diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
commit | e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca (patch) | |
tree | 65e6bbf5e12c3fe09b43e577f8d1786d06bcd559 /bin/tests/system/allow-query/tests.sh | |
parent | Releasing progress-linux version 1:9.18.19-1~deb12u1progress7u1. (diff) | |
download | bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.tar.xz bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.zip |
Merging upstream version 1:9.18.24.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/allow-query/tests.sh')
-rw-r--r-- | bin/tests/system/allow-query/tests.sh | 419 |
1 files changed, 209 insertions, 210 deletions
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh index 3a1b8b4..cb82370 100644 --- a/bin/tests/system/allow-query/tests.sh +++ b/bin/tests/system/allow-query/tests.sh @@ -61,15 +61,15 @@ DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnss status=0 n=0 -nextpart ns2/named.run > /dev/null +nextpart ns2/named.run >/dev/null # Test 1 - default, query allowed n=$((n + 1)) echo_i "test $n: default - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -80,9 +80,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: explicit any - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -93,11 +93,11 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: none - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 -nextpart ns2/named.run | grep 'recursion not enabled for view' > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 +nextpart ns2/named.run | grep 'recursion not enabled for view' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -106,10 +106,10 @@ DIGNOEDNS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +no echo_i "test $n: none - query refused (no edns)" ret=0 -$DIG $DIGNOEDNS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null && ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGNOEDNS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null && ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -120,9 +120,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: address allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -133,10 +133,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: address not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -147,10 +147,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: address disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -161,9 +161,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: acl allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -174,14 +174,13 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: acl not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) - # Test 9 - acl disallowed, query refused n=$((n + 1)) copy_setports ns2/named09.conf.in ns2/named.conf @@ -189,10 +188,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: acl disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -203,9 +202,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -216,10 +215,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -230,10 +229,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -247,9 +246,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views default - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -260,9 +259,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views explicit any - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -273,10 +272,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views none - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -287,9 +286,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views address allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -300,10 +299,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views address not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -314,10 +313,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views address disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -328,9 +327,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views acl allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -341,10 +340,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views acl not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -355,10 +354,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views acl disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -369,9 +368,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -382,10 +381,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -396,10 +395,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -410,9 +409,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views over options, views allow - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -423,10 +422,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views over options, views disallow - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -441,9 +440,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: zone default - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -451,9 +450,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone explicit any - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.any.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -461,10 +460,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone none - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.none.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -472,9 +471,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone address allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.addrallow.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -482,10 +481,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone address not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.addrnotallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -493,10 +492,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone address disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.addrdisallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -504,9 +503,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone acl allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.aclallow.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -514,10 +513,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone acl not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.aclnotallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -525,10 +524,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone acl disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.acldisallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -536,9 +535,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -546,10 +545,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -557,10 +556,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: zone key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.keydisallow.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -571,9 +570,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views over options, views allow - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -584,10 +583,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views over options, views disallow - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -598,9 +597,9 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: zones over views, views allow - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -611,10 +610,10 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: zones over views, views disallow - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -625,13 +624,13 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: zones over views, allow-query-on" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.1.$n || ret=1 -grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1 -grep '^a.normal.example' dig.out.ns2.1.$n > /dev/null || ret=1 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.2.$n || ret=1 -grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n > /dev/null || ret=1 -grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.1.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.1.$n >/dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.1.$n >/dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n >/dev/null || ret=1 +grep '^a.aclnotallow.example' dig.out.ns2.2.$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -639,13 +638,13 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: default allow-recursion configuration" ret=0 -nextpart ns3/named.run > /dev/null -$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a > dig.out.ns3.1.$n -grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1 -$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a > dig.out.ns3.2.$n -grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 -nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1 +nextpart ns3/named.run >/dev/null +$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a >dig.out.ns3.1.$n +grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a >dig.out.ns3.2.$n +grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1 +nextpart ns3/named.run | grep 'allow-recursion did not match' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -653,12 +652,12 @@ status=$((status + ret)) n=$((n + 1)) echo_i "test $n: default allow-query-cache configuration" ret=0 -$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n -grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1 -$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . > dig.out.ns3.2.$n -grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 -nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . >dig.out.ns3.1.$n +grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . >dig.out.ns3.2.$n +grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1 +nextpart ns3/named.run | grep 'allow-recursion did not match' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -670,14 +669,14 @@ rndc_reload ns3 10.53.0.3 echo_i "test $n: block recursion-on, allow query-cache-on" ret=0 # this should query the cache, and an answer should already be there -$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n -grep 'recursion requested but not available' dig.out.ns3.1.$n > /dev/null || ret=1 -grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n +grep 'recursion requested but not available' dig.out.ns3.1.$n >/dev/null || ret=1 +grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1 # this should require recursion and therefore can't get an answer -$DIG -p ${PORT} @10.53.0.3 b.normal.example a > dig.out.ns3.2.$n -grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1 -nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 b.normal.example a >dig.out.ns3.2.$n +grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'ANSWER: 0' dig.out.ns3.2.$n >/dev/null || ret=1 +nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -689,22 +688,22 @@ rndc_reload ns3 10.53.0.3 echo_i "test $n: inheritance of allow-query-cache-on" ret=0 # this should query the cache, an answer should already be there -$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n -grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n +grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1 # this should be refused due to allow-recursion-on/allow-query-cache-on -$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n -grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n +grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1 # this should require recursion and should be allowed -$DIG -p ${PORT} @10.53.0.3 c.normal.example a > dig.out.ns3.3.$n -grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 c.normal.example a >dig.out.ns3.3.$n +grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1 # this should require recursion and be refused -$DIG -p ${PORT} @10.53.1.2 d.normal.example a > dig.out.ns3.4.$n -grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1 -grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1 -nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.1.2 d.normal.example a >dig.out.ns3.4.$n +grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1 +grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n >/dev/null || ret=1 +nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -716,22 +715,22 @@ rndc_reload ns3 10.53.0.3 echo_i "test $n: inheritance of allow-recursion-on" ret=0 # this should query the cache, an answer should already be there -$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n -grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n +grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1 # this should be refused due to allow-recursion-on/allow-query-cache-on -$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n -grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n +grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1 # this should require recursion and should be allowed -$DIG -p ${PORT} @10.53.0.3 e.normal.example a > dig.out.ns3.3.$n -grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.0.3 e.normal.example a >dig.out.ns3.3.$n +grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1 # this should require recursion and be refused -$DIG -p ${PORT} @10.53.1.2 f.normal.example a > dig.out.ns3.4.$n -grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1 -grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1 -grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1 -nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 +$DIG -p ${PORT} @10.53.1.2 f.normal.example a >dig.out.ns3.4.$n +grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1 +grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1 +grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n >/dev/null || ret=1 +nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) |