summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/resolver
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 23:51:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 23:51:28 +0000
commit754c7de1e91eeb28c6d3766900ead0c3e44fdb85 (patch)
tree51433c0e38731dc9ecd342555a56f876980b1834 /bin/tests/system/resolver
parentAdding debian version 1:9.16.44-1~deb11u1. (diff)
downloadbind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.tar.xz
bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.zip
Merging upstream version 1:9.16.48.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/resolver')
-rw-r--r--bin/tests/system/resolver/ns6/keygen.sh10
-rw-r--r--bin/tests/system/resolver/prereq.sh20
-rwxr-xr-xbin/tests/system/resolver/tests.sh918
3 files changed, 489 insertions, 459 deletions
diff --git a/bin/tests/system/resolver/ns6/keygen.sh b/bin/tests/system/resolver/ns6/keygen.sh
index e992154..1d608cd 100644
--- a/bin/tests/system/resolver/ns6/keygen.sh
+++ b/bin/tests/system/resolver/ns6/keygen.sh
@@ -23,8 +23,8 @@ infile="${zonefile}.in"
cp $infile $zonefile
ksk=$($KEYGEN -q -a rsasha256 -fk $zone)
zsk=$($KEYGEN -q -a rsasha256 -b 2048 $zone)
-cat $ksk.key $zsk.key >> $zonefile
-$SIGNER -P -o $zone $zonefile > /dev/null
+cat $ksk.key $zsk.key >>$zonefile
+$SIGNER -P -o $zone $zonefile >/dev/null
zone=example.net
zonefile="${zone}.db"
@@ -32,8 +32,8 @@ infile="${zonefile}.in"
cp $infile $zonefile
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
-cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
-$SIGNER -P -o $zone $zonefile > /dev/null
+cat $ksk.key $zsk.key dsset-ds.example.net$TP >>$zonefile
+$SIGNER -P -o $zone $zonefile >/dev/null
# Configure a static key to be used by delv
-keyfile_to_static_ds $ksk > ../ns5/trusted.conf
+keyfile_to_static_ds $ksk >../ns5/trusted.conf
diff --git a/bin/tests/system/resolver/prereq.sh b/bin/tests/system/resolver/prereq.sh
index 902f8db..f16d175 100644
--- a/bin/tests/system/resolver/prereq.sh
+++ b/bin/tests/system/resolver/prereq.sh
@@ -14,18 +14,16 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
-if $PERL -e 'use Net::DNS;' 2>/dev/null
-then
- if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION eq "0.76" || $Net::DNS::VERSION eq "0.77");' 2>/dev/null
- then
- :
- else
- echo_i "Net::DNS version 0.76 and 0.77 have a bug that causes this test to fail: please update." >&2
- exit 1
- fi
-else
- echo_i "This test requires the Net::DNS library." >&2
+if $PERL -e 'use Net::DNS;' 2>/dev/null; then
+ if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION eq "0.76" || $Net::DNS::VERSION eq "0.77");' 2>/dev/null; then
+ :
+ else
+ echo_i "Net::DNS version 0.76 and 0.77 have a bug that causes this test to fail: please update." >&2
exit 1
+ fi
+else
+ echo_i "This test requires the Net::DNS library." >&2
+ exit 1
fi
exit 0
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 379b1d7..a3b8afd 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -15,360 +15,376 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
dig_with_opts() {
- "${DIG}" -p "${PORT}" "${@}"
+ "${DIG}" -p "${PORT}" "${@}"
}
resolve_with_opts() {
- "${RESOLVE}" -p "${PORT}" "${@}"
+ "${RESOLVE}" -p "${PORT}" "${@}"
}
rndccmd() {
- "${RNDC}" -c "${SYSTEMTESTTOP}/common/rndc.conf" -p "${CONTROLPORT}" -s "${@}"
+ "${RNDC}" -c "${SYSTEMTESTTOP}/common/rndc.conf" -p "${CONTROLPORT}" -s "${@}"
}
status=0
n=0
-n=$((n+1))
+n=$((n + 1))
echo_i "checking non-cachable NXDOMAIN response handling ($n)"
ret=0
-dig_with_opts +tcp nxdomain.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp nxdomain.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
- grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 nxdomain.example.net 2>resolve.out.ns1.test${n} || ret=1
+ grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)"
- ret=0
- resolve_with_opts -b 10.53.0.8 -t a -s 10.53.0.1 www.example.org 2> resolve.out.ns1.test${n} || ret=1
- grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
-
- n=$((n+1))
- echo_i "checking that local bound address can be set (Can query from an allowed address) ($n)"
- ret=0
- resolve_with_opts -b 10.53.0.1 -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
- grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)"
+ ret=0
+ resolve_with_opts -b 10.53.0.8 -t a -s 10.53.0.1 www.example.org 2>resolve.out.ns1.test${n} || ret=1
+ grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that local bound address can be set (Can query from an allowed address) ($n)"
+ ret=0
+ resolve_with_opts -b 10.53.0.1 -t a -s 10.53.0.1 www.example.org >resolve.out.ns1.test${n} || ret=1
+ grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking non-cachable NODATA response handling ($n)"
ret=0
-dig_with_opts +tcp nodata.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp nodata.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking non-cachable NODATA response handling using dns_client ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
- grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking non-cachable NODATA response handling using dns_client ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 nodata.example.net 2>resolve.out.ns1.test${n} || ret=1
+ grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking handling of bogus referrals ($n)"
# If the server has the "INSIST(!external)" bug, this query will kill it.
-dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=$((status + 1)); }
-
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking handling of bogus referrals using dns_client ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
- grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || {
+ echo_i "failed"
+ status=$((status + 1))
+}
+
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking handling of bogus referrals using dns_client ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 www.example.com 2>resolve.out.ns1.test${n} || ret=1
+ grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "check handling of cname + other data / 1 ($n)"
-dig_with_opts +tcp cname1.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=$((status + 1)); }
+dig_with_opts +tcp cname1.example.com. a @10.53.0.1 >/dev/null || {
+ echo_i "failed"
+ status=$((status + 1))
+}
-n=$((n+1))
+n=$((n + 1))
echo_i "check handling of cname + other data / 2 ($n)"
-dig_with_opts +tcp cname2.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=$((status + 1)); }
+dig_with_opts +tcp cname2.example.com. a @10.53.0.1 >/dev/null || {
+ echo_i "failed"
+ status=$((status + 1))
+}
-n=$((n+1))
+n=$((n + 1))
echo_i "check that server is still running ($n)"
-dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=$((status + 1)); }
+dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || {
+ echo_i "failed"
+ status=$((status + 1))
+}
-n=$((n+1))
+n=$((n + 1))
echo_i "checking answer IPv4 address filtering (deny) ($n)"
ret=0
-dig_with_opts +tcp www.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp www.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking answer IPv6 address filtering (deny) ($n)"
ret=0
-dig_with_opts +tcp www.example.net @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
-grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp www.example.net @10.53.0.1 aaaa >dig.out.ns1.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking answer IPv4 address filtering (accept) ($n)"
ret=0
-dig_with_opts +tcp www.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp www.example.org @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
- grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 www.example.org >resolve.out.ns1.test${n} || ret=1
+ grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking answer IPv6 address filtering (accept) ($n)"
ret=0
-dig_with_opts +tcp www.example.org @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp www.example.org @10.53.0.1 aaaa >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)"
- ret=0
- resolve_with_opts -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
- grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)"
+ ret=0
+ resolve_with_opts -t aaaa -s 10.53.0.1 www.example.org >resolve.out.ns1.test${n} || ret=1
+ grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking CNAME target filtering (deny) ($n)"
ret=0
-dig_with_opts +tcp badcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp badcname.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking CNAME target filtering (accept) ($n)"
ret=0
-dig_with_opts +tcp goodcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp goodcname.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking CNAME target filtering using dns_client (accept) ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
- grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
- grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking CNAME target filtering using dns_client (accept) ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 goodcname.example.net >resolve.out.ns1.test${n} || ret=1
+ grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} >/dev/null || ret=1
+ grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking CNAME target filtering (accept due to subdomain) ($n)"
ret=0
-dig_with_opts +tcp cname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp cname.sub.example.org @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
- grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
- grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 cname.sub.example.org >resolve.out.ns1.test${n} || ret=1
+ grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} >/dev/null || ret=1
+ grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking DNAME target filtering (deny) ($n)"
ret=0
-dig_with_opts +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp foo.baddname.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
grep "DNAME target foo.baddname.example.org denied for foo.baddname.example.net/IN" ns1/named.run >/dev/null || ret=1
-grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking DNAME target filtering (accept) ($n)"
ret=0
-dig_with_opts +tcp foo.gooddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp foo.gooddname.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking DNAME target filtering using dns_client (accept) ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
- grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
- grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking DNAME target filtering using dns_client (accept) ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 foo.gooddname.example.net >resolve.out.ns1.test${n} || ret=1
+ grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} >/dev/null || ret=1
+ grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking DNAME target filtering (accept due to subdomain) ($n)"
ret=0
-dig_with_opts +tcp www.dname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +tcp www.dname.sub.example.org @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-if [ -x "${RESOLVE}" ] ; then
- n=$((n+1))
- echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
- ret=0
- resolve_with_opts -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
- grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
- grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+if [ -x "${RESOLVE}" ]; then
+ n=$((n + 1))
+ echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
+ ret=0
+ resolve_with_opts -t a -s 10.53.0.1 www.dname.sub.example.org >resolve.out.ns1.test${n} || ret=1
+ grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} >/dev/null || ret=1
+ grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "check that the resolver accepts a referral response with a non-empty ANSWER section ($n)"
ret=0
-dig_with_opts @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
-grep "status: NOERROR" dig.ns1.out.${n} > /dev/null || ret=1
-grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} > /dev/null || ret=1
+dig_with_opts @10.53.0.1 foo.glue-in-answer.example.org. A >dig.ns1.out.${n} || ret=1
+grep "status: NOERROR" dig.ns1.out.${n} >/dev/null || ret=1
+grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that the resolver limits the number of NS records it follows in a referral response ($n)"
# ns5 is the recusor being tested. ns4 holds the sourcens zone containing names with varying numbers of NS
# records pointing to non-existent nameservers in the targetns zone on ns6.
ret=0
-rndccmd 10.53.0.5 flush || ret=1 # Ensure cache is empty before doing this test
-for nscount in 1 2 3 4 5 6 7 8 9 10
-do
- # Verify number of NS records at source server
- dig_with_opts +norecurse @10.53.0.4 target${nscount}.sourcens ns > dig.ns4.out.${nscount}.${n}
- sourcerecs=$(grep NS dig.ns4.out.${nscount}.${n} | grep -v ';' | wc -l)
- test "${sourcerecs}" -eq "${nscount}" || ret=1
- test "${sourcerecs}" -eq "${nscount}" || echo_i "NS count incorrect for target${nscount}.sourcens"
- # Expected queries = 2 * number of NS records, up to a maximum of 10.
- expected=$((nscount*2))
- if [ "$expected" -gt 10 ]; then expected=10; fi
- # Work out the queries made by checking statistics on the target before and after the test
- rndccmd 10.53.0.6 stats || ret=1
- initial_count=$(awk '/responses sent/ {print $1}' ns6/named.stats)
- mv ns6/named.stats ns6/named.stats.initial.${nscount}.${n}
- dig_with_opts @10.53.0.5 target${nscount}.sourcens A > dig.ns5.out.${nscount}.${n} || ret=1
- rndccmd 10.53.0.6 stats || ret=1
- final_count=$(awk '/responses sent/ {print $1}' ns6/named.stats)
- mv ns6/named.stats ns6/named.stats.final.${nscount}.${n}
- # Check number of queries during the test is as expected
- actual=$((final_count - initial_count))
- if [ "$actual" -ne "$expected" ]; then
- echo_i "query count error: $nscount NS records: expected queries $expected, actual $actual"
- ret=1
- fi
+rndccmd 10.53.0.5 flush || ret=1 # Ensure cache is empty before doing this test
+for nscount in 1 2 3 4 5 6 7 8 9 10; do
+ # Verify number of NS records at source server
+ dig_with_opts +norecurse @10.53.0.4 target${nscount}.sourcens ns >dig.ns4.out.${nscount}.${n}
+ sourcerecs=$(grep NS dig.ns4.out.${nscount}.${n} | grep -v ';' | wc -l)
+ test "${sourcerecs}" -eq "${nscount}" || ret=1
+ test "${sourcerecs}" -eq "${nscount}" || echo_i "NS count incorrect for target${nscount}.sourcens"
+ # Expected queries = 2 * number of NS records, up to a maximum of 10.
+ expected=$((nscount * 2))
+ if [ "$expected" -gt 10 ]; then expected=10; fi
+ # Work out the queries made by checking statistics on the target before and after the test
+ rndccmd 10.53.0.6 stats || ret=1
+ initial_count=$(awk '/responses sent/ {print $1}' ns6/named.stats)
+ mv ns6/named.stats ns6/named.stats.initial.${nscount}.${n}
+ dig_with_opts @10.53.0.5 target${nscount}.sourcens A >dig.ns5.out.${nscount}.${n} || ret=1
+ rndccmd 10.53.0.6 stats || ret=1
+ final_count=$(awk '/responses sent/ {print $1}' ns6/named.stats)
+ mv ns6/named.stats ns6/named.stats.final.${nscount}.${n}
+ # Check number of queries during the test is as expected
+ actual=$((final_count - initial_count))
+ if [ "$actual" -ne "$expected" ]; then
+ echo_i "query count error: $nscount NS records: expected queries $expected, actual $actual"
+ ret=1
+ fi
done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "RT21594 regression test check setup ($n)"
ret=0
# Check that "aa" is not being set by the authoritative server.
-dig_with_opts +tcp . @10.53.0.4 soa > dig.ns4.out.${n} || ret=1
-grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
+dig_with_opts +tcp . @10.53.0.4 soa >dig.ns4.out.${n} || ret=1
+grep 'flags: qr rd;' dig.ns4.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "RT21594 regression test positive answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative positive answers.
-dig_with_opts +tcp . @10.53.0.5 soa > dig.ns5.out.${n} || ret=1
-grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
+dig_with_opts +tcp . @10.53.0.5 soa >dig.ns5.out.${n} || ret=1
+grep "status: NOERROR" dig.ns5.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "RT21594 regression test NODATA answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative nodata answers.
-dig_with_opts +tcp . @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
-grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
+dig_with_opts +tcp . @10.53.0.5 txt >dig.ns5.out.${n} || ret=1
+grep "status: NOERROR" dig.ns5.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "RT21594 regression test NXDOMAIN answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative positive answers.
-dig_with_opts +tcp noexistent @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
-grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
+dig_with_opts +tcp noexistent @10.53.0.5 txt >dig.ns5.out.${n} || ret=1
+grep "status: NXDOMAIN" dig.ns5.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
ret=0
-dig_with_opts +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=1
-grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
+dig_with_opts +tcp mx example.net @10.53.0.7 >dig.ns7.out.${n} || ret=1
+grep "status: NOERROR" dig.ns7.out.${n} >/dev/null || ret=1
if [ $ret = 1 ]; then echo_i "mx priming failed"; fi
-$NSUPDATE << EOF
+$NSUPDATE <<EOF
server 10.53.0.6 ${PORT}
zone example.net
update delete mail.example.net A
update add mail.example.net 0 AAAA ::1
send
EOF
-dig_with_opts +tcp a mail.example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
-grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
-grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
+dig_with_opts +tcp a mail.example.net @10.53.0.7 >dig.ns7.out.${n} || ret=2
+grep "status: NOERROR" dig.ns7.out.${n} >/dev/null || ret=2
+grep "ANSWER: 0" dig.ns7.out.${n} >/dev/null || ret=2
if [ $ret = 2 ]; then echo_i "ncache priming failed"; fi
-dig_with_opts +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=3
-grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
-dig_with_opts +tcp rrsig mail.example.net +norec @10.53.0.7 > dig.ns7.out.${n} || ret=4
-grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
-grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+dig_with_opts +tcp mx example.net @10.53.0.7 >dig.ns7.out.${n} || ret=3
+grep "status: NOERROR" dig.ns7.out.${n} >/dev/null || ret=3
+dig_with_opts +tcp rrsig mail.example.net +norec @10.53.0.7 >dig.ns7.out.${n} || ret=4
+grep "status: NOERROR" dig.ns7.out.${n} >/dev/null || ret=4
+grep "ANSWER: 0" dig.ns7.out.${n} >/dev/null || ret=4
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
status=$((status + ret))
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that update a nameservers address has immediate effects ($n)"
ret=0
-dig_with_opts +tcp TXT foo.moves @10.53.0.7 > dig.ns7.foo.${n} || ret=1
-grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
-$NSUPDATE << EOF
+dig_with_opts +tcp TXT foo.moves @10.53.0.7 >dig.ns7.foo.${n} || ret=1
+grep "From NS 5" dig.ns7.foo.${n} >/dev/null || ret=1
+$NSUPDATE <<EOF
server 10.53.0.7 ${PORT}
zone server
update delete ns.server A
@@ -376,17 +392,20 @@ update add ns.server 300 A 10.53.0.4
send
EOF
sleep 1
-dig_with_opts +tcp TXT bar.moves @10.53.0.7 > dig.ns7.bar.${n} || ret=1
-grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
+dig_with_opts +tcp TXT bar.moves @10.53.0.7 >dig.ns7.bar.${n} || ret=1
+grep "From NS 4" dig.ns7.bar.${n} >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=1
+fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that update a nameservers glue has immediate effects ($n)"
ret=0
-dig_with_opts +tcp TXT foo.child.server @10.53.0.7 > dig.ns7.foo.${n} || ret=1
-grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
-$NSUPDATE << EOF
+dig_with_opts +tcp TXT foo.child.server @10.53.0.7 >dig.ns7.foo.${n} || ret=1
+grep "From NS 5" dig.ns7.foo.${n} >/dev/null || ret=1
+$NSUPDATE <<EOF
server 10.53.0.7 ${PORT}
zone server
update delete ns.child.server A
@@ -394,138 +413,152 @@ update add ns.child.server 300 A 10.53.0.4
send
EOF
sleep 1
-dig_with_opts +tcp TXT bar.child.server @10.53.0.7 > dig.ns7.bar.${n} || ret=1
-grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
+dig_with_opts +tcp TXT bar.child.server @10.53.0.7 >dig.ns7.bar.${n} || ret=1
+grep "From NS 4" dig.ns7.bar.${n} >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=1
+fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking empty RFC 1918 reverse zones ($n)"
ret=0
# Check that "aa" is being set by the resolver for RFC 1918 zones
# except the one that has been deliberately disabled
-dig_with_opts @10.53.0.7 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.16.1.1 > dig.ns4.out.3.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
-dig_with_opts @10.53.0.7 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
-grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 10.1.1.1 >dig.ns4.out.1.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 192.168.1.1 >dig.ns4.out.2.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.16.1.1 >dig.ns4.out.3.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.17.1.1 >dig.ns4.out.4.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.18.1.1 >dig.ns4.out.5.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.19.1.1 >dig.ns4.out.6.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.21.1.1 >dig.ns4.out.7.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.22.1.1 >dig.ns4.out.8.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.23.1.1 >dig.ns4.out.9.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.24.1.1 >dig.ns4.out.11.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.25.1.1 >dig.ns4.out.12.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.26.1.1 >dig.ns4.out.13.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.27.1.1 >dig.ns4.out.14.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.28.1.1 >dig.ns4.out.15.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.29.1.1 >dig.ns4.out.16.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.30.1.1 >dig.ns4.out.17.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} >/dev/null || ret=1
+dig_with_opts @10.53.0.7 -x 172.31.1.1 >dig.ns4.out.18.${n} || ret=1
+grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} >/dev/null || ret=1
# but this one should NOT be authoritative
-dig_with_opts @10.53.0.7 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
-grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
+dig_with_opts @10.53.0.7 -x 172.20.1.1 >dig.ns4.out.19.${n} || ret=1
+grep 'flags: qr rd ra;' dig.ns4.out.19.${n} >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=1
+fi
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that removal of a delegation is honoured ($n)"
ret=0
-dig_with_opts @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
-grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo_i "priming failed"; }
+dig_with_opts @10.53.0.5 www.to-be-removed.tld A >dig.ns5.prime.${n}
+grep "status: NOERROR" dig.ns5.prime.${n} >/dev/null || {
+ ret=1
+ echo_i "priming failed"
+}
cp ns4/tld2.db ns4/tld.db
rndc_reload ns4 10.53.0.4 tld
old=
-for i in 0 1 2 3 4 5 6 7 8 9
-do
- foo=0
- dig_with_opts @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
- dig_with_opts @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
- grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
- [ $foo = 0 ] && break
- $NSUPDATE << EOF
+for i in 0 1 2 3 4 5 6 7 8 9; do
+ foo=0
+ dig_with_opts @10.53.0.5 ns$i.to-be-removed.tld A >/dev/null
+ dig_with_opts @10.53.0.5 www.to-be-removed.tld A >dig.ns5.out.${n}
+ grep "status: NXDOMAIN" dig.ns5.out.${n} >/dev/null || foo=1
+ [ $foo = 0 ] && break
+ $NSUPDATE <<EOF
server 10.53.0.6 ${PORT}
zone to-be-removed.tld
update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
send
EOF
- old=$i
- sleep 1
+ old=$i
+ sleep 1
done
-[ $ret = 0 ] && ret=$foo;
-if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
+[ $ret = 0 ] && ret=$foo
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=1
+fi
-n=$((n+1))
+n=$((n + 1))
echo_i "check for improved error message with SOA mismatch ($n)"
ret=0
-dig_with_opts @10.53.0.1 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
-grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
+dig_with_opts @10.53.0.1 www.sub.broken aaaa >dig.out.ns1.test${n} || ret=1
+grep "not subdomain of zone" ns1/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
copy_setports ns7/named2.conf.in ns7/named.conf
rndccmd 10.53.0.7 reconfig 2>&1 | sed 's/^/ns7 /' | cat_i
-n=$((n+1))
+n=$((n + 1))
echo_i "check resolution on the listening port ($n)"
ret=0
-dig_with_opts +tcp +tries=2 +time=5 mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
-grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
-grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+dig_with_opts +tcp +tries=2 +time=5 mx example.net @10.53.0.7 >dig.ns7.out.${n} || ret=2
+grep "status: NOERROR" dig.ns7.out.${n} >/dev/null || ret=1
+grep "ANSWER: 1" dig.ns7.out.${n} >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check prefetch (${n})"
ret=0
# read prefetch value from config.
PREFETCH=$(sed -n "s/[[:space:]]*prefetch \([0-9]\).*/\1/p" ns5/named.conf)
-dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt >dig.out.1.${n} || ret=1
ttl1=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.1.${n})
interval=$((ttl1 - PREFETCH + 1))
# sleep so we are in prefetch range
sleep ${interval:-0}
# trigger prefetch
-dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt >dig.out.2.${n} || ret=1
ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
sleep 1
# check that prefetch occurred
-dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt >dig.out.3.${n} || ret=1
ttl=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n})
test "${ttl:-0}" -gt "${ttl2:-1}" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check prefetch of validated DS's RRSIG TTL is updated (${n})"
ret=0
-dig_with_opts +dnssec @10.53.0.5 ds.example.net ds > dig.out.1.${n} || ret=1
+dig_with_opts +dnssec @10.53.0.5 ds.example.net ds >dig.out.1.${n} || ret=1
dsttl1=$(awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.1.${n})
interval=$((dsttl1 - PREFETCH + 1))
# sleep so we are in prefetch range
sleep ${interval:-0}
# trigger prefetch
-dig_with_opts @10.53.0.5 ds.example.net ds > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 ds.example.net ds >dig.out.2.${n} || ret=1
dsttl2=$(awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.2.${n})
sleep 1
# check that prefetch occurred
-dig_with_opts @10.53.0.5 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 ds.example.net ds +dnssec >dig.out.3.${n} || ret=1
dsttl=$(awk '$4 == "DS" && $7 == "2" { print $2 }' dig.out.3.${n})
sigttl=$(awk '$4 == "RRSIG" && $5 == "DS" { print $2 }' dig.out.3.${n})
test "${dsttl:-0}" -gt "${dsttl2:-1}" || ret=1
@@ -534,390 +567,389 @@ test "${dsttl:-0}" -eq "${sigttl:-1}" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check prefetch disabled (${n})"
ret=0
-dig_with_opts @10.53.0.7 fetch.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 fetch.example.net txt >dig.out.1.${n} || ret=1
ttl1=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.1.${n})
interval=$((ttl1 - PREFETCH + 1))
# sleep so we are in expire range
sleep ${interval:-0}
tmp_ttl=$ttl1
no_prefetch() {
- # fetch record and ensure its ttl is in range 0 < ttl < tmp_ttl.
- # since prefetch is disabled, updated ttl must be a lower value than
- # the previous one.
- dig_with_opts @10.53.0.7 fetch.example.net txt > dig.out.2.${n} || return 1
- ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
- # check that prefetch has not occurred
- if [ "$ttl2" -ge "${tmp_ttl}" ]; then
- return 1
- fi
- tmp_ttl=$ttl2
+ # fetch record and ensure its ttl is in range 0 < ttl < tmp_ttl.
+ # since prefetch is disabled, updated ttl must be a lower value than
+ # the previous one.
+ dig_with_opts @10.53.0.7 fetch.example.net txt >dig.out.2.${n} || return 1
+ ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
+ # check that prefetch has not occurred
+ if [ "$ttl2" -ge "${tmp_ttl}" ]; then
+ return 1
+ fi
+ tmp_ttl=$ttl2
}
retry_quiet 3 no_prefetch || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check prefetch qtype * (${n})"
ret=0
-dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any >dig.out.1.${n} || ret=1
ttl1=$(awk '/"A" "short" "ttl"/ { print $2 - 3 }' dig.out.1.${n})
# sleep so we are in prefetch range
sleep "${ttl1:-0}"
# trigger prefetch
-dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any >dig.out.2.${n} || ret=1
ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
sleep 1
# check that prefetch occurred;
# note that only one record is prefetched, which is the TXT record in this case,
# because of the order of the records in the cache
-dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any >dig.out.3.${n} || ret=1
ttl3=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n})
test "${ttl3:-0}" -gt "${ttl2:-1}" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that E was logged on EDNS queries in the query log (${n})"
ret=0
-dig_with_opts @10.53.0.5 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
-grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
-dig_with_opts @10.53.0.5 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
-grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
-grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
+dig_with_opts @10.53.0.5 +edns edns.fetchall.tld any >dig.out.2.${n} || ret=1
+grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run >/dev/null || ret=1
+dig_with_opts @10.53.0.5 +noedns noedns.fetchall.tld any >dig.out.2.${n} || ret=1
+grep "query: noedns.fetchall.tld IN ANY" ns5/named.run >/dev/null || ret=1
+grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
ret=0
-echo "-t aaaa" > .digrc
-(HOME="$(pwd)" dig_with_opts @10.53.0.4 . > dig.out.1.${n}) || ret=1
-(HOME="$(pwd)" dig_with_opts @10.53.0.4 . A > dig.out.2.${n}) || ret=1
-(HOME="$(pwd)" dig_with_opts @10.53.0.4 -x 127.0.0.1 > dig.out.3.${n}) || ret=1
-grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
-grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
-grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
-grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1
+echo "-t aaaa" >.digrc
+(HOME="$(pwd)" dig_with_opts @10.53.0.4 . >dig.out.1.${n}) || ret=1
+(HOME="$(pwd)" dig_with_opts @10.53.0.4 . A >dig.out.2.${n}) || ret=1
+(HOME="$(pwd)" dig_with_opts @10.53.0.4 -x 127.0.0.1 >dig.out.3.${n}) || ret=1
+grep ';\..*IN.*AAAA$' dig.out.1.${n} >/dev/null || ret=1
+grep ';\..*IN.*A$' dig.out.2.${n} >/dev/null || ret=1
+grep 'extra type option' dig.out.2.${n} >/dev/null && ret=1
+grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
edns=$($FEATURETEST --edns-version)
-n=$((n+1))
+n=$((n + 1))
echo_i "check that EDNS version is logged (${n})"
ret=0
-dig_with_opts @10.53.0.5 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
-grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run > /dev/null || ret=1
+dig_with_opts @10.53.0.5 +edns edns0.fetchall.tld any >dig.out.2.${n} || ret=1
+grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run >/dev/null || ret=1
if test "${edns:-0}" != 0; then
- dig_with_opts @10.53.0.5 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
- grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run > /dev/null || ret=1
+ dig_with_opts @10.53.0.5 +edns=1 edns1.fetchall.tld any >dig.out.2.${n} || ret=1
+ grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run >/dev/null || ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if test "${edns:-0}" != 0; then
- n=$((n+1))
- echo_i "check that edns-version is honoured (${n})"
- ret=0
- dig_with_opts @10.53.0.5 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
- grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run > /dev/null || ret=1
- dig_with_opts @10.53.0.5 +edns edns-version.tld > dig.out.2.${n} || ret=1
- grep "query: edns-version.tld IN A -E(0)" ns7/named.run > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+ n=$((n + 1))
+ echo_i "check that edns-version is honoured (${n})"
+ ret=0
+ dig_with_opts @10.53.0.5 +edns no-edns-version.tld >dig.out.1.${n} || ret=1
+ grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run >/dev/null || ret=1
+ dig_with_opts @10.53.0.5 +edns edns-version.tld >dig.out.2.${n} || ret=1
+ grep "query: edns-version.tld IN A -E(0)" ns7/named.run >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
fi
-n=$((n+1))
+n=$((n + 1))
echo_i "check that CNAME nameserver is logged correctly (${n})"
ret=0
-dig_with_opts soa all-cnames @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
+dig_with_opts soa all-cnames @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that unexpected opcodes are handled correctly (${n})"
ret=0
-dig_with_opts soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
-grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
-grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
-grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
-grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
-grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} > /dev/null && ret=1
+dig_with_opts soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag >dig.out.ns5.test${n} || ret=1
+grep "status: NOTIMP" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} >/dev/null && ret=1
+grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} >/dev/null && ret=1
+grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} >/dev/null && ret=1
+grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} >/dev/null && ret=1
+grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that EDNS client subnet with non-zeroed bits is handled correctly (${n})"
ret=0
# 0001 (IPv4) 1f (31 significant bits) 00 (0) ffffffff (255.255.255.255)
-dig_with_opts soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
-grep "status: FORMERR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "; EDNS: version:" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff >dig.out.ns5.test${n} || ret=1
+grep "status: FORMERR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "; EDNS: version:" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that dig +subnet zeros address bits correctly (${n})"
ret=0
-dig_with_opts soa . @10.53.0.5 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts soa . @10.53.0.5 +subnet=255.255.255.255/23 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that SOA query returns data for delegation-only apex (${n})"
ret=0
-dig_with_opts soa delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts soa delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that NS query returns data for delegation-only apex (${n})"
ret=0
-dig_with_opts ns delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts ns delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that A query returns data for delegation-only A apex (${n})"
ret=0
-dig_with_opts a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts a delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that CDS query returns data for delegation-only apex (${n})"
ret=0
-dig_with_opts cds delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts cds delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that AAAA query returns data for delegation-only AAAA apex (${n})"
ret=0
-dig_with_opts a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts a delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that DNSKEY query returns data for delegation-only apex (${n})"
ret=0
-dig_with_opts dnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts dnskey delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that CDNSKEY query returns data for delegation-only apex (${n})"
ret=0
-dig_with_opts cdnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts cdnskey delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns5.test${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that NXDOMAIN is returned for delegation-only non-apex A data (${n})"
ret=0
-dig_with_opts a a.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts a a.delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that NXDOMAIN is returned for delegation-only non-apex CDS data (${n})"
ret=0
-dig_with_opts cds cds.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts cds cds.delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that NXDOMAIN is returned for delegation-only non-apex AAAA data (${n})"
ret=0
-dig_with_opts aaaa aaaa.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts aaaa aaaa.delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that NXDOMAIN is returned for delegation-only non-apex CDNSKEY data (${n})"
ret=0
-dig_with_opts cdnskey cdnskey.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
-grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
+dig_with_opts cdnskey cdnskey.delegation-only @10.53.0.5 >dig.out.ns5.test${n} || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check zero ttl not returned for learnt non zero ttl records (${n})"
ret=0
# use prefetch disabled server
-dig_with_opts @10.53.0.7 non-zero.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 non-zero.example.net txt >dig.out.1.${n} || ret=1
ttl1=$(awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n})
# sleep so we are in expire range
sleep "${ttl1:-0}"
# look for ttl = 1, allow for one miss at getting zero ttl
zerotonine="0 1 2 3 4 5 6 7 8 9"
zerotonine="$zerotonine $zerotonine $zerotonine"
-for i in $zerotonine $zerotonine $zerotonine $zerotonine
-do
- dig_with_opts @10.53.0.7 non-zero.example.net txt > dig.out.2.${n} || ret=1
- ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
- test "${ttl2:-1}" -eq 0 && break
- test "${ttl2:-1}" -ge "${ttl1:-0}" && break
- "${PERL}" -e 'select(undef, undef, undef, 0.05);'
+for i in $zerotonine $zerotonine $zerotonine $zerotonine; do
+ dig_with_opts @10.53.0.7 non-zero.example.net txt >dig.out.2.${n} || ret=1
+ ttl2=$(awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n})
+ test "${ttl2:-1}" -eq 0 && break
+ test "${ttl2:-1}" -ge "${ttl1:-0}" && break
+ "${PERL}" -e 'select(undef, undef, undef, 0.05);'
done
test "${ttl2:-1}" -eq 0 && ret=1
test "${ttl2:-1}" -ge "${ttl1:-0}" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check zero ttl is returned for learnt zero ttl records (${n})"
ret=0
-dig_with_opts @10.53.0.7 zero.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 zero.example.net txt >dig.out.1.${n} || ret=1
ttl=$(awk '/"A" "zero" "ttl"/ { print $2 }' dig.out.1.${n})
test "${ttl:-1}" -eq 0 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +ad (${n})"
ret=0
-dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec > dig.out.$n
-grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
+dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec >dig.out.$n
+grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +dnssec (${n})"
ret=0
-dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec > dig.out.$n
-grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
+dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec >dig.out.$n
+grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that the resolver accepts a reply with empty question section with TC=1 and retries over TCP ($n)"
ret=0
-dig_with_opts @10.53.0.5 truncated.no-questions. a +tries=3 +time=5 > dig.ns5.out.${n} || ret=1
-grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
-grep "ANSWER: 1," dig.ns5.out.${n} > /dev/null || ret=1
-grep "1\.2\.3\.4" dig.ns5.out.${n} > /dev/null || ret=1
+dig_with_opts @10.53.0.5 truncated.no-questions. a +tries=3 +time=5 >dig.ns5.out.${n} || ret=1
+grep "status: NOERROR" dig.ns5.out.${n} >/dev/null || ret=1
+grep "ANSWER: 1," dig.ns5.out.${n} >/dev/null || ret=1
+grep "1\.2\.3\.4" dig.ns5.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that the resolver rejects a reply with empty question section with TC=0 ($n)"
ret=0
-dig_with_opts @10.53.0.5 not-truncated.no-questions. a +tries=3 +time=5 > dig.ns5.out.${n} || ret=1
-grep "status: NOERROR" dig.ns5.out.${n} > /dev/null && ret=1
-grep "ANSWER: 1," dig.ns5.out.${n} > /dev/null && ret=1
-grep "1\.2\.3\.4" dig.ns5.out.${n} > /dev/null && ret=1
+dig_with_opts @10.53.0.5 not-truncated.no-questions. a +tries=3 +time=5 >dig.ns5.out.${n} || ret=1
+grep "status: NOERROR" dig.ns5.out.${n} >/dev/null && ret=1
+grep "ANSWER: 1," dig.ns5.out.${n} >/dev/null && ret=1
+grep "1\.2\.3\.4" dig.ns5.out.${n} >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking SERVFAIL is returned when all authoritative servers return FORMERR ($n)"
ret=0
-dig_with_opts @10.53.0.5 ns.formerr-to-all. a > dig.ns5.out.${n} || ret=1
-grep "status: SERVFAIL" dig.ns5.out.${n} > /dev/null || ret=1
+dig_with_opts @10.53.0.5 ns.formerr-to-all. a >dig.ns5.out.${n} || ret=1
+grep "status: SERVFAIL" dig.ns5.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check logged command line ($n)"
ret=0
-grep "running as: .* -m record,size,mctx " ns1/named.run > /dev/null || ret=1
+grep "running as: .* -m record,size,mctx " ns1/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking NXDOMAIN is returned when querying non existing domain in CH class ($n)"
ret=0
-dig_with_opts @10.53.0.1 id.hostname txt ch > dig.ns1.out.${n} || ret=1
-grep "status: NXDOMAIN" dig.ns1.out.${n} > /dev/null || ret=1
+dig_with_opts @10.53.0.1 id.hostname txt ch >dig.ns1.out.${n} || ret=1
+grep "status: NXDOMAIN" dig.ns1.out.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check handling of large referrals to unresponsive name servers ($n)"
ret=0
-dig_with_opts +timeout=15 large-referral.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
-grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts +timeout=15 large-referral.example.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
# Check the total number of findname() calls triggered by a single query
# for large-referral.example.net/A.
findname_call_count="$(grep -c "large-referral\.example\.net.*FINDNAME" ns1/named.run)"
if [ "${findname_call_count}" -gt 1000 ]; then
- echo_i "failed: ${findname_call_count} (> 1000) findname() calls detected for large-referral.example.net"
- ret=1
+ echo_i "failed: ${findname_call_count} (> 1000) findname() calls detected for large-referral.example.net"
+ ret=1
fi
# Check whether the limit of NS RRs processed for any delegation
# encountered was not exceeded.
if grep -Eq "dns_adb_createfind: started (A|AAAA) fetch for name ns21.fake.redirect.com" ns1/named.run; then
- echo_i "failed: unexpected address fetch(es) were triggered for ns21.fake.redirect.com"
- ret=1
+ echo_i "failed: unexpected address fetch(es) were triggered for ns21.fake.redirect.com"
+ ret=1
fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking query resolution for a domain with a valid glueless delegation chain ($n)"
ret=0
rndccmd 10.53.0.1 flush || ret=1
-dig_with_opts foo.bar.sub.tld1 @10.53.0.1 TXT > dig.out.ns1.test${n} || ret=1
-grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
-grep "IN.*TXT.*baz" dig.out.ns1.test${n} > /dev/null || ret=1
+dig_with_opts foo.bar.sub.tld1 @10.53.0.1 TXT >dig.out.ns1.test${n} || ret=1
+grep "status: NOERROR" dig.out.ns1.test${n} >/dev/null || ret=1
+grep "IN.*TXT.*baz" dig.out.ns1.test${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that correct namespace is chosen for dual-stack-servers ($n)"
ret=0
#
# The two priming queries are needed until we fix dual-stack-servers fully
#
-dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver A > dig.out.prime1.${n} || ret=1
-dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver AAAA > dig.out.prime2.${n} || ret=1
-dig_with_opts @fd92:7065:b8e:ffff::9 foo.v4only.net A > dig.out.ns9.${n} || ret=1
-grep "status: NOERROR" dig.out.ns9.${n} > /dev/null || ret=1
+dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver A >dig.out.prime1.${n} || ret=1
+dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver AAAA >dig.out.prime2.${n} || ret=1
+dig_with_opts @fd92:7065:b8e:ffff::9 foo.v4only.net A >dig.out.ns9.${n} || ret=1
+grep "status: NOERROR" dig.out.ns9.${n} >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check expired TTLs with qtype * (${n})"
ret=0
-dig_with_opts +tcp @10.53.0.5 mixedttl.tld any > dig.out.1.${n} || ret=1
+dig_with_opts +tcp @10.53.0.5 mixedttl.tld any >dig.out.1.${n} || ret=1
ttl1=$(awk '$1 == "mixedttl.tld." && $4 == "A" { print $2 + 1 }' dig.out.1.${n})
# sleep TTL + 1 so that record has expired
sleep "${ttl1:-0}"
-dig_with_opts +tcp @10.53.0.5 mixedttl.tld any > dig.out.2.${n} || ret=1
+dig_with_opts +tcp @10.53.0.5 mixedttl.tld any >dig.out.2.${n} || ret=1
# check preconditions
-grep "ANSWER: 3," dig.out.1.${n} > /dev/null || ret=1
+grep "ANSWER: 3," dig.out.1.${n} >/dev/null || ret=1
lines=$(awk '$1 == "mixedttl.tld." && $2 > 30 { print }' dig.out.1.${n} | wc -l)
test ${lines:-1} -ne 0 && ret=1
# check behaviour (there may be 1 answer on very slow machines)
-grep "ANSWER: [12]," dig.out.2.${n} > /dev/null || ret=1
+grep "ANSWER: [12]," dig.out.2.${n} >/dev/null || ret=1
lines=$(awk '$1 == "mixedttl.tld." && $2 > 30 { print }' dig.out.2.${n} | wc -l)
test ${lines:-1} -ne 0 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi