diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
| commit | e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca (patch) | |
| tree | 65e6bbf5e12c3fe09b43e577f8d1786d06bcd559 /bin/tests/system/rpzrecurse | |
| parent | Releasing progress-linux version 1:9.18.19-1~deb12u1progress7u1. (diff) | |
| download | bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.tar.xz bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.zip | |
Merging upstream version 1:9.18.24.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | bin/tests/system/rpzrecurse/ns3/named1.conf.in | 2 | ||||
| -rw-r--r-- | bin/tests/system/rpzrecurse/ns3/named2.conf.in | 2 | ||||
| -rw-r--r-- | bin/tests/system/rpzrecurse/ns3/named3.conf.in | 2 | ||||
| -rw-r--r-- | bin/tests/system/rpzrecurse/prereq.sh | 21 | ||||
| -rw-r--r-- | bin/tests/system/rpzrecurse/setup.sh | 58 | ||||
| -rw-r--r-- | bin/tests/system/rpzrecurse/tests.sh | 330 |
6 files changed, 223 insertions, 192 deletions
diff --git a/bin/tests/system/rpzrecurse/ns3/named1.conf.in b/bin/tests/system/rpzrecurse/ns3/named1.conf.in index f838535..6a1bd11 100644 --- a/bin/tests/system/rpzrecurse/ns3/named1.conf.in +++ b/bin/tests/system/rpzrecurse/ns3/named1.conf.in @@ -11,7 +11,7 @@ * information regarding copyright ownership. */ -include "../../common/rndc.key"; +include "../../_common/rndc.key"; controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpzrecurse/ns3/named2.conf.in b/bin/tests/system/rpzrecurse/ns3/named2.conf.in index 40f6b49..06b2536 100644 --- a/bin/tests/system/rpzrecurse/ns3/named2.conf.in +++ b/bin/tests/system/rpzrecurse/ns3/named2.conf.in @@ -11,7 +11,7 @@ * information regarding copyright ownership. */ -include "../../common/rndc.key"; +include "../../_common/rndc.key"; controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpzrecurse/ns3/named3.conf.in b/bin/tests/system/rpzrecurse/ns3/named3.conf.in index 3926bf9..ac2e19c 100644 --- a/bin/tests/system/rpzrecurse/ns3/named3.conf.in +++ b/bin/tests/system/rpzrecurse/ns3/named3.conf.in @@ -11,7 +11,7 @@ * information regarding copyright ownership. */ -include "../../common/rndc.key"; +include "../../_common/rndc.key"; controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpzrecurse/prereq.sh b/bin/tests/system/rpzrecurse/prereq.sh new file mode 100644 index 0000000..c52be9c --- /dev/null +++ b/bin/tests/system/rpzrecurse/prereq.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../conf.sh + +if ! ${PERL} -MNet::DNS -e ''; then + echo_i "perl Net::DNS module is required" + exit 1 +fi + +exit 0 diff --git a/bin/tests/system/rpzrecurse/setup.sh b/bin/tests/system/rpzrecurse/setup.sh index 4dcd5ed..8a8ebe9 100644 --- a/bin/tests/system/rpzrecurse/setup.sh +++ b/bin/tests/system/rpzrecurse/setup.sh @@ -20,17 +20,23 @@ set -e USAGE="$0: [-DNx]" DEBUG= while getopts "DNx" c; do - case $c in - x) set -x; DEBUG=-x;; - D) TEST_DNSRPS="-D";; - N) NOCLEAN=set;; - *) echo "$USAGE" 1>&2; exit 1;; - esac + case $c in + x) + set -x + DEBUG=-x + ;; + D) TEST_DNSRPS="-D" ;; + N) NOCLEAN=set ;; + *) + echo "$USAGE" 1>&2 + exit 1 + ;; + esac done shift $((OPTIND - 1)) if test "$#" -ne 0; then - echo "$USAGE" 1>&2 - exit 1 + echo "$USAGE" 1>&2 + exit 1 fi [ ${NOCLEAN:-unset} = unset ] && $SHELL clean.sh $DEBUG @@ -48,20 +54,18 @@ copy_setports ns4/named.conf.in ns4/named.conf # setup policy zones for a 64-zone test i=1 -while test $i -le 64 -do - echo "\$TTL 60" > ns2/db.max$i.local - echo "@ IN SOA root.ns ns 1996072700 3600 1800 86400 60" >> ns2/db.max$i.local - echo " NS ns" >> ns2/db.max$i.local - echo "ns A 127.0.0.1" >> ns2/db.max$i.local - - j=1 - while test $j -le $i - do - echo "name$j A 10.53.0.$i" >> ns2/db.max$i.local - j=$((j + 1)) - done - i=$((i + 1)) +while test $i -le 64; do + echo "\$TTL 60" >ns2/db.max$i.local + echo "@ IN SOA root.ns ns 1996072700 3600 1800 86400 60" >>ns2/db.max$i.local + echo " NS ns" >>ns2/db.max$i.local + echo "ns A 127.0.0.1" >>ns2/db.max$i.local + + j=1 + while test $j -le $i; do + echo "name$j A 10.53.0.$i" >>ns2/db.max$i.local + j=$((j + 1)) + done + i=$((i + 1)) done # decide whether to test DNSRPS @@ -74,14 +78,14 @@ PID-FILE $CWD/dnsrpzd.pid; include $CWD/dnsrpzd-license-cur.conf -zone "policy" { type primary; file "`pwd`/ns3/policy.db"; }; +zone "policy" { type primary; file "$(pwd)/ns3/policy.db"; }; EOF sed -n -e 's/^ *//' -e "/zone.*.*primary/s@file \"@&$CWD/ns2/@p" ns2/*.conf \ - >>dnsrpzd.conf + >>dnsrpzd.conf # Run dnsrpzd to get the license and prime the static policy zones if test -n "$TEST_DNSRPS"; then - DNSRPZD="$(../rpz/dnsrps -p)" - "$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \ - -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 + DNSRPZD="$(../rpz/dnsrps -p)" + "$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \ + -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 fi diff --git a/bin/tests/system/rpzrecurse/tests.sh b/bin/tests/system/rpzrecurse/tests.sh index eed53e8..afc1a2b 100644 --- a/bin/tests/system/rpzrecurse/tests.sh +++ b/bin/tests/system/rpzrecurse/tests.sh @@ -27,86 +27,95 @@ ARGS= USAGE="$0: [-xS]" while getopts "xS:" c; do - case $c in - x) set -x; DEBUG=-x; ARGS="$ARGS -x";; - S) SAVE_RESULTS=-S; ARGS="$ARGS -S";; - *) echo "$USAGE" 1>&2; exit 1;; - esac + case $c in + x) + set -x + DEBUG=-x + ARGS="$ARGS -x" + ;; + S) + SAVE_RESULTS=-S + ARGS="$ARGS -S" + ;; + *) + echo "$USAGE" 1>&2 + exit 1 + ;; + esac done shift $((OPTIND - 1)) if test "$#" -ne 0; then - echo "$USAGE" 1>&2 - exit 1 + echo "$USAGE" 1>&2 + exit 1 fi # really quit on control-C trap 'exit 1' 1 2 15 DNSRPSCMD=../rpz/dnsrps -RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" +RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s" # $1 = test name (such as 1a, 1b, etc. for which named.$1.conf exists) run_server() { - TESTNAME=$1 + TESTNAME=$1 - echo_i "stopping resolver" - stop_server --use-rndc --port ${CONTROLPORT} ns2 + echo_i "stopping resolver" + stop_server --use-rndc --port ${CONTROLPORT} ns2 - sleep 1 + sleep 1 - echo_i "starting resolver using named.$TESTNAME.conf" - cp -f ns2/named.$TESTNAME.conf ns2/named.conf - start_server --noclean --restart --port ${PORT} ns2 - sleep 3 + echo_i "starting resolver using named.$TESTNAME.conf" + cp -f ns2/named.$TESTNAME.conf ns2/named.conf + start_server --noclean --restart --port ${PORT} ns2 + sleep 3 } run_query() { - TESTNAME=$1 - LINE=$2 + TESTNAME=$1 + LINE=$2 - NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) - $DIG $DIGOPTS $NAME a @10.53.0.2 -p ${PORT} -b 127.0.0.1 > dig.out.${t} - grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 && return 1 - return 0 + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) + $DIG $DIGOPTS $NAME a @10.53.0.2 -p ${PORT} -b 127.0.0.1 >dig.out.${t} + grep "status: SERVFAIL" dig.out.${t} >/dev/null 2>&1 && return 1 + return 0 } # $1 = test name (such as 1a, 1b, etc. for which $1.queries exists) # $2 = line number in query file to test (the name to query is taken from this line) expect_norecurse() { - TESTNAME=$1 - LINE=$2 + TESTNAME=$1 + LINE=$2 - NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) - t=$((t + 1)) - echo_i "testing $NAME doesn't recurse (${t})" - add_test_marker 10.53.0.2 - run_query $TESTNAME $LINE || { - echo_i "test ${t} failed" - status=1 - } + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) + t=$((t + 1)) + echo_i "testing $NAME doesn't recurse (${t})" + add_test_marker 10.53.0.2 + run_query $TESTNAME $LINE || { + echo_i "test ${t} failed" + status=1 + } } # $1 = test name (such as 1a, 1b, etc. for which $1.queries exists) # $2 = line number in query file to test (the name to query is taken from this line) expect_recurse() { - TESTNAME=$1 - LINE=$2 + TESTNAME=$1 + LINE=$2 - NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) - t=$((t + 1)) - echo_i "testing $NAME recurses (${t})" - add_test_marker 10.53.0.2 - run_query $TESTNAME $LINE && { - echo_i "test ${t} failed" - status=1 - } - return 0 + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) + t=$((t + 1)) + echo_i "testing $NAME recurses (${t})" + add_test_marker 10.53.0.2 + run_query $TESTNAME $LINE && { + echo_i "test ${t} failed" + status=1 + } + return 0 } add_test_marker() { - for ns in $@ - do - $RNDCCMD $ns null ---- test ${t} ---- - done + for ns in $@; do + $RNDCCMD $ns null ---- test ${t} ---- + done } native=0 @@ -114,36 +123,36 @@ dnsrps=0 for mode in native dnsrps; do status=0 case $mode in - native) - if [ -e dnsrps-only ] ; then - echo_i "'dnsrps-only' found: skipping native RPZ sub-test" - continue - else - echo_i "running native RPZ sub-test" - fi - ;; - dnsrps) - if [ -e dnsrps-off ] ; then - echo_i "'dnsrps-off' found: skipping DNSRPS sub-test" - continue - fi - echo_i "attempting to configure servers with DNSRPS..." - stop_server --use-rndc --port ${CONTROLPORT} - $SHELL ./setup.sh -N -D $DEBUG - sed -n 's/^## //p' dnsrps.conf | cat_i - if grep '^#fail' dnsrps.conf >/dev/null; then - echo_i "exit status: 1" - exit 1 - fi - if grep '^#skip' dnsrps.conf > /dev/null; then - echo_i "DNSRPS sub-test skipped" - continue - else - echo_i "running DNSRPS sub-test" - start_server --noclean --restart --port ${PORT} - sleep 3 - fi - ;; + native) + if [ -e dnsrps-only ]; then + echo_i "'dnsrps-only' found: skipping native RPZ sub-test" + continue + else + echo_i "running native RPZ sub-test" + fi + ;; + dnsrps) + if [ -e dnsrps-off ]; then + echo_i "'dnsrps-off' found: skipping DNSRPS sub-test" + continue + fi + echo_i "attempting to configure servers with DNSRPS..." + stop_server --use-rndc --port ${CONTROLPORT} + $SHELL ./setup.sh -N -D $DEBUG + sed -n 's/^## //p' dnsrps.conf | cat_i + if grep '^#fail' dnsrps.conf >/dev/null; then + echo_i "exit status: 1" + exit 1 + fi + if grep '^#skip' dnsrps.conf >/dev/null; then + echo_i "DNSRPS sub-test skipped" + continue + else + echo_i "running DNSRPS sub-test" + start_server --noclean --restart --port ${PORT} + sleep 3 + fi + ;; esac # show whether and why DNSRPS is enabled or disabled @@ -152,8 +161,8 @@ for mode in native dnsrps; do t=$((t + 1)) echo_i "testing that l1.l0 exists without RPZ (${t})" add_test_marker 10.53.0.2 - $DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} - grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { + $DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} >dig.out.${t} + grep "status: NOERROR" dig.out.${t} >/dev/null 2>&1 || { echo_i "test ${t} failed" status=1 } @@ -161,8 +170,8 @@ for mode in native dnsrps; do t=$((t + 1)) echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})" add_test_marker 10.53.0.2 - $DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} - grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} >dig.out.${t} + grep "status: SERVFAIL" dig.out.${t} >/dev/null 2>&1 || { echo_i "test ${t} failed" status=1 } @@ -179,8 +188,7 @@ for mode in native dnsrps; do # Group 2 run_server 2a for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 \ - 21 22 23 24 25 26 27 28 29 30 31 32 - do + 21 22 23 24 25 26 27 28 29 30 31 32; do expect_norecurse 2a $n done expect_recurse 2a 33 @@ -221,8 +229,7 @@ for mode in native dnsrps; do add_test_marker 10.53.0.2 c=0 for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \ - 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 - do + 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33; do run_query 4$n $i || c=$((c + 1)) done skipped=$((33 - c)) @@ -249,7 +256,7 @@ for mode in native dnsrps; do t=$((t + 1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 - $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} + $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME >dig.out.${t} sleep 1 echo_i "suspending authority server" PID=$(cat ns1/named.pid) @@ -257,30 +264,29 @@ for mode in native dnsrps; do echo_i "adding an NSDNAME policy" cp ns2/db.6a.00.policy.local ns2/saved.policy.local cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local - $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i + $RNDC -c ../_common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 t=$((t + 1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 - $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & + $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 >dig.out.${t} & sleep 1 echo_i "removing the NSDNAME policy" cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local - $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i + $RNDC -c ../_common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 echo_i "resuming authority server" PID=$(cat ns1/named.pid) kill -CONT $PID add_test_marker 10.53.0.1 - for n in 1 2 3 4 5 6 7 8 9 - do + for n in 1 2 3 4 5 6 7 8 9; do sleep 1 [ -s dig.out.${t} ] || continue - grep "status: .*," dig.out.${t} > /dev/null 2>&1 && break + grep "status: .*," dig.out.${t} >/dev/null 2>&1 && break done - grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { + grep "status: NOERROR" dig.out.${t} >/dev/null 2>&1 || { echo_i "test ${t} failed" status=1 } @@ -292,20 +298,20 @@ for mode in native dnsrps; do t=$((t + 1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 - $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} + $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME >dig.out.${t} sleep 1 echo_i "suspending authority server" PID=$(cat ns1/named.pid) kill -STOP $PID echo_i "adding an NSDNAME policy" cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local - $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i + $RNDC -c ../_common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 t=$((t + 1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 - $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & + $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 >dig.out.${t} & sleep 1 echo_i "removing the policy zone" cp ns2/named.default.conf ns2/named.conf @@ -319,9 +325,9 @@ for mode in native dnsrps; do for n in 1 2 3 4 5 6 7 8 9; do sleep 1 [ -s dig.out.${t} ] || continue - grep "status: .*," dig.out.${t} > /dev/null 2>&1 && break + grep "status: .*," dig.out.${t} >/dev/null 2>&1 && break done - grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { + grep "status: NOERROR" dig.out.${t} >/dev/null 2>&1 || { echo_i "test ${t} failed" status=1 } @@ -332,14 +338,13 @@ for mode in native dnsrps; do add_test_marker 10.53.0.2 run_server max i=1 - while test $i -le 64 - do - $DIG $DIGOPTS name$i a @10.53.0.2 -p ${PORT} -b 10.53.0.1 > dig.out.${t}.${i} - grep "^name$i.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.$i" dig.out.${t}.${i} > /dev/null 2>&1 || { - echo_i "test $t failed: didn't get expected answer from policy zone $i" - status=1 - } - i=$((i + 1)) + while test $i -le 64; do + $DIG $DIGOPTS name$i a @10.53.0.2 -p ${PORT} -b 10.53.0.1 >dig.out.${t}.${i} + grep "^name$i.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.$i" dig.out.${t}.${i} >/dev/null 2>&1 || { + echo_i "test $t failed: didn't get expected answer from policy zone $i" + status=1 + } + i=$((i + 1)) done # Check CLIENT-IP behavior @@ -347,12 +352,12 @@ for mode in native dnsrps; do echo_i "testing CLIENT-IP behavior (${t})" add_test_marker 10.53.0.2 run_server clientip - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t} - grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 >dig.out.${t} + grep "status: NOERROR" dig.out.${t} >/dev/null 2>&1 || { echo_i "test $t failed: query failed" status=1 } - grep "^l2.l1.l0.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.2" dig.out.${t} > /dev/null 2>&1 || { + grep "^l2.l1.l0.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.2" dig.out.${t} >/dev/null 2>&1 || { echo_i "test $t failed: didn't get expected answer" status=1 } @@ -362,27 +367,27 @@ for mode in native dnsrps; do echo_i "testing CLIENT-IP behavior #2 (${t})" add_test_marker 10.53.0.2 run_server clientip2 - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.1 > dig.out.${t}.1 - grep "status: SERVFAIL" dig.out.${t}.1 > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.1 >dig.out.${t}.1 + grep "status: SERVFAIL" dig.out.${t}.1 >/dev/null 2>&1 || { echo_i "test $t failed: query failed" status=1 } - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 > dig.out.${t}.2 - grep "status: NXDOMAIN" dig.out.${t}.2 > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >dig.out.${t}.2 + grep "status: NXDOMAIN" dig.out.${t}.2 >/dev/null 2>&1 || { echo_i "test $t failed: query failed" status=1 } - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 > dig.out.${t}.3 - grep "status: NOERROR" dig.out.${t}.3 > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >dig.out.${t}.3 + grep "status: NOERROR" dig.out.${t}.3 >/dev/null 2>&1 || { echo_i "test $t failed: query failed" status=1 } - grep "^l2.l1.l0.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.1" dig.out.${t}.3 > /dev/null 2>&1 || { + grep "^l2.l1.l0.[ ]*[0-9]*[ ]*IN[ ]*A[ ]*10.53.0.1" dig.out.${t}.3 >/dev/null 2>&1 || { echo_i "test $t failed: didn't get expected answer" status=1 } - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t}.4 - grep "status: SERVFAIL" dig.out.${t}.4 > /dev/null 2>&1 || { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 >dig.out.${t}.4 + grep "status: SERVFAIL" dig.out.${t}.4 >/dev/null 2>&1 || { echo_i "test $t failed: query failed" status=1 } @@ -393,18 +398,18 @@ for mode in native dnsrps; do add_test_marker 10.53.0.2 run_server log cur=$(awk 'BEGIN {l=0} /^/ {l++} END { print l }' ns2/named.run) - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t} - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >> dig.out.${t} - $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >> dig.out.${t} - sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.4.0.53.10.rpz-client-ip.log1" > /dev/null && { + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 >dig.out.${t} + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >>dig.out.${t} + $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >>dig.out.${t} + sed -n "$cur,"'$p' <ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.4.0.53.10.rpz-client-ip.log1" >/dev/null && { echo_ic "failed: unexpected rewrite message for policy zone log1 was logged" status=1 } - sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.3.0.53.10.rpz-client-ip.log2" > /dev/null || { + sed -n "$cur,"'$p' <ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.3.0.53.10.rpz-client-ip.log2" >/dev/null || { echo_ic "failed: expected rewrite message for policy zone log2 was not logged" status=1 } - sed -n "$cur,"'$p' < ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.2.0.53.10.rpz-client-ip.log3" > /dev/null || { + sed -n "$cur,"'$p' <ns2/named.run | grep "view recursive: rpz CLIENT-IP Local-Data rewrite l2.l1.l0/A/IN via 32.2.0.53.10.rpz-client-ip.log3" >/dev/null || { echo_ic "failed: expected rewrite message for policy zone log3 was not logged" status=1 } @@ -415,13 +420,13 @@ for mode in native dnsrps; do echo_i "testing wildcard behavior with 1 RPZ zone (${t})" add_test_marker 10.53.0.2 run_server wildcard1 - $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.1 - grep "status: NXDOMAIN" dig.out.${t}.1 > /dev/null || { + $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.1 + grep "status: NXDOMAIN" dig.out.${t}.1 >/dev/null || { echo_i "test ${t} failed" status=1 } - $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.2 - grep "status: NXDOMAIN" dig.out.${t}.2 > /dev/null || { + $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.2 + grep "status: NXDOMAIN" dig.out.${t}.2 >/dev/null || { echo_i "test ${t} failed" status=1 } @@ -430,13 +435,13 @@ for mode in native dnsrps; do echo_i "testing wildcard behavior with 2 RPZ zones (${t})" add_test_marker 10.53.0.2 run_server wildcard2 - $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.1 - grep "status: NXDOMAIN" dig.out.${t}.1 > /dev/null || { + $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.1 + grep "status: NXDOMAIN" dig.out.${t}.1 >/dev/null || { echo_i "test ${t} failed" status=1 } - $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.2 - grep "status: NXDOMAIN" dig.out.${t}.2 > /dev/null || { + $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.2 + grep "status: NXDOMAIN" dig.out.${t}.2 >/dev/null || { echo_i "test ${t} failed" status=1 } @@ -445,13 +450,13 @@ for mode in native dnsrps; do echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})" add_test_marker 10.53.0.2 run_server wildcard3 - $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.1 - grep "status: NXDOMAIN" dig.out.${t}.1 > /dev/null || { + $DIG $DIGOPTS www.test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.1 + grep "status: NXDOMAIN" dig.out.${t}.1 >/dev/null || { echo_i "test ${t} failed" status=1 } - $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} > dig.out.${t}.2 - grep "status: NOERROR" dig.out.${t}.2 > /dev/null || { + $DIG $DIGOPTS test1.example.net a @10.53.0.2 -p ${PORT} >dig.out.${t}.2 + grep "status: NOERROR" dig.out.${t}.2 >/dev/null || { echo_i "test ${t} failed" status=1 } @@ -460,13 +465,13 @@ for mode in native dnsrps; do echo_i "testing wildcard passthru before explicit drop (${t})" add_test_marker 10.53.0.2 run_server wildcard4 - $DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.1 - grep "status: NOERROR" dig.out.${t}.1 > /dev/null || { + $DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} >dig.out.${t}.1 + grep "status: NOERROR" dig.out.${t}.1 >/dev/null || { echo_i "test ${t} failed" status=1 } - $DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.2 - grep "status: NOERROR" dig.out.${t}.2 > /dev/null || { + $DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} >dig.out.${t}.2 + grep "status: NOERROR" dig.out.${t}.2 >/dev/null || { echo_i "test ${t} failed" status=1 } @@ -477,7 +482,7 @@ for mode in native dnsrps; do echo_i "testing for invalid prefix length error (${t})" add_test_marker 10.53.0.2 run_server invalidprefixlength - grep "invalid rpz IP address \"1000.4.0.53.10.rpz-client-ip.invalidprefixlength\"; invalid prefix length of 1000$" ns2/named.run > /dev/null || { + grep "invalid rpz IP address \"1000.4.0.53.10.rpz-client-ip.invalidprefixlength\"; invalid prefix length of 1000$" ns2/named.run >/dev/null || { echo_ic "failed: expected that invalid prefix length error would be logged" status=1 } @@ -489,20 +494,20 @@ for mode in native dnsrps; do echo_i "timing 'nsip-wait-recurse yes' (default)" ret=0 t1=$($PERL -e 'print time()."\n";') - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a >dig.out.yes.$t t2=$($PERL -e 'print time()."\n";') p1=$((t2 - t1)) echo_i "elapsed time $p1 seconds" - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush copy_setports ns3/named2.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + nextpart ns3/named.run >/dev/null + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload >/dev/null wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 echo_i "timing 'nsip-wait-recurse no'" t3=$($PERL -e 'print time()."\n";') - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a >dig.out.no.$t t4=$($PERL -e 'print time()."\n";') p2=$((t4 - t3)) echo_i "elapsed time $p2 seconds" @@ -511,11 +516,11 @@ for mode in native dnsrps; do if test $ret != 0; then echo_i "failed"; fi status=$((status + ret)) - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush # restore original named.conf copy_setports ns3/named1.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + nextpart ns3/named.run >/dev/null + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload >/dev/null wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 t=$((t + 1)) @@ -524,20 +529,20 @@ for mode in native dnsrps; do echo_i "timing 'nsdname-wait-recurse yes' (default)" ret=0 t1=$($PERL -e 'print time()."\n";') - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a >dig.out.yes.$t t2=$($PERL -e 'print time()."\n";') p1=$((t2 - t1)) echo_i "elapsed time $p1 seconds" - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush copy_setports ns3/named3.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + nextpart ns3/named.run >/dev/null + $RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload >/dev/null wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 echo_i "timing 'nsdname-wait-recurse no'" t3=$($PERL -e 'print time()."\n";') - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a >dig.out.no.$t t4=$($PERL -e 'print time()."\n";') p2=$((t4 - t3)) echo_i "elapsed time $p2 seconds" @@ -546,16 +551,17 @@ for mode in native dnsrps; do if test $ret != 0; then echo_i "failed"; fi status=$((status + ret)) - [ $status -ne 0 ] && pf=fail || pf=pass case $mode in - native) - native=$status - echo_i "status (native RPZ sub-test): $status ($pf)";; - dnsrps) - dnsrps=$status - echo_i "status (DNSRPS sub-test): $status ($pf)";; - *) echo_i "invalid test mode";; + native) + native=$status + echo_i "status (native RPZ sub-test): $status ($pf)" + ;; + dnsrps) + dnsrps=$status + echo_i "status (DNSRPS sub-test): $status ($pf)" + ;; + *) echo_i "invalid test mode" ;; esac done status=$((native + dnsrps)) |