diff options
Diffstat (limited to 'bin/tests/system/pending/tests.sh')
-rw-r--r-- | bin/tests/system/pending/tests.sh | 200 |
1 files changed, 200 insertions, 0 deletions
diff --git a/bin/tests/system/pending/tests.sh b/bin/tests/system/pending/tests.sh new file mode 100644 index 0000000..362cef3 --- /dev/null +++ b/bin/tests/system/pending/tests.sh @@ -0,0 +1,200 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +# replace_data dname RR old_data new_data +replace_data() +{ + if [ $# -ne 4 ]; then + echo_i "unexpected input for replace_data" + return 1 + fi + + _dname=$1 + _rr=$2 + _olddata=$3 + _newdata=$4 + + _ret=0 + $NSUPDATE -d <<END >> nsupdate.out.test 2>&1 || _ret=1 +server 10.53.0.2 ${PORT} +update delete ${_dname} 30 ${_rr} ${_olddata} +update add ${_dname} 30 ${_rr} ${_newdata} +send +END + + if [ $_ret != 0 ]; then + echo_i "failed to update the test data" + return 1 + fi + + return 0 +} + +status=0 +n=0 + +DIGOPTS="+short +tcp -p ${PORT}" +DIGOPTS_CD="$DIGOPTS +cd" + +echo_i "Priming cache." +ret=0 +expect="10 mail.example." +ans=$($DIG $DIGOPTS_CD @10.53.0.4 hostile MX) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Checking that bogus additional is not returned with +CD." +ret=0 +expect="10.0.0.2" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +# +# Prime cache with pending additional records. These should not be promoted +# to answer. +# +echo_i "Priming cache (pending additional A and AAAA)" +ret=0 +expect="10 mail.example.com." +ans=$($DIG $DIGOPTS @10.53.0.4 example.com MX) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Replacing pending A" +ret=0 +replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1 +status=$((status + ret)) + +echo_i "Replacing pending AAAA" +ret=0 +replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1 +status=$((status + ret)) + +echo_i "Checking updated data to be returned (without CD)" +ret=0 +expect="192.0.2.3" +ans=$($DIG $DIGOPTS @10.53.0.4 mail.example.com A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Checking updated data to be returned (with CD)" +ret=0 +expect="2001:db8::3" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +# +# Prime cache with a pending answer record. It can be returned (without +# validation) with +CD. +# +echo_i "Priming cache (pending answer)" +ret=0 +expect="192.0.2.2" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Replacing pending data" +ret=0 +replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1 +status=$((status + ret)) + +echo_i "Confirming cached pending data to be returned with CD" +ret=0 +expect="192.0.2.2" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +# +# Prime cache with a pending answer record. It should not be returned +# to no-DNSSEC clients. +# +echo_i "Priming cache (pending answer)" +ret=0 +expect="192.0.2.102" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Replacing pending data" +ret=0 +replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1 +status=$((status + ret)) + +echo_i "Confirming updated data returned, not the cached one, without CD" +ret=0 +expect="192.0.2.103" +ans=$($DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A) || ret=1 +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +# +# Try to fool the resolver with an out-of-bailiwick CNAME +# +echo_i "Trying to Prime out-of-bailiwick pending answer with CD" +ret=0 +expect="10.10.10.10" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 bad.example. A) || ret=1 +ans=$(echo $ans | awk '{print $NF}') +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD" +ret=0 +expect="10.10.10.10" +ans=$($DIG $DIGOPTS_CD @10.53.0.4 nice.good. A) || ret=1 +ans=$(echo $ans | awk '{print $NF}') +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +# +# Make sure the resolver doesn't cache bogus NXDOMAIN +# +echo_i "Trying to Prime bogus NXDOMAIN" +ret=0 +expect="SERVFAIL" +ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1 +ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/') +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "Confirming the bogus NXDOMAIN was not cached" +ret=0 +expect="SERVFAIL" +ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1 +ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/') +test "$ans" = "$expect" || ret=1 +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" +status=$((status + ret)) + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |