp ms-machine.ccache ../ns9/machine.ccache +cp ms-machine.ccache ../ns10/machine.ccache + +echo krb5kdc pid:$krb5kdcpid diff --git a/bin/tests/system/nsupdate/ns1/example1.db b/bin/tests/system/nsupdate/ns1/example1.db new file mode 100644 index 0000000..1ca6589 --- /dev/null +++ b/bin/tests/system/nsupdate/ns1/example1.db @@ -0,0 +1,144 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example.nil IN SOA ns1.example.nil. hostmaster.example.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example.nil. NS ns1.example.nil. +ns1.example.nil. A 10.53.0.1 +example.nil. NS ns2.example.nil. +ns2.example.nil. A 10.53.0.2 + +$ORIGIN example.nil. +* MX 10 mail +a TXT "foo foo foo" + PTR foo.net. +$TTL 3600 ; 1 hour +a01 A 0.0.0.0 +a02 A 255.255.255.255 +a601 AAAA ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +afsdb01 AFSDB 0 hostname +afsdb02 AFSDB 65535 . +$TTL 300 ; 5 minutes +b CNAME foo.net. +c A 73.80.65.49 +$TTL 3600 ; 1 hour +cert01 CERT 65534 65535 PRIVATEOID ( + MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi + WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl + d80jEeC8aTrO+KKmCaY= ) +cname01 CNAME cname-target. +cname02 CNAME cname-target +cname03 CNAME . +$TTL 300 ; 5 minutes +d A 73.80.65.49 +$TTL 3600 ; 1 hour +dname01 DNAME dname-target. +dname02 DNAME dname-target +dname03 DNAME . +$TTL 300 ; 5 minutes +e MX 10 mail + TXT "one" + TXT "three" + TXT "two" + A 73.80.65.49 + A 73.80.65.50 + A 73.80.65.52 + A 73.80.65.51 +f A 73.80.65.52 +$TTL 3600 ; 1 hour +gpos01 GPOS "-22.6882" "116.8652" "250.0" +gpos02 GPOS "" "" "" +hinfo01 HINFO "Generic PC clone" "NetBSD-1.4" +hinfo02 HINFO "PC" "NetBSD" +isdn01 ISDN "isdn-address" +isdn02 ISDN "isdn-address" "subaddress" +isdn03 ISDN "isdn-address" +isdn04 ISDN "isdn-address" "subaddress" +key01 KEY 512 255 1 ( + AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR + yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 + GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o + jqf0BaqHT+8= ) +kx01 KX 10 kdc +kx02 KX 10 . +loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +loc02 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m +mb01 MG madname +mb02 MG . +mg01 MG mgmname +mg02 MG . +minfo01 MINFO rmailbx emailbx +minfo02 MINFO . . +mr01 MR mrname +mr02 MR . +mx01 MX 10 mail +mx02 MX 10 . +naptr01 NAPTR 0 0 "" "" "" . +naptr02 NAPTR 65535 65535 "blurgh" "blorf" "blllbb" foo. +nsap-ptr01 NSAP-PTR foo. + NSAP-PTR . +nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100 +nsap02 NSAP 0x47000580005a0000000001e133ffffff00016100 +nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT ) +nxt02 NXT . ( NSAP-PTR NXT ) +nxt03 NXT . ( A ) +nxt04 NXT . ( 127 ) +ptr01 PTR example.nil. +px01 PX 65535 foo. bar. +px02 PX 65535 . . +rp01 RP mbox-dname txt-dname +rp02 RP . . +rt01 RT 0 intermediate-host +rt02 RT 65535 . +$TTL 300 ; 5 minutes +s NS ns.s +$ORIGIN s.example.nil. +ns A 73.80.65.49 +$ORIGIN example.nil. +$TTL 3600 ; 1 hour +sig01 SIG NXT 1 3 3600 20000102030405 ( + 19961211100908 2143 foo + MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi + WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl + d80jEeC8aTrO+KKmCaY= ) +srv01 SRV 0 0 0 . +srv02 SRV 65535 65535 65535 old-slow-box.example.com. +$TTL 301 ; 5 minutes 1 second +t A 73.80.65.49 +$TTL 3600 ; 1 hour +txt01 TXT "foo" +txt02 TXT "foo" "bar" +txt03 TXT "foo" +txt04 TXT "foo" "bar" +txt05 TXT "foo bar" +txt06 TXT "foo bar" +txt07 TXT "foo bar" +txt08 TXT "foo\010bar" +txt09 TXT "foo\010bar" +txt10 TXT "foo bar" +txt11 TXT "\"foo\"" +txt12 TXT "\"foo\"" +$TTL 300 ; 5 minutes +u TXT "txt-not-in-nxt" +$ORIGIN u.example.nil. +a A 73.80.65.49 +b A 73.80.65.49 +$ORIGIN example.nil. +$TTL 3600 ; 1 hour +wks01 WKS 10.0.0.1 6 ( 0 1 2 21 23 ) +wks02 WKS 10.0.0.1 17 ( 0 1 2 53 ) +wks03 WKS 10.0.0.2 6 ( 65535 ) +x2501 X25 "123456789" diff --git a/bin/tests/system/nsupdate/ns1/many.test.db.in b/bin/tests/system/nsupdate/ns1/many.test.db.in new file mode 100644 index 0000000..2c84670 --- /dev/null +++ b/bin/tests/system/nsupdate/ns1/many.test.db.in @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +many.test IN SOA ns1.example.nil. hostmaster.example.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +many.test NS ns1.example.nil. +many.test NS ns2.example.nil. diff --git a/bin/tests/system/nsupdate/ns1/max-ttl.db b/bin/tests/system/nsupdate/ns1/max-ttl.db new file mode 100644 index 0000000..0250960 --- /dev/null +++ b/bin/tests/system/nsupdate/ns1/max-ttl.db @@ -0,0 +1,27 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +max-ttl.nil IN SOA ns1.max-ttl.nil. hostmaster.max-ttl.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +max-ttl.nil. NS ns1.max-ttl.nil. +ns1.max-ttl.nil. A 10.53.0.1 +max-ttl.nil. NS ns2.max-ttl.nil. +ns2.max-ttl.nil. A 10.53.0.2 + +$ORIGIN max-ttl.nil. +* MX 10 mail +a TXT "foo foo foo" + PTR foo.net. diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in new file mode 100644 index 0000000..1d999ad --- /dev/null +++ b/bin/tests/system/nsupdate/ns1/named.conf.in @@ -0,0 +1,134 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.1 dscp 1; + notify-source 10.53.0.1 dscp 22; + transfer-source 10.53.0.1 dscp 3; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.1; 127.0.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +key altkey { + algorithm hmac-md5; + secret "1234abcd8765"; +}; + +include "ddns.key"; + +zone "example.nil" { + type master; + file "example.db"; + check-integrity no; + check-mx ignore; + update-policy { + grant ddns-key.example.nil subdomain example.nil ANY; + }; + allow-transfer { any; }; +}; + +zone "max-ttl.nil" { + type master; + file "max-ttl.db"; + max-zone-ttl 300; + check-integrity no; + allow-update { any; }; + allow-transfer { any; }; +}; + +zone "other.nil" { + type master; + file "other.db"; + check-integrity no; + check-mx warn; + update-policy local; + allow-query-on { 10.53.0.1; 127.0.0.1; }; + allow-transfer { any; }; +}; + +masters othermasters { + 10.53.0.2 port @PORT@; + 10.53.0.2 port @PORT@ key altkey; +}; + +zone "update.nil" { + type master; + file "update.db"; + check-integrity no; + check-mx fail; + allow-update { any; }; + allow-transfer { any; }; + also-notify { othermasters; }; +}; + +zone "unixtime.nil" { + type master; + file "unixtime.db"; + check-integrity no; + allow-update { any; }; + allow-transfer { any; }; + serial-update-method unixtime; +}; + +zone "yyyymmddvv.nil" { + type master; + file "yyyymmddvv.db"; + check-integrity no; + allow-update { any; }; + allow-transfer { any; }; + serial-update-method date; +}; + +include "md5.key"; +include "sha1.key"; +include "sha224.key"; +include "sha256.key"; +include "sha384.key"; +include "sha512.key"; + +zone "keytests.nil" { + type master; + file "keytests.db"; + update-policy { + grant md5-key name md5.keytests.nil. ANY; + grant sha1-key name sha1.keytests.nil. ANY; + grant sha224-key name sha224.keytests.nil. ANY; + grant sha256-key name sha256.keytests.nil. ANY; + grant sha384-key name sha384.keytests.nil. ANY; + grant sha512-key name sha512.keytests.nil. ANY; + }; +}; + +zone "many.test" { + type master; + allow-update { any; }; + file "many.test.db"; +}; + +zone "sample" { + type master; + allow-update { any; }; + file "sample.db"; +}; diff --git a/bin/tests/system/nsupdate/ns1/sample.db.in b/bin/tests/system/nsupdate/ns1/sample.db.in new file mode 100644 index 0000000..49212a1 --- /dev/null +++ b/bin/tests/system/nsupdate/ns1/sample.db.in @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA ns1 . 0 0 0 0 0 +@ 0 NS ns1 +ns1 0 A 10.53.0.1 +; a RRset that exists +exists 0 TXT This RRset exists. +; nxdomain +; A named without a TXT RRset +no-txt 0 A 1.2.3.4 diff --git a/bin/tests/system/nsupdate/ns10/dns.keytab b/bin/tests/system/nsupdate/ns10/dns.keytab Binary files differnew file mode 100644 index 0000000..95eea90 --- /dev/null +++ b/bin/tests/system/nsupdate/ns10/dns.keytab diff --git a/bin/tests/system/nsupdate/ns10/example.com.db.in b/bin/tests/system/nsupdate/ns10/example.com.db.in new file mode 100644 index 0000000..984274b --- /dev/null +++ b/bin/tests/system/nsupdate/ns10/example.com.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns10.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns10 +ns10 A 10.53.0.10 diff --git a/bin/tests/system/nsupdate/ns10/in-addr.db.in b/bin/tests/system/nsupdate/ns10/in-addr.db.in new file mode 100644 index 0000000..984274b --- /dev/null +++ b/bin/tests/system/nsupdate/ns10/in-addr.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns10.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns10 +ns10 A 10.53.0.10 diff --git a/bin/tests/system/nsupdate/ns10/machine.ccache b/bin/tests/system/nsupdate/ns10/machine.ccache Binary files differnew file mode 100644 index 0000000..ced26bd --- /dev/null +++ b/bin/tests/system/nsupdate/ns10/machine.ccache diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in new file mode 100644 index 0000000..44b207a --- /dev/null +++ b/bin/tests/system/nsupdate/ns10/named.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.10; + notify-source 10.53.0.10; + transfer-source 10.53.0.10; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.10; }; + recursion no; + notify yes; + minimal-responses no; + tkey-gssapi-keytab "dns.keytab"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.10 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "in-addr.arpa" { + type master; + file "in-addr.db"; + update-policy { grant EXAMPLE.COM ms-subdomain . PTR; }; +}; + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant EXAMPLE.COM ms-selfsub . ANY; + grant EXAMPLE.COM ms-subdomain _tcp.example.com SRV; + }; +}; diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in new file mode 100644 index 0000000..b4ecf96 --- /dev/null +++ b/bin/tests/system/nsupdate/ns2/named.conf.in @@ -0,0 +1,64 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2 dscp 4; + notify-source 10.53.0.2 dscp 5; + transfer-source 10.53.0.2 dscp 6; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + acache-enable yes; + notify yes; + serial-query-rate 1; // workaround for KB AA-01213 +}; + +key altkey { + algorithm hmac-md5; + secret "1234abcd8765"; +}; + +view alternate { + match-clients { key altkey; }; + + zone "update.nil" { + type slave; + masters { 10.53.0.1; }; + file "update.alt.bk"; + allow-transfer { any; }; + }; +}; + +view primary { + match-clients { any; }; + + zone "example.nil" { + type slave; + masters { 10.53.0.1; }; + file "example.bk"; + allow-transfer { any; }; + }; + + zone "update.nil" { + type slave; + masters { 10.53.0.1; }; + file "update.bk"; + allow-transfer { any; }; + }; + + zone "sample" { + type master; + allow-update { any; }; + file "sample.db"; + }; +}; diff --git a/bin/tests/system/nsupdate/ns2/sample.db.in b/bin/tests/system/nsupdate/ns2/sample.db.in new file mode 100644 index 0000000..0c8a1c0 --- /dev/null +++ b/bin/tests/system/nsupdate/ns2/sample.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA ns2 . 0 0 0 0 0 +@ 0 NS ns2 +ns2 0 A 10.53.0.2 +; +; These prerequistes are reversed, relative to ns1/sample.db.in: +; 'exists' does not exist. +nxdomain 0 TXT This RRset exists. + +; a name with a TXT RRset +no-txt 0 TXT This RRset exists diff --git a/bin/tests/system/nsupdate/ns3/delegation.test.db.in b/bin/tests/system/nsupdate/ns3/delegation.test.db.in new file mode 100644 index 0000000..a75bcd2 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/delegation.test.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 10 +delegation.test. IN SOA delegation.test. hostmaster.delegation.test. 1 3600 900 2419200 3600 +delegation.test. IN NS delegation.test. +delegation.test. IN A 10.53.0.3 diff --git a/bin/tests/system/nsupdate/ns3/dnskey.test.db.in b/bin/tests/system/nsupdate/ns3/dnskey.test.db.in new file mode 100644 index 0000000..d3393a2 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/dnskey.test.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 10 +dnskey.test. IN SOA dnskey.test. hostmaster.dnskey.test. 1 3600 900 2419200 3600 +dnskey.test. IN NS dnskey.test. +dnskey.test. IN A 10.53.0.3 diff --git a/bin/tests/system/nsupdate/ns3/example.db.in b/bin/tests/system/nsupdate/ns3/example.db.in new file mode 100644 index 0000000..e151333 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/example.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +example. 10 IN SOA example. hostmaster.example. 1 3600 900 2419200 3600 +example. 10 IN NS example. +example. 10 IN A 10.53.0.3 +example. 10 IN NSEC3PARAM 1 1 0 - diff --git a/bin/tests/system/nsupdate/ns3/named.conf.in b/bin/tests/system/nsupdate/ns3/named.conf.in new file mode 100644 index 0000000..e5b414f --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/named.conf.in @@ -0,0 +1,64 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS3 + +options { + query-source address 10.53.0.3 dscp 7; + notify-source 10.53.0.3 dscp 8; + transfer-source 10.53.0.3 dscp 9; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "example" { + type master; + allow-update { any; }; + file "example.db"; +}; + +zone "nsec3param.test" { + type master; + allow-update { any; }; + file "nsec3param.test.db.signed"; +}; + +zone "dnskey.test" { + type master; + allow-update { any; }; + file "dnskey.test.db.signed"; +}; + +zone "many.test" { + type slave; + masters { 10.53.0.1; }; + allow-update-forwarding { any; }; + file "many.test.bk"; +}; + +zone "delegation.test" { + type master; + allow-update { any; }; + file "delegation.test.db.signed"; +}; + +zone "too-big.test" { + type master; + allow-update { any; }; + max-records 3; + file "too-big.test.db"; +}; diff --git a/bin/tests/system/nsupdate/ns3/nsec3param.test.db.in b/bin/tests/system/nsupdate/ns3/nsec3param.test.db.in new file mode 100644 index 0000000..6969414 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/nsec3param.test.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 10 +nsec3param.test. IN SOA nsec3param.test. hostmaster.nsec3param.test. 1 3600 900 2419200 3600 +nsec3param.test. IN NS nsec3param.test. +nsec3param.test. IN A 10.53.0.3 diff --git a/bin/tests/system/nsupdate/ns3/sign.sh b/bin/tests/system/nsupdate/ns3/sign.sh new file mode 100644 index 0000000..4e6e645 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/sign.sh @@ -0,0 +1,46 @@ +#!/bin/sh -e +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=nsec3param.test. +infile=nsec3param.test.db.in +zonefile=nsec3param.test.db + +keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` +keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -P -3 - -H 1 -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null + +zone=dnskey.test. +infile=dnskey.test.db.in +zonefile=dnskey.test.db + +keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null + +zone=delegation.test. +infile=delegation.test.db.in +zonefile=delegation.test.db + +keyname1=`$KEYGEN -q -r $RANDFILE -3 -f KSK $zone` +keyname2=`$KEYGEN -q -r $RANDFILE -3 $zone` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null diff --git a/bin/tests/system/nsupdate/ns3/too-big.test.db.in b/bin/tests/system/nsupdate/ns3/too-big.test.db.in new file mode 100644 index 0000000..f271d27 --- /dev/null +++ b/bin/tests/system/nsupdate/ns3/too-big.test.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 10 +too-big.test. IN SOA too-big.test. hostmaster.too-big.test. 1 3600 900 2419200 3600 +too-big.test. IN NS too-big.test. +too-big.test. IN A 10.53.0.3 diff --git a/bin/tests/system/nsupdate/ns5/local.db.in b/bin/tests/system/nsupdate/ns5/local.db.in new file mode 100644 index 0000000..08f16b8 --- /dev/null +++ b/bin/tests/system/nsupdate/ns5/local.db.in @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +local.nil IN SOA ns5.local.nil. hostmaster.local.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +local.nil. NS ns5.local.nil. +ns5.local.nil. A 10.53.0.5 + +$ORIGIN local.nil. +a A 10.10.10.10 diff --git a/bin/tests/system/nsupdate/ns5/named.args b/bin/tests/system/nsupdate/ns5/named.args new file mode 100644 index 0000000..49cb45e --- /dev/null +++ b/bin/tests/system/nsupdate/ns5/named.args @@ -0,0 +1 @@ +-D nsupdate-ns5 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal diff --git a/bin/tests/system/nsupdate/ns5/named.conf.in b/bin/tests/system/nsupdate/ns5/named.conf.in new file mode 100644 index 0000000..2ffacb1 --- /dev/null +++ b/bin/tests/system/nsupdate/ns5/named.conf.in @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.5; }; + recursion no; + notify yes; + minimal-responses no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "local.nil" { + type master; + file "local.db"; + update-policy local; +}; diff --git a/bin/tests/system/nsupdate/ns6/in-addr.db.in b/bin/tests/system/nsupdate/ns6/in-addr.db.in new file mode 100644 index 0000000..c719192 --- /dev/null +++ b/bin/tests/system/nsupdate/ns6/in-addr.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns5.local.nil. hostmaster.local.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns5 +ns5 A 10.53.0.5 diff --git a/bin/tests/system/nsupdate/ns6/named.args b/bin/tests/system/nsupdate/ns6/named.args new file mode 100644 index 0000000..75ca529 --- /dev/null +++ b/bin/tests/system/nsupdate/ns6/named.args @@ -0,0 +1 @@ +-D nsupdate-ns6 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in new file mode 100644 index 0000000..da64d06 --- /dev/null +++ b/bin/tests/system/nsupdate/ns6/named.conf.in @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.6; + notify-source 10.53.0.6; + transfer-source 10.53.0.6; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.6; }; + recursion no; + notify yes; + minimal-responses no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "in-addr.arpa" { + type master; + file "in-addr.db"; + update-policy { grant * tcp-self . PTR; }; +}; diff --git a/bin/tests/system/nsupdate/ns7/dns.keytab b/bin/tests/system/nsupdate/ns7/dns.keytab Binary files differnew file mode 100644 index 0000000..08d5ef4 --- /dev/null +++ b/bin/tests/system/nsupdate/ns7/dns.keytab diff --git a/bin/tests/system/nsupdate/ns7/example.com.db.in b/bin/tests/system/nsupdate/ns7/example.com.db.in new file mode 100644 index 0000000..c327325 --- /dev/null +++ b/bin/tests/system/nsupdate/ns7/example.com.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns7.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns7 +ns7 A 10.53.0.7 diff --git a/bin/tests/system/nsupdate/ns7/in-addr.db.in b/bin/tests/system/nsupdate/ns7/in-addr.db.in new file mode 100644 index 0000000..c327325 --- /dev/null +++ b/bin/tests/system/nsupdate/ns7/in-addr.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns7.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns7 +ns7 A 10.53.0.7 diff --git a/bin/tests/system/nsupdate/ns7/machine.ccache b/bin/tests/system/nsupdate/ns7/machine.ccache Binary files differnew file mode 100644 index 0000000..7dcd959 --- /dev/null +++ b/bin/tests/system/nsupdate/ns7/machine.ccache diff --git a/bin/tests/system/nsupdate/ns7/named.conf.in b/bin/tests/system/nsupdate/ns7/named.conf.in new file mode 100644 index 0000000..f0ef6d3 --- /dev/null +++ b/bin/tests/system/nsupdate/ns7/named.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.7; + notify-source 10.53.0.7; + transfer-source 10.53.0.7; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.7; }; + recursion no; + notify yes; + minimal-responses no; + tkey-gssapi-keytab "dns.keytab"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "in-addr.arpa" { + type master; + file "in-addr.db"; + update-policy { grant EXAMPLE.COM krb5-subdomain . PTR; }; +}; + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant EXAMPLE.COM krb5-self . ANY; + grant EXAMPLE.COM krb5-subdomain _tcp.example.com SRV; + }; +}; diff --git a/bin/tests/system/nsupdate/ns8/dns.keytab b/bin/tests/system/nsupdate/ns8/dns.keytab Binary files differnew file mode 100644 index 0000000..3340049 --- /dev/null +++ b/bin/tests/system/nsupdate/ns8/dns.keytab diff --git a/bin/tests/system/nsupdate/ns8/example.com.db.in b/bin/tests/system/nsupdate/ns8/example.com.db.in new file mode 100644 index 0000000..eb24766 --- /dev/null +++ b/bin/tests/system/nsupdate/ns8/example.com.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns8.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns8 +ns8 A 10.53.0.8 diff --git a/bin/tests/system/nsupdate/ns8/in-addr.db.in b/bin/tests/system/nsupdate/ns8/in-addr.db.in new file mode 100644 index 0000000..eb24766 --- /dev/null +++ b/bin/tests/system/nsupdate/ns8/in-addr.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns8.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns8 +ns8 A 10.53.0.8 diff --git a/bin/tests/system/nsupdate/ns8/machine.ccache b/bin/tests/system/nsupdate/ns8/machine.ccache Binary files differnew file mode 100644 index 0000000..6e75aff --- /dev/null +++ b/bin/tests/system/nsupdate/ns8/machine.ccache diff --git a/bin/tests/system/nsupdate/ns8/named.conf.in b/bin/tests/system/nsupdate/ns8/named.conf.in new file mode 100644 index 0000000..56195cd --- /dev/null +++ b/bin/tests/system/nsupdate/ns8/named.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.8; + notify-source 10.53.0.8; + transfer-source 10.53.0.8; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.8; }; + recursion no; + notify yes; + minimal-responses no; + tkey-gssapi-keytab "dns.keytab"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "in-addr.arpa" { + type master; + file "in-addr.db"; + update-policy { grant EXAMPLE.COM krb5-subdomain . PTR; }; +}; + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant EXAMPLE.COM krb5-selfsub . ANY; + grant EXAMPLE.COM krb5-subdomain _tcp.example.com SRV; + }; +}; diff --git a/bin/tests/system/nsupdate/ns9/dns.keytab b/bin/tests/system/nsupdate/ns9/dns.keytab Binary files differnew file mode 100644 index 0000000..470317f --- /dev/null +++ b/bin/tests/system/nsupdate/ns9/dns.keytab diff --git a/bin/tests/system/nsupdate/ns9/example.com.db.in b/bin/tests/system/nsupdate/ns9/example.com.db.in new file mode 100644 index 0000000..a618fdc --- /dev/null +++ b/bin/tests/system/nsupdate/ns9/example.com.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns9.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns9 +ns9 A 10.53.0.9 diff --git a/bin/tests/system/nsupdate/ns9/in-addr.db.in b/bin/tests/system/nsupdate/ns9/in-addr.db.in new file mode 100644 index 0000000..a618fdc --- /dev/null +++ b/bin/tests/system/nsupdate/ns9/in-addr.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns9.example.com. hostmaster.example.com. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns9 +ns9 A 10.53.0.9 diff --git a/bin/tests/system/nsupdate/ns9/machine.ccache b/bin/tests/system/nsupdate/ns9/machine.ccache Binary files differnew file mode 100644 index 0000000..2b59cec --- /dev/null +++ b/bin/tests/system/nsupdate/ns9/machine.ccache diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in new file mode 100644 index 0000000..1b41cc6 --- /dev/null +++ b/bin/tests/system/nsupdate/ns9/named.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.9; + notify-source 10.53.0.9; + transfer-source 10.53.0.9; + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.9; }; + recursion no; + notify yes; + minimal-responses no; + tkey-gssapi-keytab "dns.keytab"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "in-addr.arpa" { + type master; + file "in-addr.db"; + update-policy { grant EXAMPLE.COM ms-subdomain . PTR; }; +}; + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant EXAMPLE.COM ms-self . ANY; + grant EXAMPLE.COM ms-subdomain _tcp.example.com SRV; + }; +}; diff --git a/bin/tests/system/nsupdate/prereq.sh b/bin/tests/system/nsupdate/prereq.sh new file mode 100644 index 0000000..9c1d276 --- /dev/null +++ b/bin/tests/system/nsupdate/prereq.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +if $PERL -e 'use Net::DNS;' 2>/dev/null +then + if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.70);' 2>/dev/null + then + : + else + echo_i "Net::DNS versions 0.69 to 0.70 have bugs that cause this test to fail: please update." >&2 + exit 1 + fi +fi + +exec $SHELL ../testcrypto.sh diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh new file mode 100644 index 0000000..d6647fa --- /dev/null +++ b/bin/tests/system/nsupdate/setup.sh @@ -0,0 +1,90 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +test -r $RANDFILE || $GENRANDOM 400 $RANDFILE + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf +copy_setports ns8/named.conf.in ns8/named.conf +copy_setports ns9/named.conf.in ns9/named.conf +copy_setports ns10/named.conf.in ns10/named.conf + +copy_setports verylarge.in verylarge + +# +# jnl and database files MUST be removed before we start +# + +rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk +rm -f ns2/update.bk ns2/update.alt.bk +rm -f ns3/example.db.jnl +rm -f ns3/too-big.test.db.jnl + +cp -f ns1/example1.db ns1/example.db +sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db +sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db +sed 's/example.nil/yyyymmddvv.nil/g' ns1/example1.db > ns1/yyyymmddvv.db +sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db +cp -f ns3/example.db.in ns3/example.db +cp -f ns3/too-big.test.db.in ns3/too-big.test.db + +# update_test.pl has its own zone file because it +# requires a specific NS record set. +cat <<\EOF >ns1/update.db +$ORIGIN . +$TTL 300 ; 5 minutes +update.nil IN SOA ns1.example.nil. hostmaster.example.nil. ( + 1 ; serial + 2000 ; refresh (2000 seconds) + 2000 ; retry (2000 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +update.nil. NS ns1.update.nil. +ns1.update.nil. A 10.53.0.2 +ns2.update.nil. AAAA ::1 +EOF + +$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key + +$DDNSCONFGEN -q -r $RANDFILE -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key +$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key +$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key +$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key +$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key +$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key + +(cd ns3; $SHELL -e sign.sh) + +cp -f ns1/many.test.db.in ns1/many.test.db +rm -f ns1/many.test.db.jnl + +cp ns1/sample.db.in ns1/sample.db +cp ns2/sample.db.in ns2/sample.db + +cp -f ns5/local.db.in ns5/local.db +cp -f ns6/in-addr.db.in ns6/in-addr.db +cp -f ns7/in-addr.db.in ns7/in-addr.db +cp -f ns7/example.com.db.in ns7/example.com.db +cp -f ns8/in-addr.db.in ns8/in-addr.db +cp -f ns8/example.com.db.in ns8/example.com.db +cp -f ns9/in-addr.db.in ns9/in-addr.db +cp -f ns9/example.com.db.in ns9/example.com.db +cp -f ns10/in-addr.db.in ns10/in-addr.db +cp -f ns10/example.com.db.in ns10/example.com.db diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh new file mode 100755 index 0000000..9f26572 --- /dev/null +++ b/bin/tests/system/nsupdate/tests.sh @@ -0,0 +1,1253 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + +# +# Uncomment when creating credential cache files. +# +# KRB5_CONFIG=`pwd`/krb/krb5.conf +# +# Cd krb and run krb/setup.sh to create new keys. +# Run nsupdate system test. +# Kill the krb5kdc server started by krb/setup.sh. +# Check the expiry date on the cached machine.ccache with klist is in 2038. +# Comment out KRB5_CONFIG. +# Re-run nsupdate system test to confirm everything still works. +# git add and commit the resulting ns*/machine.ccache and ns*/dns.keytab files. +# Clean up krb. +# + +status=0 +n=0 + +# wait for zone transfer to complete +tries=0 +while true; do + if [ $tries -eq 10 ] + then + exit 1 + fi + + if grep "example.nil/IN.*Transfer status" ns2/named.run > /dev/null + then + break + else + echo_i "zones are not fully loaded, waiting..." + tries=`expr $tries + 1` + sleep 1 + fi +done + +ret=0 +echo_i "fetching first copy of zone before update" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.1 axfr > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "fetching second copy of zone before update" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.2 axfr > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "comparing pre-update copies to known good data" +digcomp knowngood.ns1.before dig.out.ns1 || ret=1 +digcomp knowngood.ns1.before dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "updating zone" +# nsupdate will print a ">" prompt to stdout as it gets each input line. +$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add updated.example.nil. 600 A 10.10.10.1 +add updated.example.nil. 600 TXT Foo +delete t.example.nil. + +END +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +echo_i "sleeping 5 seconds for server to incorporate changes" +sleep 5 + +ret=0 +echo_i "fetching first copy of zone after update" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.1 axfr > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "fetching second copy of zone after update" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.2 axfr > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "comparing post-update copies to known good data" +digcomp knowngood.ns1.after dig.out.ns1 || ret=1 +digcomp knowngood.ns1.after dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "testing local update policy" +pre=`$DIG $DIGOPTS +short new.other.nil. @10.53.0.1 a` || ret=1 +[ -z "$pre" ] || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "updating zone" +# nsupdate will print a ">" prompt to stdout as it gets each input line. +$NSUPDATE -l -p ${PORT} -k ns1/session.key > /dev/null <<END || ret=1 +zone other.nil. +update add new.other.nil. 600 IN A 10.10.10.1 +send +END +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +echo_i "sleeping 5 seconds for server to incorporate changes" +sleep 5 + +ret=0 +echo_i "checking result of update" +post=`$DIG $DIGOPTS +short new.other.nil. @10.53.0.1 a` || ret=1 +[ "$post" = "10.10.10.1" ] || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "comparing post-update copy to known good data" +digcomp knowngood.ns1.after dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "testing zone consistency checks" +# inserting an NS record without a corresponding A or AAAA record should fail +$NSUPDATE -l -p ${PORT} -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1 +update add other.nil. 600 in ns ns3.other.nil. +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1 +# ...but should work if an A record is inserted first: +$NSUPDATE -l -p ${PORT} -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 +update add ns4.other.nil 600 in a 10.53.0.1 +send +update add other.nil. 600 in ns ns4.other.nil. +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +# ...or if an AAAA record does: +$NSUPDATE -l -p ${PORT} -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 +update add ns5.other.nil 600 in aaaa 2001:db8::1 +send +update add other.nil. 600 in ns ns5.other.nil. +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +# ...or if the NS and A/AAAA are inserted together: +$NSUPDATE -l -p ${PORT} -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 +update add other.nil. 600 in ns ns6.other.nil. +update add ns6.other.nil 600 in a 10.53.0.1 +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +echo_i "sleeping 5 seconds for server to incorporate changes" +sleep 5 + +ret=0 +echo_i "checking result of update" +$DIG $DIGOPTS +short @10.53.0.1 ns other.nil > dig.out.ns1 || ret=1 +grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1 +grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "ensure 'check-mx ignore' allows adding MX records containing an address without a warning" +$NSUPDATE -k ns1/ddns.key > nsupdate.out 2>&1 << END || ret=1 +server 10.53.0.1 ${PORT} +update add mx03.example.nil 600 IN MX 10 10.53.0.1 +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +grep "mx03.example.nil/MX:.*MX is an address" ns1/named.run > /dev/null 2>&1 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "ensure 'check-mx warn' allows adding MX records containing an address with a warning" +$NSUPDATE -l -p ${PORT} -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 +update add mx03.other.nil 600 IN MX 10 10.53.0.1 +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +grep "mx03.other.nil/MX:.*MX is an address" ns1/named.run > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "ensure 'check-mx fail' prevents adding MX records containing an address with a warning" +$NSUPDATE > nsupdate.out 2>&1 << END && ret=1 +server 10.53.0.1 ${PORT} +update add mx03.update.nil 600 IN MX 10 10.53.0.1 +send +END +grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1 +grep "mx03.update.nil/MX:.*MX is an address" ns1/named.run > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "check SIG(0) key is accepted" +key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx` +echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check TYPE=0 update is rejected by nsupdate ($n)" +$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 + server 10.53.0.1 ${PORT} + ttl 300 + update add example.nil. in type0 "" + send +END +grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check TYPE=0 prerequisite is handled ($n)" +$NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1 + server 10.53.0.1 ${PORT} + prereq nxrrset example.nil. type0 + send +END +$DIG $DIGOPTS +tcp version.bind txt ch @10.53.0.1 > dig.out.ns1.$n +grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check that TYPE=0 update is handled ($n)" +echo "a0e4280000010000000100000000060001c00c000000fe000000000000" | +$PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t tcp > /dev/null +$DIG $DIGOPTS +tcp version.bind txt ch @10.53.0.1 > dig.out.ns1.$n +grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check that TYPE=0 additional data is handled ($n)" +echo "a0e4280000010000000000010000060001c00c000000fe000000000000" | +$PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t tcp > /dev/null +$DIG $DIGOPTS +tcp version.bind txt ch @10.53.0.1 > dig.out.ns1.$n +grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check that update to undefined class is handled ($n)" +echo "a0e4280000010001000000000000060101c00c000000fe000000000000" | +$PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t tcp > /dev/null +$DIG $DIGOPTS +tcp version.bind txt ch @10.53.0.1 > dig.out.ns1.$n +grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check that address family mismatch is handled ($n)" +$NSUPDATE <<END > /dev/null 2>&1 && ret=1 +server ::1 +local 127.0.0.1 +update add 600 txt.example.nil in txt "test" +send +END +[ $ret = 0 ] || { echo_i "failed"; status=1; } + + +n=`expr $n + 1` +ret=0 +echo_i "check that unixtime serial number is correctly generated ($n)" +$DIG $DIGOPTS +short unixtime.nil. soa @10.53.0.1 > dig.out.old.test$n || ret=1 +oldserial=`awk '{print $3}' dig.out.old.test$n` || ret=1 +start=`$PERL -e 'print time()."\n";'` +$NSUPDATE <<END > /dev/null 2>&1 || ret=1 + server 10.53.0.1 ${PORT} + ttl 600 + update add new.unixtime.nil in a 1.2.3.4 + send +END +now=`$PERL -e 'print time()."\n";'` +sleep 1 +$DIG $DIGOPTS +short unixtime.nil. soa @10.53.0.1 > dig.out.new.test$n || ret=1 +serial=`awk '{print $3}' dig.out.new.test$n` || ret=1 +[ "$oldserial" = "$serial" ] && { echo_i "oldserial == serial"; ret=1; } +if [ "$serial" -lt "$start" ]; then + echo_i "out-of-range serial=$serial < start=$start"; ret=1; +elif [ "$serial" -gt "$now" ]; then + echo_i "out-of-range serial=$serial > now=$now"; ret=1; +fi +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +if $PERL -e 'use Net::DNS;' 2>/dev/null +then + echo_i "running update.pl test" + { + $PERL update_test.pl -s 10.53.0.1 -p ${PORT} update.nil. || ret=1 + } | cat_i + [ $ret -eq 1 ] && { echo_i "failed"; status=1; } +else + echo_i "The second part of this test requires the Net::DNS library." >&2 +fi + +ret=0 +echo_i "fetching first copy of test zone" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.1 axfr > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "fetching second copy of test zone" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.2 axfr > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "comparing zones" +digcomp dig.out.ns1 dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +echo_i "SIGKILL and restart server ns1" +cd ns1 +$KILL -KILL `cat named.pid` +rm named.pid +cd .. +sleep 10 +if + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns1 +then + echo_i "restarted server ns1" +else + echo_i "could not restart server ns1" + exit 1 +fi +sleep 10 + +ret=0 +echo_i "fetching ns1 after hard restart" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ + @10.53.0.1 axfr > dig.out.ns1.after || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "comparing zones" +digcomp dig.out.ns1 dig.out.ns1.after || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +echo_i "begin RT #482 regression test" + +ret=0 +echo_i "update master" +$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add updated2.example.nil. 600 A 10.10.10.2 +update add updated2.example.nil. 600 TXT Bar +update delete c.example.nil. +send +END +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +sleep 5 + +if [ ! "$CYGWIN" ]; then + echo_i "SIGHUP slave" + $KILL -HUP `cat ns2/named.pid` +else + echo_i "reload slave" + $RNDCCMD 10.53.0.2 reload > /dev/null 2>&1 +fi + +sleep 5 + +ret=0 +echo_i "update master again" +$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add updated3.example.nil. 600 A 10.10.10.3 +update add updated3.example.nil. 600 TXT Zap +del d.example.nil. +send +END +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +sleep 5 + +if [ ! "$CYGWIN" ]; then + echo_i "SIGHUP slave again" + $KILL -HUP `cat ns2/named.pid` +else + echo_i "reload slave again" + $RNDCCMD 10.53.0.2 reload > /dev/null 2>&1 +fi + +sleep 5 + +echo_i "check to 'out of sync' message" +if grep "out of sync" ns2/named.run +then + echo_i "failed (found 'out of sync')" + status=1 +fi + +echo_i "end RT #482 regression test" + +n=`expr $n + 1` +ret=0 +echo_i "start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)" +$NSUPDATE << EOF +server 10.53.0.3 ${PORT} +update add example 3600 nsec3param 1 0 0 - +send +EOF + +sleep 1 + +# the zone is not signed. The nsec3param records should be removed. +# this also proves that the server is still running. +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\ + @10.53.0.3 nsec3param > dig.out.ns3.$n || ret=1 +grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1 +grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "change the NSEC3PARAM ttl via update ($n)" +$NSUPDATE << EOF +server 10.53.0.3 ${PORT} +update add nsec3param.test 3600 NSEC3PARAM 1 0 1 - +send +EOF + +sleep 1 + +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ + @10.53.0.3 nsec3param > dig.out.ns3.$n || ret=1 +grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 +grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1 +grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "add a new the NSEC3PARAM via update ($n)" +$NSUPDATE << EOF +server 10.53.0.3 ${PORT} +update add nsec3param.test 3600 NSEC3PARAM 1 0 4 - +send +EOF + +sleep 1 + +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ + @10.53.0.3 nsec3param > dig.out.ns3.$n || ret=1 +grep "ANSWER: 2" dig.out.ns3.$n > /dev/null || ret=1 +grep "NSEC3PARAM 1 0 4 -" dig.out.ns3.$n > /dev/null || ret=1 +grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $ret + $status`; fi + +n=`expr $n + 1` +ret=0 +echo_i "add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)" +$NSUPDATE << EOF +server 10.53.0.3 ${PORT} +update delete nsec3param.test NSEC3PARAM +update add nsec3param.test 7200 NSEC3PARAM 1 0 5 - +send +EOF + +sleep 1 + +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ + @10.53.0.3 nsec3param > dig.out.ns3.$n || ret=1 +grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 +grep "7200.*NSEC3PARAM 1 0 5 -" dig.out.ns3.$n > /dev/null || ret=1 +grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 +$JOURNALPRINT ns3/nsec3param.test.db.signed.jnl > jp.out.ns3.$n +# intermediate TTL changes. +grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 4 -" jp.out.ns3.$n > /dev/null || ret=1 +grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 1 -" jp.out.ns3.$n > /dev/null || ret=1 +# delayed adds and deletes. +grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000180000500" jp.out.ns3.$n > /dev/null || ret=1 +grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000100" jp.out.ns3.$n > /dev/null || ret=1 +grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000400" jp.out.ns3.$n > /dev/null || ret=1 +if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $ret + $status`; fi + + + +ret=0 +echo_i "testing that rndc stop updates the master file" +$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add updated4.example.nil. 600 A 10.10.10.3 +send +END +$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns1 +# Removing the journal file and restarting the server means +# that the data served by the new server process are exactly +# those dumped to the master file by "rndc stop". +rm -f ns1/*jnl +$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns1 +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\ + @10.53.0.1 a > dig.out.ns1 || status=1 +digcomp knowngood.ns1.afterstop dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +ret=0 +echo_i "check that 'nsupdate -l' with a missing keyfile reports the missing file" +$NSUPDATE -l -p ${PORT} -k ns1/nonexistant.key 2> nsupdate.out < /dev/null +grep ns1/nonexistant.key nsupdate.out > /dev/null || ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that 'update-policy local' works from localhost address ($n)" +$NSUPDATE -k ns5/session.key > nsupdate.out.$n 2>&1 << END || ret=1 +server 10.53.0.5 ${PORT} +local 127.0.0.1 +update add fromlocal.local.nil. 600 A 1.2.3.4 +send +END +grep REFUSED nsupdate.out.$n > /dev/null 2>&1 && ret=1 +$DIG $DIGOPTS @10.53.0.5 \ + +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + fromlocal.local.nil. > dig.out.ns5.$n || ret=1 +grep fromlocal dig.out.ns5.$n > /dev/null 2>&1 || ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that 'update-policy local' fails from non-localhost address ($n)" +grep 'match on session key not from localhost' ns5/named.run > /dev/null && ret=1 +$NSUPDATE -k ns5/session.key > nsupdate.out.$n 2>&1 << END && ret=1 +server 10.53.0.5 ${PORT} +local 10.53.0.1 +update add nonlocal.local.nil. 600 A 4.3.2.1 +send +END +grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1 +grep 'match on session key not from localhost' ns5/named.run > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.5 \ + +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + nonlocal.local.nil. > dig.out.ns5.$n || ret=1 +grep nonlocal dig.out.ns5.$n > /dev/null 2>&1 && ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that 'update-policy tcp-self' refuses update of records via UDP ($n)" +$NSUPDATE > nsupdate.out.$n 2>&1 << END +server 10.53.0.6 ${PORT} +local 127.0.0.1 +update add 1.0.0.127.in-addr.arpa. 600 PTR localhost. +send +END +grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1 +$DIG $DIGOPTS @10.53.0.6 \ + +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + -x 127.0.0.1 > dig.out.ns6.$n +grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that 'update-policy tcp-self' permits update of records for the client's own address via TCP ($n)" +$NSUPDATE -v > nsupdate.out.$n 2>&1 << END || ret=1 +server 10.53.0.6 ${PORT} +local 127.0.0.1 +update add 1.0.0.127.in-addr.arpa. 600 PTR localhost. +send +END +grep REFUSED nsupdate.out.$n > /dev/null 2>&1 && ret=1 +$DIG $DIGOPTS @10.53.0.6 \ + +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + -x 127.0.0.1 > dig.out.ns6.$n || ret=1 +grep localhost. dig.out.ns6.$n > /dev/null 2>&1 || ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that 'update-policy tcp-self' refuses update of records for a different address from the client's own address via TCP ($n)" +$NSUPDATE -v > nsupdate.out.$n 2>&1 << END +server 10.53.0.6 ${PORT} +local 127.0.0.1 +update add 1.0.168.192.in-addr.arpa. 600 PTR localhost. +send +END +grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1 +$DIG $DIGOPTS @10.53.0.6 \ + +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + -x 192.168.0.1 > dig.out.ns6.$n +grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that changes to the DNSKEY RRset TTL do not have side effects ($n)" +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ + @10.53.0.3 dnskey | \ + sed -n 's/\(.*\)10.IN/update add \1600 IN/p' | + (echo server 10.53.0.3 ${PORT}; cat - ; echo send ) | +$NSUPDATE + +$DIG $DIGOPTS +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ + @10.53.0.3 any > dig.out.ns3.$n + +grep "600.*DNSKEY" dig.out.ns3.$n > /dev/null || ret=1 +grep TYPE65534 dig.out.ns3.$n > /dev/null && ret=1 +if test $ret -ne 0 +then +echo_i "failed"; status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check notify with TSIG worked ($n)" +# if the alternate view received a notify--meaning, the notify was +# validly signed by "altkey"--then the zonefile update.alt.bk will +# will have been created. +[ -f ns2/update.alt.bk ] || ret=1 +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check type list options ($n)" +$NSUPDATE -T > typelist.out.T.${n} || { ret=1; echo_i "nsupdate -T failed"; } +$NSUPDATE -P > typelist.out.P.${n} || { ret=1; echo_i "nsupdate -P failed"; } +$NSUPDATE -TP > typelist.out.TP.${n} || { ret=1; echo_i "nsupdate -TP failed"; } +grep ANY typelist.out.T.${n} > /dev/null && { ret=1; echo_i "failed: ANY found (-T)"; } +grep ANY typelist.out.P.${n} > /dev/null && { ret=1; echo_i "failed: ANY found (-P)"; } +grep ANY typelist.out.TP.${n} > /dev/null && { ret=1; echo_i "failed: ANY found (-TP)"; } +grep KEYDATA typelist.out.T.${n} > /dev/null && { ret=1; echo_i "failed: KEYDATA found (-T)"; } +grep KEYDATA typelist.out.P.${n} > /dev/null && { ret=1; echo_i "failed: KEYDATA found (-P)"; } +grep KEYDATA typelist.out.TP.${n} > /dev/null && { ret=1; echo_i "failed: KEYDATA found (-TP)"; } +grep AAAA typelist.out.T.${n} > /dev/null || { ret=1; echo_i "failed: AAAA not found (-T)"; } +grep AAAA typelist.out.P.${n} > /dev/null && { ret=1; echo_i "failed: AAAA found (-P)"; } +grep AAAA typelist.out.TP.${n} > /dev/null || { ret=1; echo_i "failed: AAAA not found (-TP)"; } +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check command list ($n)" +( +while read cmd +do + echo "$cmd" | $NSUPDATE > /dev/null 2>&1 + if test $? -gt 1 ; then + echo_i "failed ($cmd)" + ret=1 + fi + echo "$cmd " | $NSUPDATE > /dev/null 2>&1 + if test $? -gt 1 ; then + echo_i "failed ($cmd)" + ret=1 + fi +done +exit $ret +) < commandlist || ret=1 +if [ $ret -ne 0 ]; then + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check TSIG key algorithms ($n)" +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add ${alg}.keytests.nil. 600 A 10.10.10.3 +send +END +done +sleep 2 +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1 +done +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that ttl is capped by max-ttl ($n)" +$NSUPDATE <<END > /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add cap.max-ttl.nil. 600 A 10.10.10.3 +update add nocap.max-ttl.nil. 150 A 10.10.10.3 +send +END +sleep 2 +$DIG $DIGOPTS @10.53.0.1 cap.max-ttl.nil | grep "^cap.max-ttl.nil. 300" > /dev/null 2>&1 || ret=1 +$DIG $DIGOPTS @10.53.0.1 nocap.max-ttl.nil | grep "^nocap.max-ttl.nil. 150" > /dev/null 2>&1 || ret=1 +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "add a record which is truncated when logged. ($n)" +$NSUPDATE verylarge || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 txt txt.update.nil > dig.out.ns1.test$n +grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 +grep "adding an RR at 'txt.update.nil' TXT .* \[TRUNCATED\]" ns1/named.run > /dev/null || ret=1 +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + +n=`expr $n + 1` +ret=0 +echo_i "check that yyyymmddvv serial number is correctly generated ($n)" +oldserial=`$DIG $DIGOPTS +short yyyymmddvv.nil. soa @10.53.0.1 | awk '{print $3}'` || ret=1 +$NSUPDATE <<END > /dev/null 2>&1 || ret=1 + server 10.53.0.1 ${PORT} + ttl 600 + update add new.yyyymmddvv.nil in a 1.2.3.4 + send +END +now=`$PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];'` +sleep 1 +serial=`$DIG $DIGOPTS +short yyyymmddvv.nil. soa @10.53.0.1 | awk '{print $3}'` || ret=1 +[ "$oldserial" -ne "$serial" ] || ret=1 +[ "$serial" -eq "$now" ] || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +# +# Refactor to use perl to launch the parallel updates. +# +if false +then +n=`expr $n + 1` +echo_i "send many simultaneous updates via a update forwarder ($n)" +ret=0 +for i in 0 1 2 3 4 5 6 7 +do +( + for j in 0 1 2 3 4 5 6 7 + do + ( + $NSUPDATE << EOF +server 10.53.0.3 ${PORT} +zone many.test +update add $i-$j.many.test 0 IN A 1.2.3.4 +send +EOF + ) & + done + wait +) & +done +wait +dig axfr many.test @10.53.0.1 > dig.out.test$n +lines=`awk '$4 == "A" { l++ } END { print l }' dig.out.test$n` +test ${lines:-0} -eq 64 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } +fi + +n=`expr $n + 1` +echo_i "check check-names processing ($n)" +ret=0 +$NSUPDATE << EOF > nsupdate.out1-$n 2>&1 +update add # 0 in a 1.2.3.4 +EOF +grep "bad owner" nsupdate.out1-$n > /dev/null || ret=1 + +$NSUPDATE << EOF > nsupdate.out2-$n 2>&1 +check-names off +update add # 0 in a 1.2.3.4 +EOF +grep "bad owner" nsupdate.out2-$n > /dev/null && ret=1 + +$NSUPDATE << EOF > nsupdate.out3-$n 2>&1 +update add . 0 in mx 0 # +EOF +grep "bad name" nsupdate.out3-$n > /dev/null || ret=1 + +$NSUPDATE << EOF > nsupdate.out4-$n 2>&1 +check-names off +update add . 0 in mx 0 # +EOF +grep "bad name" nsupdate.out4-$n > /dev/null && ret=1 + +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +echo_i "check adding of delegating NS records processing ($n)" +ret=0 +$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1 +server 10.53.0.3 ${PORT} +zone delegation.test. +update add child.delegation.test. 3600 NS foo.example.net. +update add child.delegation.test. 3600 NS bar.example.net. +send +EOF +$DIG $DIGOPTS +tcp @10.53.0.3 ns child.delegation.test > dig.out.ns1.test$n +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +echo_i "check deleting of delegating NS records processing ($n)" +ret=0 +$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1 +server 10.53.0.3 ${PORT} +zone delegation.test. +update del child.delegation.test. 3600 NS foo.example.net. +update del child.delegation.test. 3600 NS bar.example.net. +send +EOF +$DIG $DIGOPTS +tcp @10.53.0.3 ns child.delegation.test > dig.out.ns1.test$n +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +echo_i "check that adding too many records is blocked ($n)" +ret=0 +$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1 +server 10.53.0.3 ${PORT} +zone too-big.test. +update add r1.too-big.test 3600 IN TXT r1.too-big.test +send +EOF +grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n +grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check whether valid addresses are used for master failover ($n)" +$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1 +server 10.53.0.4 ${PORT} +zone unreachable. +update add unreachable. 600 A 192.0.2.1 +send +END +grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure bad owner name is fatal in non-interactive mode ($n)" +$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 + update add emptylabel..nil. 600 A 10.10.10.1 +END +grep "invalid owner name: empty label" nsupdate.out > /dev/null || ret=1 +grep "syntax error" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure bad owner name is not fatal in interactive mode ($n)" +$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1 + update add emptylabel..nil. 600 A 10.10.10.1 +END +grep "invalid owner name: empty label" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure invalid key type is fatal in non-interactive mode ($n)" +$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 + key badkeytype:example abcd12345678 +END +grep "unknown key type 'badkeytype'" nsupdate.out > /dev/null || ret=1 +grep "syntax error" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure invalid key type is not fatal in interactive mode ($n)" +$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1 + key badkeytype:example abcd12345678 +END +grep "unknown key type 'badkeytype'" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure unresolvable server name is fatal in non-interactive mode ($n)" +$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 + server unresolvable.. +END +grep "couldn't get address for 'unresolvable..': not found" nsupdate.out > /dev/null || ret=1 +grep "syntax error" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "ensure unresolvable server name is not fatal in interactive mode ($n)" +$NSUPDATE -i <<END > nsupdate.out 2>&1 || ret=1 + server unresolvable.. +END +grep "couldn't get address for 'unresolvable..': not found" nsupdate.out > /dev/null || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +n=`expr $n + 1` +ret=0 +echo_i "check that TKEY in a update is rejected ($n)" +$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1 +server 10.53.0.3 ${PORT} +update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw== +send +END +grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo_i "failed"; status=1; } + +if $FEATURETEST --gssapi ; then + n=`expr $n + 1` + ret=0 + echo_i "check krb5-self match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns7/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.7 ${PORT} + zone example.com + update add machine.example.com 3600 IN A 10.53.0.7 + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.7 machine.example.com A > dig.out.ns7.test$n + grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 + grep "machine.example.com..*A.*10.53.0.7" dig.out.ns7.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check krb5-self no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns7/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.7 ${PORT} + zone example.com + update add foo.example.com 3600 IN A 10.53.0.7 + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n + grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check krb5-subdomain match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns7/machine.ccache + export KRB5CCNAME + $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.7 ${PORT} + zone example.com + update add _xxx._tcp.example.com 3600 IN SRV 0 0 0 machine.example.com + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.7 _xxx._tcp.example.com SRV > dig.out.ns7.test$n + grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1 + grep "_xxx._tcp.example.com.*SRV.*0 0 0 machine.example.com" dig.out.ns7.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check krb5-subdomain no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns7/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.7 ${PORT} + zone example.com + update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n + grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check krb5-selfsub match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns8/machine.ccache + export KRB5CCNAME + $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.8 ${PORT} + zone example.com + update add xxx.machine.example.com 3600 IN A 10.53.0.8 + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.8 xxx.machine.example.com A > dig.out.ns8.test$n + grep "status: NOERROR" dig.out.ns8.test$n > /dev/null || ret=1 + grep "xxx.machine.example.com..*A.*10.53.0.8" dig.out.ns8.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check krb5-selfsub no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns8/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.8 ${PORT} + zone example.com + update add foo.example.com 3600 IN A 10.53.0.8 + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n + grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + + echo_i "check ms-self match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns9/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.9 ${PORT} + zone example.com + update add machine.example.com 3600 IN A 10.53.0.9 + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.9 machine.example.com A > dig.out.ns9.test$n + grep "status: NOERROR" dig.out.ns9.test$n > /dev/null || ret=1 + grep "machine.example.com..*A.*10.53.0.9" dig.out.ns9.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check ms-self no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns9/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.9 ${PORT} + zone example.com + update add foo.example.com 3600 IN A 10.53.0.9 + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n + grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check ms-subdomain match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns9/machine.ccache + export KRB5CCNAME + $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.9 ${PORT} + zone example.com + update add _xxx._tcp.example.com 3600 IN SRV 0 0 0 machine.example.com + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.9 _xxx._tcp.example.com SRV > dig.out.ns9.test$n + grep "status: NOERROR" dig.out.ns9.test$n > /dev/null || ret=1 + grep "_xxx._tcp.example.com.*SRV.*0 0 0 machine.example.com" dig.out.ns9.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check ms-subdomain no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns9/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.9 ${PORT} + zone example.com + update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n + grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check ms-selfsub match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns10/machine.ccache + export KRB5CCNAME + $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.10 ${PORT} + zone example.com + update add xxx.machine.example.com 3600 IN A 10.53.0.10 + send +EOF + $DIG $DIGOPTS +tcp @10.53.0.10 xxx.machine.example.com A > dig.out.ns10.test$n + grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1 + grep "xxx.machine.example.com..*A.*10.53.0.10" dig.out.ns10.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check ms-selfsub no-match ($n)" + KRB5CCNAME="FILE:"`pwd`/ns10/machine.ccache + export KRB5CCNAME + $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 + gsstsig + realm EXAMPLE.COM + server 10.53.0.10 ${PORT} + zone example.com + update add foo.example.com 3600 IN A 10.53.0.10 + send +EOF + grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1 + $DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n + grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + +fi +# +# Add client library tests here +# + +if test unset != "${SAMPLEUPDATE:-unset}" -a -x "${SAMPLEUPDATE}" +then + + n=`expr $n + 1` + ret=0 + echo_i "check that dns_client_update handles prerequisite NXDOMAIN failure ($n)" + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.1 -a 10.53.0.2 -p "nxdomain exists.sample" \ + add "nxdomain-exists.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1 + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.2 -p "nxdomain exists.sample" \ + add "check-nxdomain-exists.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1 + $DIG $DIGOPTS +tcp @10.53.0.1 a nxdomain-exists.sample > dig.out.ns1.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a nxdomain-exists.sample > dig.out.ns2.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a check-nxdomain-exists.sample > check.out.ns2.test$n + grep "update failed: YXDOMAIN" update.out.test$n > /dev/null || ret=1 + grep "update succeeded" update.out.check$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 + grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check that dns_client_update handles prerequisite YXDOMAIN failure ($n)" + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.1 -a 10.53.0.2 -p "yxdomain nxdomain.sample" \ + add "yxdomain-nxdomain.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1 + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.2 -p "yxdomain nxdomain.sample" \ + add "check-yxdomain-nxdomain.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1 + $DIG $DIGOPTS +tcp @10.53.0.1 a nxdomain-exists.sample > dig.out.ns1.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a nxdomain-exists.sample > dig.out.ns2.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a check-nxdomain-exists.sample > check.out.ns2.test$n + grep "update failed: NXDOMAIN" update.out.test$n > /dev/null || ret=1 + grep "update succeeded" update.out.check$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 + grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check that dns_client_update handles prerequisite NXRRSET failure ($n)" + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.1 -a 10.53.0.2 -p "nxrrset exists.sample TXT This RRset exists." \ + add "nxrrset-exists.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1 + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.2 -p "nxrrset exists.sample TXT This RRset exists." \ + add "check-nxrrset-exists.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1 + $DIG $DIGOPTS +tcp @10.53.0.1 a nxrrset-exists.sample > dig.out.ns1.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a nxrrset-exists.sample > dig.out.ns2.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a check-nxrrset-exists.sample > check.out.ns2.test$n + grep "update failed: YXRRSET" update.out.test$n > /dev/null || ret=1 + grep "update succeeded" update.out.check$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 + grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + + n=`expr $n + 1` + ret=0 + echo_i "check that dns_client_update handles prerequisite YXRRSET failure ($n)" + $SAMPLEUPDATE -s -P ${PORT} -a 10.53.0.1 -a 10.53.0.2 \ + -p "yxrrset no-txt.sample TXT" \ + add "yxrrset-nxrrset.sample 0 in a 1.2.3.4" > update.out.test$n 2>&1 + $SAMPLEUPDATE -P ${PORT} -a 10.53.0.2 -p "yxrrset no-txt.sample TXT" \ + add "check-yxrrset-nxrrset.sample 0 in a 1.2.3.4" > update.out.check$n 2>&1 + $DIG $DIGOPTS +tcp @10.53.0.1 a yxrrset-nxrrset.sample > dig.out.ns1.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a yxrrset-nxrrset.sample > dig.out.ns2.test$n + $DIG $DIGOPTS +tcp @10.53.0.2 a check-yxrrset-nxrrset.sample > check.out.ns2.test$n + grep "update failed: NXRRSET" update.out.test$n > /dev/null || ret=1 + grep "update succeeded" update.out.check$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 + grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 + grep "status: NOERROR" check.out.ns2.test$n > /dev/null || ret=1 + grep "2nd update failed: NXRRSET" update.out.test$n > /dev/null || ret=1 + [ $ret = 0 ] || { echo_i "failed"; status=1; } + +fi + +# +# End client library tests here +# + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/nsupdate/update_test.pl b/bin/tests/system/nsupdate/update_test.pl new file mode 100644 index 0000000..b9f083f --- /dev/null +++ b/bin/tests/system/nsupdate/update_test.pl @@ -0,0 +1,418 @@ +#!/usr/bin/perl +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# +# Dynamic update test suite. +# +# Usage: +# +# perl update_test.pl [-s server] [-p port] zone +# +# The server defaults to 127.0.0.1. +# The port defaults to 53. +# +# The "Special NS rules" tests will only work correctly if the +# zone has no NS records to begin with, or alternatively has a +# single NS record pointing at the name "ns1" (relative to +# the zone name). +# +# Installation notes: +# +# This program uses the Net::DNS::Resolver module. +# You can install it by saying +# +# perl -MCPAN -e "install Net::DNS" +# + +use Getopt::Std; +use Net::DNS; +use Net::DNS::Update; +use Net::DNS::Resolver; + +$opt_s = "127.0.0.1"; +$opt_p = 53; + +getopt('s:p:'); + +$res = new Net::DNS::Resolver; +$res->nameservers($opt_s); +$res->port($opt_p); +$res->defnames(0); # Do not append default domain. + +@ARGV == 1 or die + "usage: perl update_test.pl [-s server] [-p port] zone\n"; + +$zone = shift @ARGV; + +my $failures = 0; + +sub assert { + my ($cond, $explanation) = @_; + if (!$cond) { + print "Test Failed: $explanation ***\n"; + $failures++ + } +} + +sub test { + my ($expected, @records) = @_; + + my $update = new Net::DNS::Update("$zone"); + + foreach $rec (@records) { + $update->push(@$rec); + } + + $reply = $res->send($update); + + # Did it work? + if (defined $reply) { + my $rcode = $reply->header->rcode; + assert($rcode eq $expected, "expected $expected, got $rcode"); + } else { + print "Update failed: ", $res->errorstring, "\n"; + } +} + +sub section { + my ($msg) = @_; + print "$msg\n"; +} + +section("Delete any leftovers from previous tests"); +test("NOERROR", ["update", rr_del("a.$zone")]); +test("NOERROR", ["update", rr_del("b.$zone")]); +test("NOERROR", ["update", rr_del("c.$zone")]); +test("NOERROR", ["update", rr_del("d.$zone")]); +test("NOERROR", ["update", rr_del("e.$zone")]); +test("NOERROR", ["update", rr_del("f.$zone")]); +test("NOERROR", ["update", rr_del("ns.s.$zone")]); +test("NOERROR", ["update", rr_del("s.$zone")]); +test("NOERROR", ["update", rr_del("t.$zone")]); +test("NOERROR", ["update", rr_del("*.$zone")]); +test("NOERROR", ["update", rr_del("u.$zone")]); +test("NOERROR", ["update", rr_del("a.u.$zone")]); +test("NOERROR", ["update", rr_del("b.u.$zone")]); + +section("Simple prerequisites in the absence of data"); +# Name is in Use +test("NXDOMAIN", ["pre", yxdomain("a.$zone")]); +# RRset exists (value independent) +test("NXRRSET", ["pre", yxrrset("a.$zone A")]); +# Name is not in use +test("NOERROR", ["pre", nxdomain("a.$zone")]); +# RRset does not exist +test("NOERROR", ["pre", nxrrset("a.$zone A")]); +# RRset exists (value dependent) +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]); + + +section ("Simple creation of data"); +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]); + +section ("Simple prerequisites in the presence of data"); +# Name is in use +test("NOERROR", ["pre", yxdomain("a.$zone")]); +# RRset exists (value independent) +test("NOERROR", ["pre", yxrrset("a.$zone A")]); +# Name is not in use +test("YXDOMAIN", ["pre", nxdomain("a.$zone")]); +# RRset does not exist +test("YXRRSET", ["pre", nxrrset("a.$zone A")]); +# RRset exists (value dependent) +test("NOERROR", ["pre", yxrrset("a.$zone A 73.80.65.49")]); + +# +# Merging of RRsets +# +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); + +section("Detailed tests of \"RRset exists (value dependent)\" prerequisites"); +test("NOERROR", ["pre", + yxrrset("a.$zone A 73.80.65.49"), + yxrrset("a.$zone A 73.80.65.50")]); +test("NOERROR", ["pre", + yxrrset("a.$zone A 73.80.65.50"), + yxrrset("a.$zone A 73.80.65.49")]); +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]); +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.50")]); +test("NXRRSET", ["pre", + yxrrset("a.$zone A 73.80.65.49"), + yxrrset("a.$zone A 73.80.65.50"), + yxrrset("a.$zone A 73.80.65.51")]); + + +section("Torture test of \"RRset exists (value dependent)\" prerequisites."); + +test("NOERROR", ["update", + rr_add("e.$zone 300 A 73.80.65.49"), + rr_add("e.$zone 300 TXT 'one'"), + rr_add("e.$zone 300 A 73.80.65.50")]); +test("NOERROR", ["update", + rr_add("e.$zone 300 A 73.80.65.52"), + rr_add("f.$zone 300 A 73.80.65.52"), + rr_add("e.$zone 300 A 73.80.65.51")]); +test("NOERROR", ["update", + rr_add("e.$zone 300 TXT 'three'"), + rr_add("e.$zone 300 TXT 'two'")]); +test("NOERROR", ["update", + rr_add("e.$zone 300 MX 10 mail.$zone")]); + +test("NOERROR", ["pre", + yxrrset("e.$zone A 73.80.65.52"), + yxrrset("e.$zone TXT 'two'"), + yxrrset("e.$zone A 73.80.65.51"), + yxrrset("e.$zone TXT 'three'"), + yxrrset("e.$zone A 73.80.65.50"), + yxrrset("f.$zone A 73.80.65.52"), + yxrrset("e.$zone A 73.80.65.49"), + yxrrset("e.$zone TXT 'one'")]); + + +section("Subtraction of RRsets"); +test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.49")]); +test("NOERROR", ["pre", + yxrrset("a.$zone A 73.80.65.50")]); + +test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.50")]); +test("NOERROR", ["pre", nxrrset("a.$zone A")]); +test("NOERROR", ["pre", nxdomain("a.$zone")]); + +section("Other forms of deletion"); +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); +test("NOERROR", ["update", rr_add("a.$zone 300 MX 10 mail.$zone")]); +test("NOERROR", ["update", rr_del("a.$zone A")]); +test("NOERROR", ["pre", nxrrset("a.$zone A")]); +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); +test("NOERROR", ["update", rr_del("a.$zone")]); +test("NOERROR", ["pre", nxdomain("a.$zone")]); + +section("Case insensitivity"); +test("NOERROR", ["update", rr_add("a.$zone 300 PTR foo.net.")]); +test("NOERROR", ["pre", yxrrset("A.$zone PTR fOo.NeT.")]); + +section("Special CNAME rules"); +test("NOERROR", ["update", rr_add("b.$zone 300 CNAME foo.net.")]); +test("NOERROR", ["update", rr_add("b.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("b.$zone CNAME foo.net.")]); +test("NOERROR", ["pre", nxrrset("b.$zone A")]); + +test("NOERROR", ["update", rr_add("c.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_add("c.$zone 300 CNAME foo.net.")]); +test("NOERROR", ["pre", yxrrset("c.$zone A")]); +test("NOERROR", ["pre", nxrrset("c.$zone CNAME")]); + +# XXX should test with SIG, KEY, NXT, too. + +# +# Currently commented out because Net::DNS does not properly +# support WKS records. +# +#section("Special WKS rules"); +#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP telnet ftp")]); +#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp")]); +#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]); +#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP smtp")]); +#test("NOERROR", ["pre", +# yxrrset("c.$zone WKS 73.80.65.49 TCP smtp"), +# yxrrset("c.$zone WKS 73.80.65.49 UDP telnet ftp"), +# yxrrset("c.$zone WKS 73.80.65.50 TCP telnet ftp")]); + + +section("Special NS rules"); + +# Deleting the last NS record using "Delete an RR from an RRset" +# should fail at the zone apex and work elsewhere. The pseudocode +# in RFC2136 says it should fail everywhere, but this is in conflict +# with the actual text. + +# Apex +test("NOERROR", ["update", + rr_add("$zone 300 NS ns1.$zone"), + rr_add("$zone 300 NS ns2.$zone")]); +test("NOERROR", ["update", rr_del("$zone NS ns1.$zone")]); +test("NOERROR", ["update", rr_del("$zone NS ns2.$zone")]); +test("NOERROR", ["pre", + yxrrset("$zone NS ns2.$zone")]); + +# Non-apex +test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); +test("NOERROR", ["update", rr_del("n.$zone NS ns1.$zone")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); + +# Other ways of deleting NS records should also fail at the apex +# and work elsewhere. + +# Non-apex +test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); +test("NOERROR", ["update", rr_del("n.$zone NS")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); + +test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); +test("NOERROR", ["pre", yxrrset("n.$zone NS")]); +test("NOERROR", ["update", rr_del("n.$zone")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); + +# Apex +test("NOERROR", ["update", rr_del("$zone NS")]); +test("NOERROR", ["pre", + yxrrset("$zone NS ns2.$zone")]); + +test("NOERROR", ["update", rr_del("$zone")]); +test("NOERROR", ["pre", + yxrrset("$zone NS ns2.$zone")]); + +# They should not touch the SOA, either. + +test("NOERROR", ["update", rr_del("$zone SOA")]); +test("NOERROR", ["pre", yxrrset("$zone SOA")]); + + +section("Idempotency"); + +test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("d.$zone A 73.80.65.49")]); +test("NOERROR", ["update", + rr_add("d.$zone 300 A 73.80.65.49"), + rr_del("d.$zone A")]); +test("NOERROR", ["pre", nxrrset("d.$zone A")]); + +test("NOERROR", ["update", rr_del("d.$zone A 73.80.65.49")]); +test("NOERROR", ["pre", nxrrset("d.$zone A")]); +test("NOERROR", ["update", + rr_del("d.$zone A"), + rr_add("d.$zone 300 A 73.80.65.49")]); + +test("NOERROR", ["pre", yxrrset("d.$zone A")]); + +section("Out-of-zone prerequisites and updates"); +test("NOTZONE", ["pre", yxrrset("a.somewhere.else. A 73.80.65.49")]); +test("NOTZONE", ["update", rr_add("a.somewhere.else. 300 A 73.80.65.49")]); + + +section("Glue"); +test("NOERROR", ["update", rr_add("s.$zone 300 NS ns.s.$zone")]); +test("NOERROR", ["update", rr_add("ns.s.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("ns.s.$zone A 73.80.65.49")]); + +section("Wildcards"); +test("NOERROR", ["update", rr_add("*.$zone 300 MX 10 mail.$zone")]); +test("NOERROR", ["pre", yxrrset("*.$zone MX 10 mail.$zone")]); +test("NXRRSET", ["pre", yxrrset("w.$zone MX 10 mail.$zone")]); +test("NOERROR", ["pre", nxrrset("w.$zone MX")]); +test("NOERROR", ["pre", nxdomain("w.$zone")]); + + +section("SOA serial handling"); + +my $soatimers = "20 20 1814400 3600"; + +# Get the current SOA serial number. +my $query = $res->query($zone, "SOA"); +my ($old_soa) = $query->answer; + +my $old_serial = $old_soa->serial; + +# Increment it by 10. +my $new_serial = $old_serial + 10; +if ($new_serial > 0xFFFFFFFF) { + $new_serial -= 0x80000000; + $new_serial -= 0x80000000; +} + +# Replace the SOA with a new one. +test("NOERROR", ["update", rr_add("$zone 300 SOA mname1. . $new_serial $soatimers")]); + +# Check that the SOA really got replaced. +($db_soa) = $res->query($zone, "SOA")->answer; +assert($db_soa->mname eq "mname1"); + +# Check that attempts to decrement the serial number are ignored. +$new_serial = $old_serial - 10; +if ($new_serial < 0) { + $new_serial += 0x80000000; + $new_serial += 0x80000000; +} +test("NOERROR", ["update", rr_add("$zone 300 SOA mname2. . $new_serial $soatimers")]); +assert($db_soa->mname eq "mname1"); + +# Check that attempts to leave the serial number unchanged are ignored. +($old_soa) = $res->query($zone, "SOA")->answer; +$old_serial = $old_soa->serial; +test("NOERROR", ["update", rr_add("$zone 300 SOA mname3. . $old_serial " . + $soatimers)]); +($db_soa) = $res->query($zone, "SOA")->answer; +assert($db_soa->mname eq "mname1"); + +# +# Currently commented out because Net::DNS does not properly +# support multiple strings in TXT records. +# +#section("Big data"); +#test("NOERROR", ["update", rr_add("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]); +#test("NOERROR", ["update", rr_del("a.$zone TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]); +test("NOERROR", ["update", rr_add("a.$zone 300 TXT " . ("foo " x 3))]); + +section("Updating TTLs only"); + +test("NOERROR", ["update", rr_add("t.$zone 300 A 73.80.65.49")]); +($a) = $res->query("t.$zone", "A")->answer; +$ttl = $a->ttl; +assert($ttl == 300, "incorrect TTL value $ttl != 300"); +test("NOERROR", ["update", + rr_del("t.$zone A 73.80.65.49"), + rr_add("t.$zone 301 A 73.80.65.49")]); +($a) = $res->query("t.$zone", "A")->answer; +$ttl = $a->ttl; +assert($ttl == 301, "incorrect TTL value $ttl != 301"); + +# Add an RR that is identical to an existing one except for the TTL. +# RFC2136 is not clear about what this should do; it says "duplicate RRs +# will be silently ignored" but is an RR differing only in TTL +# to be considered a duplicate or not? The test assumes that it +# should not be considered a duplicate. +test("NOERROR", ["update", rr_add("t.$zone 302 A 73.80.65.50")]); +($a) = $res->query("t.$zone", "A")->answer; +$ttl = $a->ttl; +assert($ttl == 302, "incorrect TTL value $ttl != 302"); + +section("TTL normalization"); + +# The desired behaviour is that the old RRs get their TTL +# changed to match the new one. RFC2136 does not explicitly +# specify this, but I think it makes more sense than the +# alternatives. + +test("NOERROR", ["update", rr_add("t.$zone 303 A 73.80.65.51")]); +(@answers) = $res->query("t.$zone", "A")->answer; +$nanswers = scalar @answers; +assert($nanswers == 3, "wrong number of answers $nanswers != 3"); +foreach $a (@answers) { + $ttl = $a->ttl; + assert($ttl == 303, "incorrect TTL value $ttl != 303"); +} + +section("Obscuring existing data by zone cut"); +test("NOERROR", ["update", rr_add("a.u.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_add("b.u.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_add("u.$zone 300 TXT txt-not-in-nxt")]); +test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]); + +test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]); + +if ($failures) { + print "$failures tests failed.\n"; +} else { + print "All tests successful.\n"; +} +exit $failures; diff --git a/bin/tests/system/nsupdate/verylarge.in b/bin/tests/system/nsupdate/verylarge.in new file mode 100644 index 0000000..2e66221 --- /dev/null +++ b/bin/tests/system/nsupdate/verylarge.in @@ -0,0 +1,3 @@ +server 10.53.0.1 @PORT@ +update add txt.update.nil. 600 TXT 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 +send |