1#!/bin/sh 2# 3# Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# $Id$ 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23n=0 24 25rm -f dig.out.* 26 27DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" 28 29for conf in conf/good*.conf 30do 31 n=`expr $n + 1` 32 echo "I:checking that $conf is accepted ($n)" 33 ret=0 34 $CHECKCONF "$conf" || ret=1 35 if [ $ret != 0 ]; then echo "I:failed"; fi 36 status=`expr $status + $ret` 37done 38 39for conf in conf/bad*.conf 40do 41 n=`expr $n + 1` 42 echo "I:checking that $conf is rejected ($n)" 43 ret=0 44 $CHECKCONF "$conf" >/dev/null && ret=1 45 if [ $ret != 0 ]; then echo "I:failed"; fi 46 status=`expr $status + $ret` 47done 48 49# 50# Authoritative tests against: 51# filter-aaaa-on-v4 yes; 52# filter-aaaa { 10.53.0.1; }; 53# 54n=`expr $n + 1` 55echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" 56ret=0 57$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 58grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 59if [ $ret != 0 ]; then echo "I:failed"; fi 60status=`expr $status + $ret` 61 62n=`expr $n + 1` 63echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" 64ret=0 65$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 66grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 67if [ $ret != 0 ]; then echo "I:failed"; fi 68status=`expr $status + $ret` 69 70n=`expr $n + 1` 71echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" 72ret=0 73$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 74grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 75grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 76if [ $ret != 0 ]; then echo "I:failed"; fi 77status=`expr $status + $ret` 78 79n=`expr $n + 1` 80echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" 81ret=0 82$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 83grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 84grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 85if [ $ret != 0 ]; then echo "I:failed"; fi 86status=`expr $status + $ret` 87 88n=`expr $n + 1` 89echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" 90ret=0 91$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 92grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 93if [ $ret != 0 ]; then echo "I:failed"; fi 94status=`expr $status + $ret` 95 96n=`expr $n + 1` 97echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" 98ret=0 99$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 100grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 101grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 102if [ $ret != 0 ]; then echo "I:failed"; fi 103status=`expr $status + $ret` 104 105n=`expr $n + 1` 106echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" 107ret=0 108$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 109grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 110grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 111if [ $ret != 0 ]; then echo "I:failed"; fi 112status=`expr $status + $ret` 113 114n=`expr $n + 1` 115echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" 116ret=0 117$DIG $DIGOPTS any dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 118grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 119grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 120grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 121if [ $ret != 0 ]; then echo "I:failed"; fi 122status=`expr $status + $ret` 123 124n=`expr $n + 1` 125echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" 126ret=0 127$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 128grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 129grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 130grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 131if [ $ret != 0 ]; then echo "I:failed"; fi 132status=`expr $status + $ret` 133 134n=`expr $n + 1` 135echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" 136ret=0 137$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 138grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 139grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 140grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 141if [ $ret != 0 ]; then echo "I:failed"; fi 142status=`expr $status + $ret` 143 144n=`expr $n + 1` 145echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" 146ret=0 147$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 148grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 149grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 150grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 151if [ $ret != 0 ]; then echo "I:failed"; fi 152status=`expr $status + $ret` 153 154n=`expr $n + 1` 155echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" 156ret=0 157$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 158grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 159grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 160grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 161if [ $ret != 0 ]; then echo "I:failed"; fi 162status=`expr $status + $ret` 163 164n=`expr $n + 1` 165echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 ($n)" 166if $TESTSOCK6 fd92:7065:b8e:ffff::1 167then 168ret=0 169$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 170grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 171if [ $ret != 0 ]; then echo "I:failed"; fi 172status=`expr $status + $ret` 173else 174echo "I: skipped." 175fi 176 177n=`expr $n + 1` 178echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 179ret=0 180$DIG $DIGOPTS +add ns unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 181grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 182grep "ADDITIONAL: 1" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 183if [ $ret != 0 ]; then echo "I:failed"; fi 184status=`expr $status + $ret` 185 186n=`expr $n + 1` 187echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 188ret=0 189$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 190grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 191if [ $ret != 0 ]; then echo "I:failed"; fi 192status=`expr $status + $ret` 193 194n=`expr $n + 1` 195echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 196ret=0 197$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 198grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 199if [ $ret != 0 ]; then echo "I:failed"; fi 200status=`expr $status + $ret` 201 202n=`expr $n + 1` 203echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)" 204if $TESTSOCK6 fd92:7065:b8e:ffff::1 205then 206ret=0 207$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 208grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 209if [ $ret != 0 ]; then echo "I:failed"; fi 210status=`expr $status + $ret` 211else 212echo "I: skipped." 213fi 214 215 216# 217# Authoritative tests against: 218# filter-aaaa-on-v4 break-dnssec; 219# filter-aaaa { 10.53.0.4; }; 220# 221n=`expr $n + 1` 222echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" 223ret=0 224$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 225grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 226if [ $ret != 0 ]; then echo "I:failed"; fi 227status=`expr $status + $ret` 228 229n=`expr $n + 1` 230echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" 231ret=0 232$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 233grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 234if [ $ret != 0 ]; then echo "I:failed"; fi 235status=`expr $status + $ret` 236 237n=`expr $n + 1` 238echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" 239ret=0 240$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 241grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 242grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 243if [ $ret != 0 ]; then echo "I:failed"; fi 244status=`expr $status + $ret` 245 246n=`expr $n + 1` 247echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" 248ret=0 249$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 250grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 251grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 252if [ $ret != 0 ]; then echo "I:failed"; fi 253status=`expr $status + $ret` 254 255n=`expr $n + 1` 256echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" 257ret=0 258$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 259grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 260grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 261if [ $ret != 0 ]; then echo "I:failed"; fi 262status=`expr $status + $ret` 263 264n=`expr $n + 1` 265echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" 266ret=0 267$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 268grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 269grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 270if [ $ret != 0 ]; then echo "I:failed"; fi 271status=`expr $status + $ret` 272 273n=`expr $n + 1` 274echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" 275ret=0 276$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 277grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 278grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 279if [ $ret != 0 ]; then echo "I:failed"; fi 280status=`expr $status + $ret` 281 282n=`expr $n + 1` 283echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 284ret=0 285$DIG $DIGOPTS any dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 286grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 287grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 288grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 289if [ $ret != 0 ]; then echo "I:failed"; fi 290status=`expr $status + $ret` 291 292n=`expr $n + 1` 293echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 294ret=0 295$DIG $DIGOPTS any dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 296grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 297grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 298grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 299if [ $ret != 0 ]; then echo "I:failed"; fi 300status=`expr $status + $ret` 301 302n=`expr $n + 1` 303echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 304ret=0 305$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 306grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 307grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 308grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 309if [ $ret != 0 ]; then echo "I:failed"; fi 310status=`expr $status + $ret` 311 312n=`expr $n + 1` 313echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 314ret=0 315$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 316grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 317grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 318grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 319if [ $ret != 0 ]; then echo "I:failed"; fi 320status=`expr $status + $ret` 321 322n=`expr $n + 1` 323echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" 324ret=0 325$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 326grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 327grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 328grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 329if [ $ret != 0 ]; then echo "I:failed"; fi 330status=`expr $status + $ret` 331 332n=`expr $n + 1` 333echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 with break-dnssec ($n)" 334if $TESTSOCK6 fd92:7065:b8e:ffff::4 335then 336ret=0 337$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 338grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 339if [ $ret != 0 ]; then echo "I:failed"; fi 340status=`expr $status + $ret` 341else 342echo "I: skipped." 343fi 344 345n=`expr $n + 1` 346echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" 347ret=0 348$DIG $DIGOPTS +add ns unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 349grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 350grep "ADDITIONAL: 1" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 351if [ $ret != 0 ]; then echo "I:failed"; fi 352status=`expr $status + $ret` 353 354n=`expr $n + 1` 355echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" 356ret=0 357$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 358grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 359if [ $ret != 0 ]; then echo "I:failed"; fi 360status=`expr $status + $ret` 361 362n=`expr $n + 1` 363echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" 364ret=0 365$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 366grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 367if [ $ret != 0 ]; then echo "I:failed"; fi 368status=`expr $status + $ret` 369 370n=`expr $n + 1` 371echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6, with break-dnssec ($n)" 372if $TESTSOCK6 fd92:7065:b8e:ffff::4 373then 374ret=0 375$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 376grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 377if [ $ret != 0 ]; then echo "I:failed"; fi 378status=`expr $status + $ret` 379else 380echo "I: skipped." 381fi 382 383 384# 385# Recursive tests against: 386# filter-aaaa-on-v4 yes; 387# filter-aaaa { 10.53.0.2; }; 388# 389n=`expr $n + 1` 390echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" 391ret=0 392$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 393grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 394if [ $ret != 0 ]; then echo "I:failed"; fi 395status=`expr $status + $ret` 396 397n=`expr $n + 1` 398echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" 399ret=0 400$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 401grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 402if [ $ret != 0 ]; then echo "I:failed"; fi 403status=`expr $status + $ret` 404 405n=`expr $n + 1` 406echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" 407ret=0 408$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 409grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 410grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 411if [ $ret != 0 ]; then echo "I:failed"; fi 412status=`expr $status + $ret` 413 414n=`expr $n + 1` 415echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" 416ret=0 417$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 418grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 419grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 420if [ $ret != 0 ]; then echo "I:failed"; fi 421status=`expr $status + $ret` 422 423n=`expr $n + 1` 424echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" 425ret=0 426$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 427grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 428if [ $ret != 0 ]; then echo "I:failed"; fi 429status=`expr $status + $ret` 430 431n=`expr $n + 1` 432echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" 433ret=0 434$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 435grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 436grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 437if [ $ret != 0 ]; then echo "I:failed"; fi 438status=`expr $status + $ret` 439 440n=`expr $n + 1` 441echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" 442ret=0 443$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 444grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 445grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 446if [ $ret != 0 ]; then echo "I:failed"; fi 447status=`expr $status + $ret` 448 449n=`expr $n + 1` 450echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" 451ret=0 452$DIG $DIGOPTS any dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 453grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 454grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 455grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 456if [ $ret != 0 ]; then echo "I:failed"; fi 457status=`expr $status + $ret` 458 459n=`expr $n + 1` 460echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" 461ret=0 462$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 463grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 464grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 465grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 466if [ $ret != 0 ]; then echo "I:failed"; fi 467status=`expr $status + $ret` 468 469n=`expr $n + 1` 470echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" 471ret=0 472$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 473grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 474grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 475grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 476if [ $ret != 0 ]; then echo "I:failed"; fi 477status=`expr $status + $ret` 478 479n=`expr $n + 1` 480echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" 481ret=0 482$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 483grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 484grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 485grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 486if [ $ret != 0 ]; then echo "I:failed"; fi 487status=`expr $status + $ret` 488 489n=`expr $n + 1` 490echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" 491ret=0 492$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 493grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 494grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 495grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 496if [ $ret != 0 ]; then echo "I:failed"; fi 497status=`expr $status + $ret` 498 499n=`expr $n + 1` 500echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive ($n)" 501if $TESTSOCK6 fd92:7065:b8e:ffff::2 502then 503ret=0 504$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 505grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 506if [ $ret != 0 ]; then echo "I:failed"; fi 507status=`expr $status + $ret` 508else 509echo "I: skipped." 510fi 511 512n=`expr $n + 1` 513echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 514ret=0 515$DIG $DIGOPTS +add ns unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 516grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 517grep "ADDITIONAL: 1" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 518if [ $ret != 0 ]; then echo "I:failed"; fi 519status=`expr $status + $ret` 520 521n=`expr $n + 1` 522echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 523ret=0 524$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 525grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 526if [ $ret != 0 ]; then echo "I:failed"; fi 527status=`expr $status + $ret` 528 529n=`expr $n + 1` 530echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 531ret=0 532$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 533grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 534if [ $ret != 0 ]; then echo "I:failed"; fi 535status=`expr $status + $ret` 536 537n=`expr $n + 1` 538echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)" 539if $TESTSOCK6 fd92:7065:b8e:ffff::2 540then 541ret=0 542$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 543grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 544if [ $ret != 0 ]; then echo "I:failed"; fi 545status=`expr $status + $ret` 546else 547echo "I: skipped." 548fi 549 550 551# 552# Recursive tests against: 553# filter-aaaa-on-v4 break-dnssec; 554# filter-aaaa { 10.53.0.3; }; 555# 556n=`expr $n + 1` 557echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" 558ret=0 559$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 560grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 561if [ $ret != 0 ]; then echo "I:failed"; fi 562status=`expr $status + $ret` 563 564n=`expr $n + 1` 565echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" 566ret=0 567$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 568grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 569if [ $ret != 0 ]; then echo "I:failed"; fi 570status=`expr $status + $ret` 571 572n=`expr $n + 1` 573echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" 574ret=0 575$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 576grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 577grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 578if [ $ret != 0 ]; then echo "I:failed"; fi 579status=`expr $status + $ret` 580 581n=`expr $n + 1` 582echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" 583ret=0 584$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 585grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 586grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 587if [ $ret != 0 ]; then echo "I:failed"; fi 588status=`expr $status + $ret` 589 590n=`expr $n + 1` 591echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" 592ret=0 593$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 594grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 595if [ $ret != 0 ]; then echo "I:failed"; fi 596status=`expr $status + $ret` 597 598n=`expr $n + 1` 599echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" 600ret=0 601$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 602grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 603grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 604if [ $ret != 0 ]; then echo "I:failed"; fi 605status=`expr $status + $ret` 606 607n=`expr $n + 1` 608echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" 609ret=0 610$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 611grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 612grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 613if [ $ret != 0 ]; then echo "I:failed"; fi 614status=`expr $status + $ret` 615 616n=`expr $n + 1` 617echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 618ret=0 619$DIG $DIGOPTS any dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 620grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 621grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 622grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 623if [ $ret != 0 ]; then echo "I:failed"; fi 624status=`expr $status + $ret` 625 626n=`expr $n + 1` 627echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 628ret=0 629$DIG $DIGOPTS any dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 630grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 631grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 632grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 633if [ $ret != 0 ]; then echo "I:failed"; fi 634status=`expr $status + $ret` 635 636n=`expr $n + 1` 637echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 638ret=0 639$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 640grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 641grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 642grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 643if [ $ret != 0 ]; then echo "I:failed"; fi 644status=`expr $status + $ret` 645 646n=`expr $n + 1` 647echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 648ret=0 649$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 650grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 651grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 652grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 653if [ $ret != 0 ]; then echo "I:failed"; fi 654status=`expr $status + $ret` 655 656n=`expr $n + 1` 657echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" 658ret=0 659$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 660grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 661grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 662grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 663if [ $ret != 0 ]; then echo "I:failed"; fi 664status=`expr $status + $ret` 665 666n=`expr $n + 1` 667echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive with break-dnssec ($n)" 668if $TESTSOCK6 fd92:7065:b8e:ffff::3 669then 670ret=0 671$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 672grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 673if [ $ret != 0 ]; then echo "I:failed"; fi 674status=`expr $status + $ret` 675else 676echo "I: skipped." 677fi 678 679n=`expr $n + 1` 680echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" 681ret=0 682$DIG $DIGOPTS +add ns unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 683grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 684grep "ADDITIONAL: 1" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 685if [ $ret != 0 ]; then echo "I:failed"; fi 686status=`expr $status + $ret` 687 688n=`expr $n + 1` 689echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" 690ret=0 691$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 692grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 693if [ $ret != 0 ]; then echo "I:failed"; fi 694status=`expr $status + $ret` 695 696n=`expr $n + 1` 697echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" 698ret=0 699$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 700grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 701if [ $ret != 0 ]; then echo "I:failed"; fi 702status=`expr $status + $ret` 703 704n=`expr $n + 1` 705echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6, recursive with break-dnssec ($n)" 706if $TESTSOCK6 fd92:7065:b8e:ffff::3 707then 708ret=0 709$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 710grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 711if [ $ret != 0 ]; then echo "I:failed"; fi 712status=`expr $status + $ret` 713else 714echo "I: skipped." 715fi 716 717echo "I:exit status: $status" 718exit $status 719