diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
commit | 45d6379135504814ab723b57f0eb8be23393a51d (patch) | |
tree | d4f2ec4acca824a8446387a758b0ce4238a4dffa /bin/tests/system/pending | |
parent | Initial commit. (diff) | |
download | bind9-upstream.tar.xz bind9-upstream.zip |
Adding upstream version 1:9.16.44.upstream/1%9.16.44upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/pending/clean.sh | 27 | ||||
-rw-r--r-- | bin/tests/system/pending/ns1/named.conf.in | 30 | ||||
-rw-r--r-- | bin/tests/system/pending/ns1/root.db.in | 29 | ||||
-rw-r--r-- | bin/tests/system/pending/ns1/sign.sh | 36 | ||||
-rw-r--r-- | bin/tests/system/pending/ns2/example.com.db.in | 27 | ||||
-rw-r--r-- | bin/tests/system/pending/ns2/example.db.in | 26 | ||||
-rw-r--r-- | bin/tests/system/pending/ns2/forgery.db | 24 | ||||
-rw-r--r-- | bin/tests/system/pending/ns2/named.conf.in | 51 | ||||
-rw-r--r-- | bin/tests/system/pending/ns2/sign.sh | 34 | ||||
-rw-r--r-- | bin/tests/system/pending/ns3/hostile.db | 22 | ||||
-rw-r--r-- | bin/tests/system/pending/ns3/mail.example.db | 23 | ||||
-rw-r--r-- | bin/tests/system/pending/ns3/named.conf.in | 44 | ||||
-rw-r--r-- | bin/tests/system/pending/ns4/named.conf.in | 30 | ||||
-rw-r--r-- | bin/tests/system/pending/setup.sh | 24 | ||||
-rw-r--r-- | bin/tests/system/pending/tests.sh | 199 |
15 files changed, 626 insertions, 0 deletions
diff --git a/bin/tests/system/pending/clean.sh b/bin/tests/system/pending/clean.sh new file mode 100644 index 0000000..89a4b5b --- /dev/null +++ b/bin/tests/system/pending/clean.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -rf */*.signed +rm -rf */*.jnl +rm -rf */K* +rm -rf */dsset-* +rm -rf */named.memstats +rm -rf */named.run +rm -rf */trusted.conf +rm -rf ns1/root.db +rm -rf ns2/example.db +rm -rf ns2/example.com.db +rm -rf nsupdate.out.test +rm -f ns*/named.lock +rm -f ns*/named.conf +rm -f ns*/managed-keys.bind* diff --git a/bin/tests/system/pending/ns1/named.conf.in b/bin/tests/system/pending/ns1/named.conf.in new file mode 100644 index 0000000..f09c3c9 --- /dev/null +++ b/bin/tests/system/pending/ns1/named.conf.in @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "trusted.conf"; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; +}; + +zone "." { + type primary; + file "root.db.signed"; +}; diff --git a/bin/tests/system/pending/ns1/root.db.in b/bin/tests/system/pending/ns1/root.db.in new file mode 100644 index 0000000..fe7fe92 --- /dev/null +++ b/bin/tests/system/pending/ns1/root.db.in @@ -0,0 +1,29 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +. IN SOA marka.isc.org. a.root.servers.nil. ( + 2000042100 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +example. NS ns2.example. +ns2.example. A 10.53.0.2 +example.com. NS ns2.example.com. +ns2.example.com. A 10.53.0.2 +hostile. NS ns3.hostile. +ns3.hostile. A 10.53.0.3 +nice.good. A 10.10.10.10 diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh new file mode 100644 index 0000000..c29ebe2 --- /dev/null +++ b/bin/tests/system/pending/ns1/sign.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=. +infile=root.db.in +zonefile=root.db + +(cd ../ns2 && $SHELL -e sign.sh ) + +cp ../ns2/dsset-example$TP . +cp ../ns2/dsset-example.com$TP . + +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -g -o $zone $zonefile > /dev/null + +# Configure the resolving server with a static key. +keyfile_to_static_ds $keyname2 > trusted.conf +cp trusted.conf ../ns2/trusted.conf +cp trusted.conf ../ns3/trusted.conf +cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/pending/ns2/example.com.db.in b/bin/tests/system/pending/ns2/example.com.db.in new file mode 100644 index 0000000..ee3a1b8 --- /dev/null +++ b/bin/tests/system/pending/ns2/example.com.db.in @@ -0,0 +1,27 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +@ IN SOA mname1. . ( + 2009110300 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail +ns2 A 10.53.0.2 +mail A 192.0.2.2 + AAAA 2001:db8::2 +pending-ok A 192.0.2.2 +pending-ng A 192.0.2.102 +removed A 10.9.8.7 diff --git a/bin/tests/system/pending/ns2/example.db.in b/bin/tests/system/pending/ns2/example.db.in new file mode 100644 index 0000000..5b42e2a --- /dev/null +++ b/bin/tests/system/pending/ns2/example.db.in @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +$ORIGIN example. +@ IN SOA mname1. . ( + 2009110300 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail +ns2 A 10.53.0.2 +mail A 10.0.0.2 +bad CNAME nice.good. +worse A 6.6.6.6 diff --git a/bin/tests/system/pending/ns2/forgery.db b/bin/tests/system/pending/ns2/forgery.db new file mode 100644 index 0000000..fbf42bc --- /dev/null +++ b/bin/tests/system/pending/ns2/forgery.db @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +$ORIGIN good. +@ IN SOA mname1. . ( + 2009110300 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 + +nice.good. CNAME worse.example. diff --git a/bin/tests/system/pending/ns2/named.conf.in b/bin/tests/system/pending/ns2/named.conf.in new file mode 100644 index 0000000..59824df --- /dev/null +++ b/bin/tests/system/pending/ns2/named.conf.in @@ -0,0 +1,51 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS2 + +include "trusted.conf"; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-validation yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "example" { + type primary; + file "example.db.signed"; +}; + +zone "example.com" { + type primary; + file "example.com.db.signed"; + allow-update { 10.53.0.0/16; }; +}; + +zone "good" { + type primary; + file "forgery.db"; + allow-query { any; }; +}; diff --git a/bin/tests/system/pending/ns2/sign.sh b/bin/tests/system/pending/ns2/sign.sh new file mode 100644 index 0000000..df408f8 --- /dev/null +++ b/bin/tests/system/pending/ns2/sign.sh @@ -0,0 +1,34 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +for domain in example example.com; do + zone=${domain}. + infile=${domain}.db.in + zonefile=${domain}.db + + keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) + keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) + + cat $infile $keyname1.key $keyname2.key > $zonefile + + $SIGNER -3 bebe -o $zone $zonefile > /dev/null +done + +# remove "removed" record from example.com, causing the server to +# send an apparently-invalid NXDOMAIN +sed '/^removed/d' example.com.db.signed > example.com.db.new +rm -f example.com.db.signed +mv example.com.db.new example.com.db.signed diff --git a/bin/tests/system/pending/ns3/hostile.db b/bin/tests/system/pending/ns3/hostile.db new file mode 100644 index 0000000..a199922 --- /dev/null +++ b/bin/tests/system/pending/ns3/hostile.db @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +@ IN SOA mname1. . ( + 2009110500 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 + MX 10 mail.example. +ns3 A 10.53.0.3 diff --git a/bin/tests/system/pending/ns3/mail.example.db b/bin/tests/system/pending/ns3/mail.example.db new file mode 100644 index 0000000..77eb731 --- /dev/null +++ b/bin/tests/system/pending/ns3/mail.example.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 30 +@ IN SOA mname1. . ( + 2009110300 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ NS ns3 +ns3 A 10.53.0.3 +;mail A 10.0.0.2 // the correct record +@ A 10.0.0.3 diff --git a/bin/tests/system/pending/ns3/named.conf.in b/bin/tests/system/pending/ns3/named.conf.in new file mode 100644 index 0000000..29afd19 --- /dev/null +++ b/bin/tests/system/pending/ns3/named.conf.in @@ -0,0 +1,44 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS2 + +include "trusted.conf"; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify no; + dnssec-validation yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "mail.example" { + type primary; + file "mail.example.db"; +}; + +zone "hostile" { + type primary; + file "hostile.db"; +}; diff --git a/bin/tests/system/pending/ns4/named.conf.in b/bin/tests/system/pending/ns4/named.conf.in new file mode 100644 index 0000000..6be9085 --- /dev/null +++ b/bin/tests/system/pending/ns4/named.conf.in @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "trusted.conf"; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; diff --git a/bin/tests/system/pending/setup.sh b/bin/tests/system/pending/setup.sh new file mode 100644 index 0000000..2d52f1c --- /dev/null +++ b/bin/tests/system/pending/setup.sh @@ -0,0 +1,24 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf + +cd ns1 && $SHELL -e sign.sh diff --git a/bin/tests/system/pending/tests.sh b/bin/tests/system/pending/tests.sh new file mode 100644 index 0000000..049172f --- /dev/null +++ b/bin/tests/system/pending/tests.sh @@ -0,0 +1,199 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +# replace_data dname RR old_data new_data +replace_data() +{ + if [ $# -ne 4 ]; then + echo_i "unexpected input for replace_data" + return 1 + fi + + _dname=$1 + _rr=$2 + _olddata=$3 + _newdata=$4 + + _ret=0 + $NSUPDATE -d <<END >> nsupdate.out.test 2>&1 || _ret=1 +server 10.53.0.2 ${PORT} +update delete ${_dname} 30 ${_rr} ${_olddata} +update add ${_dname} 30 ${_rr} ${_newdata} +send +END + + if [ $_ret != 0 ]; then + echo_i "failed to update the test data" + return 1 + fi + + return 0 +} + +status=0 +n=0 + +DIGOPTS="+short +tcp -p ${PORT}" +DIGOPTS_CD="$DIGOPTS +cd" + +echo_i "Priming cache." +ret=0 +expect="10 mail.example." +ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Checking that bogus additional is not returned with +CD." +ret=0 +expect="10.0.0.2" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +# +# Prime cache with pending additional records. These should not be promoted +# to answer. +# +echo_i "Priming cache (pending additional A and AAAA)" +ret=0 +expect="10 mail.example.com." +ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Replacing pending A" +ret=0 +replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1 +status=`expr $status + $ret` + +echo_i "Replacing pending AAAA" +ret=0 +replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1 +status=`expr $status + $ret` + +echo_i "Checking updated data to be returned (without CD)" +ret=0 +expect="192.0.2.3" +ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Checking updated data to be returned (with CD)" +ret=0 +expect="2001:db8::3" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +# +# Prime cache with a pending answer record. It can be returned (without +# validation) with +CD. +# +echo_i "Priming cache (pending answer)" +ret=0 +expect="192.0.2.2" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Replacing pending data" +ret=0 +replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1 +status=`expr $status + $ret` + +echo_i "Confirming cached pending data to be returned with CD" +ret=0 +expect="192.0.2.2" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +# +# Prime cache with a pending answer record. It should not be returned +# to no-DNSSEC clients. +# +echo_i "Priming cache (pending answer)" +ret=0 +expect="192.0.2.102" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Replacing pending data" +ret=0 +replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1 +status=`expr $status + $ret` + +echo_i "Confirming updated data returned, not the cached one, without CD" +ret=0 +expect="192.0.2.103" +ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +# +# Try to fool the resolver with an out-of-bailiwick CNAME +# +echo_i "Trying to Prime out-of-bailiwick pending answer with CD" +ret=0 +expect="10.10.10.10" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1 +ans=`echo $ans | awk '{print $NF}'` +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD" +ret=0 +expect="10.10.10.10" +ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1 +ans=`echo $ans | awk '{print $NF}'` +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +# +# Make sure the resolver doesn't cache bogus NXDOMAIN +# +echo_i "Trying to Prime bogus NXDOMAIN" +ret=0 +expect="SERVFAIL" +ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 +ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "Confirming the bogus NXDOMAIN was not cached" +ret=0 +expect="SERVFAIL" +ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 +ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=`expr $status + $ret` + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |