diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
commit | 3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch) | |
tree | 2e1c188dd7b8d7475cd163de9ae02c428343669b /bin/tests/system/reclimit/tests.sh | |
parent | Initial commit. (diff) | |
download | bind9-upstream.tar.xz bind9-upstream.zip |
Adding upstream version 1:9.18.19.upstream/1%9.18.19upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/reclimit/tests.sh | 212 |
1 files changed, 212 insertions, 0 deletions
diff --git a/bin/tests/system/reclimit/tests.sh b/bin/tests/system/reclimit/tests.sh new file mode 100644 index 0000000..7e80d22 --- /dev/null +++ b/bin/tests/system/reclimit/tests.sh @@ -0,0 +1,212 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +DIGOPTS="-p ${PORT}" + +status=0 +n=0 + +ns3_reset() { + copy_setports $1 ns3/named.conf + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/I:ns3 /' + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush | sed 's/^/I:ns3 /' +} + +ns3_sends_aaaa_queries() { + if grep "started AAAA fetch" ns3/named.run >/dev/null; then + return 0 + else + return 1 + fi +} + +# Check whether the number of queries ans2 received from ns3 (this value is +# read from dig output stored in file $1) is as expected. The expected query +# count is variable: +# - if ns3 sends AAAA queries, the query count should equal $2, +# - if ns3 does not send AAAA queries, the query count should equal $3. +check_query_count() { + count1=$(sed 's/[^0-9]//g;' $1) + count2=$(sed 's/[^0-9]//g;' $2) + count=$((count1 + count2)) + #echo_i "count1=$count1 count2=$count2 count=$count" + expected_count_with_aaaa=$3 + expected_count_without_aaaa=$4 + + if ns3_sends_aaaa_queries; then + expected_count=$expected_count_with_aaaa + else + expected_count=$expected_count_without_aaaa + fi + + if [ $count -ne $expected_count ]; then + echo_i "count $count (actual) != $expected_count (expected)" + ret=1 + fi +} + +echo_i "set max-recursion-depth=12" + +n=$((n + 1)) +echo_i "attempt excessive-depth lookup ($n)" +ret=0 +echo "1000" > ans2/ans.limit +echo "1000" > ans4/ans.limit +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect1.example.org > dig.out.1.test$n || ret=1 +grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 +check_query_count dig.out.2.test$n dig.out.4.test$n 27 14 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "attempt permissible lookup ($n)" +ret=0 +echo "12" > ans2/ans.limit +echo "12" > ans4/ans.limit +ns3_reset ns3/named1.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect2.example.org > dig.out.1.test$n || ret=1 +grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 +check_query_count dig.out.2.test$n dig.out.4.test$n 50 26 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "set max-recursion-depth=5" + +n=$((n + 1)) +echo_i "attempt excessive-depth lookup ($n)" +ret=0 +echo "12" > ans2/ans.limit +ns3_reset ns3/named2.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect3.example.org > dig.out.1.test$n || ret=1 +grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 +check_query_count dig.out.2.test$n dig.out.4.test$n 13 7 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "attempt permissible lookup ($n)" +ret=0 +echo "5" > ans2/ans.limit +echo "5" > ans4/ans.limit +ns3_reset ns3/named2.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect4.example.org > dig.out.1.test$n || ret=1 +grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 +check_query_count dig.out.2.test$n dig.out.4.test$n 22 12 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "set max-recursion-depth=100, max-recursion-queries=50" + +n=$((n + 1)) +echo_i "attempt excessive-queries lookup ($n)" +ret=0 +echo "13" > ans2/ans.limit +echo "13" > ans4/ans.limit +ns3_reset ns3/named3.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect5.example.org > dig.out.1.test$n || ret=1 +if ns3_sends_aaaa_queries; then + grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 +fi +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 +eval count=$(cat dig.out.2.test$n) +[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "attempt permissible lookup ($n)" +ret=0 +echo "12" > ans2/ans.limit +ns3_reset ns3/named3.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect6.example.org > dig.out.1.test$n || ret=1 +grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +eval count=$(cat dig.out.2.test$n) +[ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "set max-recursion-depth=100, max-recursion-queries=40" + +n=$((n + 1)) +echo_i "attempt excessive-queries lookup ($n)" +ret=0 +echo "11" > ans2/ans.limit +ns3_reset ns3/named4.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect7.example.org > dig.out.1.test$n || ret=1 +if ns3_sends_aaaa_queries; then + grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 +fi +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +eval count=$(cat dig.out.2.test$n) +[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "attempt permissible lookup ($n)" +ret=0 +echo "9" > ans2/ans.limit +ns3_reset ns3/named4.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 indirect8.example.org > dig.out.1.test$n || ret=1 +grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +eval count=$(cat dig.out.2.test$n) +[ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +n=$((n + 1)) +echo_i "attempting NS explosion ($n)" +ret=0 +ns3_reset ns3/named4.conf.in +$DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 +$DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 +eval count=$(cat dig.out.2.test$n) +[ $count -lt 50 ] || ret=1 +$DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1 +eval count=$(cat dig.out.3.test$n) +[ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +#grep "duplicate query" ns3/named.run +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |