diff options
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/rndc/clean.sh | 33 | ||||
-rw-r--r-- | bin/tests/system/rndc/gencheck.c | 90 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns2/incl.db | 13 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns2/named.conf.in | 65 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns2/secondkey.conf | 21 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns3/named.conf.in | 49 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns4/named.conf.in | 38 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns5/named.conf.in | 35 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns6/named.args | 3 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns6/named.conf.in | 30 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns7/include.db.in | 16 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns7/include2.db.in | 16 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns7/named.conf.in | 58 | ||||
-rw-r--r-- | bin/tests/system/rndc/ns7/test.db.in | 13 | ||||
-rw-r--r-- | bin/tests/system/rndc/setup.sh | 64 | ||||
-rw-r--r-- | bin/tests/system/rndc/tests.sh | 814 | ||||
-rw-r--r-- | bin/tests/system/rndc/tests_sh_rndc.py | 14 |
17 files changed, 1372 insertions, 0 deletions
diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh new file mode 100644 index 0000000..d18b5a5 --- /dev/null +++ b/bin/tests/system/rndc/clean.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f dig.out.*.test* +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run ns*/named.run.prev +rm -f ns2/named.stats +rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl +rm -f ns2/session.key +rm -f ns3/named_dump.db* +rm -f ns4/*.nta +rm -f ns4/example.db ns4/example.db.jnl +rm -f ns4/key?.conf +rm -f ns6/huge.zone.db +rm -f ns7/include.db ns7/test.db ns7/*.jnl +rm -f ns7/named_dump.db* +rm -f ns*/named.conf +rm -f nsupdate.out.*.test* +rm -f python.out.*.test* +rm -f rndc.out.*.test* +rm -f ns*/managed-keys.bind* ns*/*.mkeys* +rm -f ns*/*.nta diff --git a/bin/tests/system/rndc/gencheck.c b/bin/tests/system/rndc/gencheck.c new file mode 100644 index 0000000..7949b66 --- /dev/null +++ b/bin/tests/system/rndc/gencheck.c @@ -0,0 +1,90 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <unistd.h> + +#include <isc/print.h> + +#define USAGE "usage: gencheck <filename>\n" + +static int +check(const char *buf, ssize_t count, size_t *start) { + const char chars[] = "abcdefghijklmnopqrstuvwxyz0123456789"; + ssize_t i; + + for (i = 0; i < count; i++, *start = (*start + 1) % (sizeof(chars) - 1)) + { + /* Just ignore the trailing newline */ + if (buf[i] == '\n') { + continue; + } + if (buf[i] != chars[*start]) { + return (0); + } + } + + return (1); +} + +int +main(int argc, char **argv) { + int ret; + int fd; + ssize_t count; + char buf[1024]; + size_t start; + size_t length; + + ret = EXIT_FAILURE; + fd = -1; + length = 0; + + if (argc != 2) { + fprintf(stderr, USAGE); + goto out; + } + + fd = open(argv[1], O_RDONLY); + if (fd == -1) { + goto out; + } + + start = 0; + while ((count = read(fd, buf, sizeof(buf))) != 0) { + if (count < 0) { + goto out; + } + + if (!check(buf, count, &start)) { + goto out; + } + + length += count; + } + + ret = EXIT_SUCCESS; + +out: + printf("%lu\n", (unsigned long)length); + + if (fd != -1) { + close(fd); + } + + return (ret); +} diff --git a/bin/tests/system/rndc/ns2/incl.db b/bin/tests/system/rndc/ns2/incl.db new file mode 100644 index 0000000..bb8b343 --- /dev/null +++ b/bin/tests/system/rndc/ns2/incl.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +; Used for testing $INCLUDE +$INCLUDE "static.db" diff --git a/bin/tests/system/rndc/ns2/named.conf.in b/bin/tests/system/rndc/ns2/named.conf.in new file mode 100644 index 0000000..c3ce3eb --- /dev/null +++ b/bin/tests/system/rndc/ns2/named.conf.in @@ -0,0 +1,65 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +key secondkey { + secret "abcd1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; secondkey; }; +}; + + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "nil" { + type primary; + update-policy local; + file "nil.db"; + ixfr-from-differences yes; +}; + +zone "other" { + type primary; + update-policy local; + file "other.db"; +}; + +zone "static" { + type primary; + file "static.db"; +}; + +zone "incl" { + type primary; + file "incl.db"; +}; diff --git a/bin/tests/system/rndc/ns2/secondkey.conf b/bin/tests/system/rndc/ns2/secondkey.conf new file mode 100644 index 0000000..1b6af7b --- /dev/null +++ b/bin/tests/system/rndc/ns2/secondkey.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + default-key "secondkey"; +}; + +key secondkey { + secret "abcd1234abcd8765"; + algorithm hmac-sha256; +}; diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in new file mode 100644 index 0000000..ed159b4 --- /dev/null +++ b/bin/tests/system/rndc/ns3/named.conf.in @@ -0,0 +1,49 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +key secondkey { + secret "abcd1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +view all { + match-clients { any; }; + + recursion no; + + zone "." { + type hint; + file "../../common/root.hint"; + }; +}; + +view none { + match-clients { none; }; +}; diff --git a/bin/tests/system/rndc/ns4/named.conf.in b/bin/tests/system/rndc/ns4/named.conf.in new file mode 100644 index 0000000..6dc37ec --- /dev/null +++ b/bin/tests/system/rndc/ns4/named.conf.in @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation yes; +}; + +view normal { + match-clients { any; }; + + zone example { + type primary; + file "example.db"; + allow-update { any; }; + }; +}; + +view "view with a space" { + match-clients { none; }; + zone example { + in-view normal; + }; +}; diff --git a/bin/tests/system/rndc/ns5/named.conf.in b/bin/tests/system/rndc/ns5/named.conf.in new file mode 100644 index 0000000..e32fa49 --- /dev/null +++ b/bin/tests/system/rndc/ns5/named.conf.in @@ -0,0 +1,35 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion no; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; } read-only yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; diff --git a/bin/tests/system/rndc/ns6/named.args b/bin/tests/system/rndc/ns6/named.args new file mode 100644 index 0000000..331f7f4 --- /dev/null +++ b/bin/tests/system/rndc/ns6/named.args @@ -0,0 +1,3 @@ +# teardown of a huge zone with tracing enabled takes way too long +# -m none is set so that stop.pl does not timeout +-D rndc-ns6 -X named.lock -m none -c named.conf -d 99 -g -U 4 -T maxcachesize=2097152 diff --git a/bin/tests/system/rndc/ns6/named.conf.in b/bin/tests/system/rndc/ns6/named.conf.in new file mode 100644 index 0000000..a465a20 --- /dev/null +++ b/bin/tests/system/rndc/ns6/named.conf.in @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.6; }; + listen-on-v6 { none; }; + recursion no; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/rndc/ns7/include.db.in b/bin/tests/system/rndc/ns7/include.db.in new file mode 100644 index 0000000..011997b --- /dev/null +++ b/bin/tests/system/rndc/ns7/include.db.in @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 86400 IN SOA ns7 hostmaster 1 5 5 1814400 3600 +@ NS ns7 +ns7 A 10.53.0.7 + +text1 TXT "include 1" diff --git a/bin/tests/system/rndc/ns7/include2.db.in b/bin/tests/system/rndc/ns7/include2.db.in new file mode 100644 index 0000000..e5d1981 --- /dev/null +++ b/bin/tests/system/rndc/ns7/include2.db.in @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 86400 IN SOA ns7 hostmaster 4 5 5 1814400 3600 +@ NS ns7 +ns7 A 10.53.0.7 + +text1 TXT "include 2" diff --git a/bin/tests/system/rndc/ns7/named.conf.in b/bin/tests/system/rndc/ns7/named.conf.in new file mode 100644 index 0000000..2d4bf7f --- /dev/null +++ b/bin/tests/system/rndc/ns7/named.conf.in @@ -0,0 +1,58 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.7; }; + listen-on-v6 { none; }; + dnssec-validation no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +key int { + algorithm @DEFAULT_HMAC@; + secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +}; + +key ext { + algorithm @DEFAULT_HMAC@; + secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +}; + +controls { + inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +view internal { + match-clients { key "int"; }; + + zone "test" { + type primary; + update-policy { grant int zonesub any; }; + file "test.db"; + ixfr-from-differences yes; + }; +}; + +view external { + match-clients { key "ext"; }; + + zone "test" { + in-view internal; + }; +}; diff --git a/bin/tests/system/rndc/ns7/test.db.in b/bin/tests/system/rndc/ns7/test.db.in new file mode 100644 index 0000000..0bff14e --- /dev/null +++ b/bin/tests/system/rndc/ns7/test.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +$INCLUDE "include.db" diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh new file mode 100644 index 0000000..85d6b73 --- /dev/null +++ b/bin/tests/system/rndc/setup.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../conf.sh + +$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/nil.db +$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/other.db +$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/static.db + +$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db + +$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db + +cp ns7/test.db.in ns7/test.db +cp ns7/include.db.in ns7/include.db + +# we make the huge zone less huge if we're running under +# TSAN, to give the test a fighting chance not to time out. +size=1000000 +if $FEATURETEST --tsan; then + size=250000 +fi +awk 'END { for (i = 1; i <= '${size}'; i++) + printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db + +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf + +make_key () { + $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \ + > ns4/key${1}.conf 2> /dev/null + grep -E -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \ + sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf +} + +$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5 +make_key 2 ${EXTRAPORT2} hmac-sha1 +make_key 3 ${EXTRAPORT3} hmac-sha224 +make_key 4 ${EXTRAPORT4} hmac-sha256 +make_key 5 ${EXTRAPORT5} hmac-sha384 +make_key 6 ${EXTRAPORT6} hmac-sha512 + +cat >> ns4/named.conf <<- EOF + +controls { + inet 10.53.0.4 port ${EXTRAPORT7} + allow { any; } keys { "key1"; "key2"; "key3"; + "key4"; "key5"; "key6"; }; +}; +EOF diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh new file mode 100644 index 0000000..2afaf8c --- /dev/null +++ b/bin/tests/system/rndc/tests.sh @@ -0,0 +1,814 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" +DIGOPTS="" +DIGCMD="$DIG $DIGOPTS -p ${PORT}" +RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s" + +status=0 +n=0 + +n=$((n+1)) +echo_i "preparing ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text1.nil. 600 IN TXT "addition 1" +send +zone other. +update add text1.other. 600 IN TXT "addition 1" +send +END +[ -s ns2/nil.db.jnl ] || { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +[ -s ns2/other.db.jnl ] || { + echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "rndc freeze" +$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i + +n=$((n+1)) +echo_i "checking zone was dumped ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 +do + grep "addition 1" ns2/nil.db > /dev/null && break + sleep 1 +done +grep "addition 1" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking journal file is still present ($n)" +ret=0 +[ -s ns2/nil.db.jnl ] || { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking zone not writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END && ret=1 +server 10.53.0.2 +zone nil. +update add text2.nil. 600 IN TXT "addition 2" +send +END + +$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n || ret=1 +grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "rndc thaw" +$RNDCCMD 10.53.0.2 thaw | sed 's/^/ns2 /' | cat_i + +n=$((n+1)) +echo_i "checking zone now writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text3.nil. 600 IN TXT "addition 3" +send +END +$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n || ret=1 +grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "rndc sync" +ret=0 +$RNDCCMD 10.53.0.2 sync nil | sed 's/^/ns2 /' | cat_i + +n=$((n+1)) +echo_i "checking zone was dumped ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 +do + grep "addition 3" ns2/nil.db > /dev/null && break + sleep 1 +done +grep "addition 3" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking journal file is still present ($n)" +ret=0 +[ -s ns2/nil.db.jnl ] || { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking zone is still writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text4.nil. 600 IN TXT "addition 4" +send +END + +$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1 +grep 'addition 4' dig.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "rndc sync -clean" +ret=0 +$RNDCCMD 10.53.0.2 sync -clean nil | sed 's/^/ns2 /' | cat_i + +n=$((n+1)) +echo_i "checking zone was dumped ($n)" +ret=0 +for i in 1 2 3 4 5 6 7 8 9 10 +do + grep "addition 4" ns2/nil.db > /dev/null && break + sleep 1 +done +grep "addition 4" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking journal file is deleted ($n)" +ret=0 +[ -s ns2/nil.db.jnl ] && { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking zone is still writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text5.nil. 600 IN TXT "addition 5" +send +END + +$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1 +grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking other journal files not removed ($n)" +ret=0 +[ -s ns2/other.db.jnl ] || { + echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "cleaning all zones ($n)" +$RNDCCMD 10.53.0.2 sync -clean | sed 's/^/ns2 /' | cat_i + +n=$((n+1)) +echo_i "checking all journals removed ($n)" +ret=0 +[ -s ns2/nil.db.jnl ] && { + echo_i "'test -s ns2/nil.db.jnl' succeeded when it shouldn't have"; ret=1; +} +[ -s ns2/other.db.jnl ] && { + echo_i "'test -s ns2/other.db.jnl' succeeded when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that freezing static zones is not allowed ($n)" +ret=0 +$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1 && ret=1 +grep 'not dynamic' rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that journal is removed when serial is changed before thaw ($n)" +ret=0 +sleep 1 +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone other. +update add text6.other. 600 IN TXT "addition 6" +send +END +[ -s ns2/other.db.jnl ] || { + echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1; +} +$RNDCCMD 10.53.0.2 freeze other 2>&1 | sed 's/^/ns2 /' | cat_i +for i in 1 2 3 4 5 6 7 8 9 10 +do + grep "addition 6" ns2/other.db > /dev/null && break + sleep 1 +done +serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db) +newserial=$((serial + 1)) +sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new +echo 'frozen TXT "frozen addition"' >> ns2/other.db.new +mv -f ns2/other.db.new ns2/other.db +$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i +sleep 1 +[ -f ns2/other.db.jnl ] && { + echo_i "'test -f ns2/other.db.jnl' succeeded when it shouldn't have"; ret=1; +} +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.2.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone other. +update add text7.other. 600 IN TXT "addition 7" +send +END +$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n || ret=1 +grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 +$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n || ret=1 +grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 +$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n || ret=1 +grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that journal is kept when ixfr-from-differences is in use ($n)" +ret=0 +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text6.nil. 600 IN TXT "addition 6" +send +END +[ -s ns2/nil.db.jnl ] || { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +$RNDCCMD 10.53.0.2 freeze nil 2>&1 | sed 's/^/ns2 /' | cat_i +for i in 1 2 3 4 5 6 7 8 9 10 +do + grep "addition 6" ns2/nil.db > /dev/null && break + sleep 1 +done +serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db) +newserial=$((serial + 1)) +sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new +echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new +mv -f ns2/nil.db.new ns2/nil.db +$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i +sleep 1 +[ -s ns2/nil.db.jnl ] || { + echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1; +} +$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.2.test$n 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text7.nil. 600 IN TXT "addition 7" +send +END +$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n || ret=1 +grep 'addition 6' dig.out.1.test$n > /dev/null || ret=1 +$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n || ret=1 +grep 'addition 7' dig.out.2.test$n > /dev/null || ret=1 +$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n || ret=1 +grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +# temp test +echo_i "dumping stats ($n)" +$RNDCCMD 10.53.0.2 stats +n=$((n+1)) +echo_i "verifying adb records in named.stats ($n)" +grep "ADB stats" ns2/named.stats > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test using second key ($n)" +ret=0 +$RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test 'rndc dumpdb' on a empty cache ($n)" +ret=0 +rndc_dumpdb ns3 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test 'rndc reload' on a zone with include files ($n)" +ret=0 +grep "incl/IN: skipping load" ns2/named.run > /dev/null && ret=1 +loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) +[ "$loads" -eq 1 ] || ret=1 +$RNDCCMD 10.53.0.2 reload > /dev/null || ret=1 +for i in 1 2 3 4 5 6 7 8 9 +do + tmp=0 + grep "incl/IN: skipping load" ns2/named.run > /dev/null || tmp=1 + [ $tmp -eq 0 ] && break + sleep 1 +done +[ $tmp -eq 1 ] && ret=1 +touch ns2/static.db +$RNDCCMD 10.53.0.2 reload > /dev/null || ret=1 +for i in 1 2 3 4 5 6 7 8 9 +do + tmp=0 + loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) + [ "$loads" -eq 2 ] || tmp=1 + [ $tmp -eq 0 ] && break + sleep 1 +done +[ $tmp -eq 1 ] && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +if $FEATURETEST --md5; then + echo_i "testing rndc with hmac-md5 ($n)" + ret=0 + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1 + for i in 2 3 4 5 6 + do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1 + done + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) +else + echo_i "skipping rndc with hmac-md5 ($n)" +fi + +n=$((n+1)) +echo_i "testing rndc with hmac-sha1 ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key2.conf status > /dev/null 2>&1 || ret=1 +for i in 1 3 4 5 6 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with hmac-sha224 ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key3.conf status > /dev/null 2>&1 || ret=1 +for i in 1 2 4 5 6 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with hmac-sha256 ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key4.conf status > /dev/null 2>&1 || ret=1 +for i in 1 2 3 5 6 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with hmac-sha384 ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key5.conf status > /dev/null 2>&1 || ret=1 +for i in 1 2 3 4 6 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with hmac-sha512 ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > /dev/null 2>&1 || ret=1 +for i in 1 2 3 4 5 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key${i}.conf status > /dev/null 2>&1 2>&1 && ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing single control channel with multiple algorithms ($n)" +ret=0 +for i in 1 2 3 4 5 6 +do + $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1 +done +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing automatic zones are reported ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n || ret=1 +grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with null command ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with unknown control channel command ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf obviouslynotacommand >/dev/null 2>&1 && ret=1 +# rndc: 'obviouslynotacommand' failed: unknown command +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with querylog command ($n)" +ret=0 +# first enable it with querylog on option +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog on >/dev/null 2>&1 || ret=1 +grep "query logging is now on" ns4/named.run > /dev/null || ret=1 +# query for builtin and check if query was logged (without +subnet) +$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo12345.bind +qr > dig.out.1.test$n 2>&1 || ret=1 +grep "query: foo12345.bind CH TXT.*(.*)$" ns4/named.run > /dev/null || ret=1 +# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1) +$DIG +subnet=127.0.0.1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12346.bind +qr > dig.out.2.test$n 2>&1 || ret=1 +grep "query: foo12346.bind CH TXT.*\[ECS 127\.0\.0\.1/32/0]" ns4/named.run > /dev/null || ret=1 +# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1/24) +$DIG +subnet=127.0.0.1/24 @10.53.0.4 -p ${PORT} -c ch -t txt foo12347.bind +qr > dig.out.3.test$n 2>&1 || ret=1 +grep "query: foo12347.bind CH TXT.*\[ECS 127\.0\.0\.0/24/0]" ns4/named.run > /dev/null || ret=1 +# query for another builtin zone and check if query was logged (with +subnet=::1) +$DIG +subnet=::1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12348.bind +qr > dig.out.4.test$n 2>&1 || ret=1 +grep "query: foo12348.bind CH TXT.*\[ECS ::1/128/0]" ns4/named.run > /dev/null || ret=1 +# toggle query logging and check again +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog > /dev/null 2>&1 || ret=1 +grep "query logging is now off" ns4/named.run > /dev/null || ret=1 +# query for another builtin zone and check if query was logged (without +subnet) +$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo9876.bind +qr > dig.out.5.test$n 2>&1 || ret=1 +grep "query: foo9876.bind CH TXT.*(.*)$" ns4/named.run > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +RNDCCMD4="$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf" +n=$((n+1)) +echo_i "testing rndc nta time limits ($n)" +ret=0 +$RNDCCMD4 nta -l 2h nta1.example > rndc.out.1.test$n 2>&1 +grep "Negative trust anchor added" rndc.out.1.test$n > /dev/null || ret=1 +$RNDCCMD4 nta -l 1d nta2.example > rndc.out.2.test$n 2>&1 +grep "Negative trust anchor added" rndc.out.2.test$n > /dev/null || ret=1 +$RNDCCMD4 nta -l 1w nta3.example > rndc.out.3.test$n 2>&1 +grep "Negative trust anchor added" rndc.out.3.test$n > /dev/null || ret=1 +$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1 && ret=1 +grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc nta -class option ($n)" +ret=0 +nextpart ns4/named.run > /dev/null +$RNDCCMD4 nta -c in nta1.example > rndc.out.1.test$n 2>&1 +nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1 +$RNDCCMD4 nta -c any nta1.example > rndc.out.2.test$n 2>&1 +nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1 +$RNDCCMD4 nta -c ch nta1.example > rndc.out.3.test$n 2>&1 +nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1 +$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1 && ret=1 +nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1 +grep 'unknown class' rndc.out.4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288 +do + n=$((n+1)) + echo_i "testing rndc buffer size limits (size=${i}) ($n)" + ret=0 + $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 > rndc.out.$i.test$n || ret=1 + { actual_size=$($GENCHECK rndc.out.$i.test$n); rc=$?; } || true + if [ "$rc" = "0" ]; then + expected_size=$((i+1)) + if [ $actual_size != $expected_size ]; then ret=1; fi + else + ret=1 + fi + + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) +done + +n=$((n+1)) +echo_i "testing rndc -r (show result) ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 > rndc.out.1.test$n || ret=1 +grep "ISC_R_SUCCESS 0" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "testing rndc with a token containing a space ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r flush '"view with a space"' 2>&1 > rndc.out.1.test$n || ret=1 +grep "not found" rndc.out.1.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test 'rndc reconfig' with a broken config ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > /dev/null || ret=1 +sleep 1 +mv ns4/named.conf ns4/named.conf.save +echo "error error error" >> ns4/named.conf +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > rndc.out.1.test$n 2>&1 && ret=1 +grep "rndc: 'reconfig' failed: unexpected token" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check rndc status reports failure ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n 2>&1 || ret=1 +grep "reload/reconfig failed" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "restore working config ($n)" +ret=0 +mv ns4/named.conf.save ns4/named.conf +sleep 1 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > /dev/null || ret=1 +sleep 1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check 'rndc status' 'reload/reconfig failure' is cleared after successful reload/reconfig ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n 2>&1 || ret=1 +grep "reload/reconfig failed" rndc.out.1.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test read-only control channel access ($n)" +ret=0 +$RNDCCMD 10.53.0.5 status > rndc.out.1.test$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.5 nta -dump > rndc.out.2.test$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.5 reconfig > rndc.out.3.test$n 2>&1 && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test rndc status shows running on ($n)" +ret=0 +$RNDCCMD 10.53.0.5 status > rndc.out.1.test$n 2>&1 || ret=1 +grep "^running on " rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "test 'rndc reconfig' with loading of a large zone ($n)" +ret=0 +nextpart ns6/named.run > /dev/null +cp ns6/named.conf ns6/named.conf.save +echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >> ns6/named.conf +echo_i "reloading config" +$RNDCCMD 10.53.0.6 reconfig > rndc.out.1.test$n 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) +sleep 1 + +n=$((n+1)) +echo_i "check if zone load was scheduled ($n)" +wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check if query for the zone returns SERVFAIL ($n)" +$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n +grep "SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed (ignored)"; ret=0; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "wait for the zones to be loaded ($n)" +wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check if query for the zone returns NOERROR ($n)" +$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n +grep "NOERROR" dig.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "verify that the full command is logged ($n)" +ret=0 +$RNDCCMD 10.53.0.2 null with extra arguments > /dev/null 2>&1 +grep "received control channel command 'null with extra arguments'" ns2/named.run > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +mv ns6/named.conf.save ns6/named.conf +sleep 1 +$RNDCCMD 10.53.0.6 reconfig > /dev/null || ret=1 +sleep 1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check 'rndc \"\"' is handled ($n)" +ret=0 +$RNDCCMD 10.53.0.2 "" > rndc.out.1.test$n 2>&1 && ret=1 +grep "rndc: '' failed: failure" rndc.out.1.test$n > /dev/null +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check rndc -4 -6 ($n)" +ret=0 +$RNDCCMD 10.53.0.2 -4 -6 status > rndc.out.1.test$n 2>&1 && ret=1 +grep "only one of -4 and -6 allowed" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check rndc -4 with an IPv6 server address ($n)" +ret=0 +$RNDCCMD fd92:7065:b8e:ffff::2 -4 status > rndc.out.1.test$n 2>&1 && ret=1 +grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check rndc nta reports adding to multiple views ($n)" +ret=0 +$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1 +lines=$(cat rndc.out.test$n | wc -l) +[ ${lines:-0} -eq 2 ] || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check 'rndc retransfer' of primary error message ($n)" +ret=0 +$RNDCCMD 10.53.0.2 retransfer nil > rndc.out.test$n 2>&1 && ret=1 +grep "rndc: 'retransfer' failed: failure" rndc.out.test$n > /dev/null || ret=1 +grep "retransfer: inappropriate zone type: primary" rndc.out.test$n > /dev/null || ret=1 +lines=$(cat rndc.out.test$n | wc -l) +[ ${lines:-0} -eq 2 ] || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check 'rndc freeze' with in-view zones works ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze > rndc.out.test$n 2>&1 || ret=1 +test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking non in-view zone instance is not writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} > /dev/null 2>&1 <<END && ret=1 +server 10.53.0.4 +zone example. +update add text2.example. 600 IN TXT "addition 3" +send +END +$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1 +grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check 'rndc thaw' with in-view zones works ($n)" +ret=0 +$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw > rndc.out.test$n 2>&1 || ret=1 +test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking non in-view zone instance is now writable ($n)" +ret=0 +$NSUPDATE -p ${PORT} > nsupdate.out.test$n 2>&1 <<END || ret=1 +server 10.53.0.4 +zone example. +update add text2.example. 600 IN TXT "addition 3" +send +END +$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1 +grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking initial in-view zone file is loaded ($n)" +ret=0 +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1 +grep 'include 1' dig.out.1.test$n >/dev/null || ret=1 +TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1 +grep 'include 1' dig.out.2.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "update in-view zone ($n)" +ret=0 +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.7 +zone test. +update add text2.test. 600 IN TXT "addition 1" +send +END +[ -s ns7/test.db.jnl ] || { + echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have"; ret=1; +} +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "checking update ($n)" +ret=0 +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n || ret=1 +grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns7/named.run > /dev/null + +echo_i "rndc freeze" +$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i + +wait_for_log 3 "dump_done: zone test/IN/internal: enter" ns7/named.run + +echo_i "edit zone files" +cp ns7/test.db.in ns7/test.db +cp ns7/include2.db.in ns7/include.db + +echo_i "rndc thaw" +$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i + +wait_for_log 3 "zone_postload: zone test/IN/internal: done" ns7/named.run + +echo_i "rndc reload" +$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i + +wait_for_log 3 "all zones loaded" ns7/named.run + +n=$((n+1)) +echo_i "checking zone file edits are loaded ($n)" +ret=0 +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1 +grep 'include 2' dig.out.1.test$n >/dev/null || ret=1 +TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1 +grep 'include 2' dig.out.2.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/rndc/tests_sh_rndc.py b/bin/tests/system/rndc/tests_sh_rndc.py new file mode 100644 index 0000000..ac6a4dc --- /dev/null +++ b/bin/tests/system/rndc/tests_sh_rndc.py @@ -0,0 +1,14 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + + +def test_rndc(run_tests_sh): + run_tests_sh() |