1#!/bin/sh 2# 3# Copyright (C) 2004, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") 4# Copyright (C) 2000, 2001 Internet Software Consortium. 5# 6# Permission to use, copy, modify, and/or distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16# PERFORMANCE OF THIS SOFTWARE. 17 18# $Id$ 19 20SYSTEMTESTTOP=.. 21. $SYSTEMTESTTOP/conf.sh 22 23status=0 24n=0 25 26# wait for zone transfer to complete 27tries=0 28while true; do 29 if [ $tries -eq 10 ] 30 then 31 exit 1 32 fi 33 34 if grep "example.nil/IN.*Transfer completed" ns2/named.run > /dev/null 35 then 36 break 37 else 38 echo "I:zones are not fully loaded, waiting..." 39 tries=`expr $tries + 1` 40 sleep 1 41 fi 42done 43 44echo "I:fetching first copy of zone before update" 45$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 46 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 47 48echo "I:fetching second copy of zone before update" 49$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 50 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 51 52echo "I:comparing pre-update copies to known good data" 53$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1 54$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1 55 56echo "I:updating zone" 57# nsupdate will print a ">" prompt to stdout as it gets each input line. 58$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1 59server 10.53.0.1 5300 60update add updated.example.nil. 600 A 10.10.10.1 61update add updated.example.nil. 600 TXT Foo 62update delete t.example.nil. 63 64END 65echo "I:sleeping 5 seconds for server to incorporate changes" 66sleep 5 67 68echo "I:fetching first copy of zone after update" 69$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 70 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 71 72echo "I:fetching second copy of zone after update" 73$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 74 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 75 76echo "I:comparing post-update copies to known good data" 77$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1 78$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1 79 80echo "I:testing local update policy" 81pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1 82[ -z "$pre" ] || status=1 83 84echo "I:updating zone" 85# nsupdate will print a ">" prompt to stdout as it gets each input line. 86$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || status=1 87zone other.nil. 88update add new.other.nil. 600 IN A 10.10.10.1 89send 90END 91 92echo "I:sleeping 5 seconds for server to incorporate changes" 93sleep 5 94 95echo "I:checking result of update" 96post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1 97[ "$post" = "10.10.10.1" ] || status=1 98 99echo "I:comparing post-update copy to known good data" 100$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1 101 102echo "I:testing zone consistency checks" 103# inserting an NS record without a corresponding A or AAAA record should fail 104$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && status=1 105update add other.nil. 600 in ns ns3.other.nil. 106send 107END 108grep REFUSED nsupdate.out > /dev/null 2>&1 || status=1 109# ...but should work if an A record is inserted first: 110$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 111update add ns4.other.nil 600 in a 10.53.0.1 112send 113update add other.nil. 600 in ns ns4.other.nil. 114send 115END 116grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 117# ...or if an AAAA record does: 118$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 119update add ns5.other.nil 600 in aaaa 2001:db8::1 120send 121update add other.nil. 600 in ns ns5.other.nil. 122send 123END 124grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 125# ...or if the NS and A/AAAA are inserted together: 126$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 127update add other.nil. 600 in ns ns6.other.nil. 128update add ns6.other.nil 600 in a 10.53.0.1 129send 130END 131grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 132 133echo "I:sleeping 5 seconds for server to incorporate changes" 134sleep 5 135 136echo "I:checking result of update" 137$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || status=1 138grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && status=1 139grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 140grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 141grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 142 143ret=0 144echo "I:check SIG(0) key is accepted" 145key=`$KEYGEN -q -r random.data -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx` 146echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1 147if [ $ret -ne 0 ]; then 148 echo "I:failed" 149 status=1 150fi 151 152n=`expr $n + 1` 153ret=0 154echo "I:check TYPE=0 update is rejected by nsupdate ($n)" 155$NSUPDATE <<END > nsupdate.out 2>&1 && ret=1 156 server 10.53.0.1 5300 157 ttl 300 158 update add example.nil. in type0 "" 159 send 160END 161grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || 162ret=1 163if [ $ret -ne 0 ]; then 164 echo "I:failed" 165 status=1 166fi 167 168n=`expr $n + 1` 169ret=0 170echo "I:check TYPE=0 prerequisite is handled ($n)" 171$NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1 172 server 10.53.0.1 5300 173 prereq nxrrset example.nil. type0 174 send 175END 176$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 177grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 178if [ $ret -ne 0 ]; then 179 echo "I:failed" 180 status=1 181fi 182 183n=`expr $n + 1` 184ret=0 185echo "I:check that TYPE=0 update is handled ($n)" 186echo "a0e4280000010000000100000000060001c00c000000fe000000000000" | 187$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 188$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 189grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 190if test $ret -ne 0 191then 192 echo "I:failed" 193 status=1 194fi 195 196n=`expr $n + 1` 197echo "I:check that TYPE=0 additional data is handled ($n)" 198echo "a0e4280000010000000000010000060001c00c000000fe000000000000" | 199$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 200$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 201grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 202if test $ret -ne 0 203then 204 echo "I:failed" 205 status=1 206fi 207 208n=`expr $n + 1` 209echo "I:check that update to undefined class is handled ($n)" 210echo "a0e4280000010001000000000000060101c00c000000fe000000000000" | 211$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null 212$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n 213grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 214if test $ret -ne 0 215then 216 echo "I:failed" 217 status=1 218fi 219 220if $PERL -e 'use Net::DNS;' 2>/dev/null 221then 222 echo "I:running update.pl test" 223 $PERL update_test.pl -s 10.53.0.1 -p 5300 update.nil. || status=1 224else 225 echo "I:The second part of this test requires the Net::DNS library." >&2 226fi 227 228echo "I:fetching first copy of test zone" 229$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 230 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 231 232echo "I:fetching second copy of test zone" 233$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 234 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 235 236echo "I:comparing zones" 237$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1 238 239echo "I:SIGKILL and restart server ns1" 240cd ns1 241kill -KILL `cat named.pid` 242rm named.pid 243cd .. 244sleep 10 245if 246 $PERL $SYSTEMTESTTOP/start.pl --noclean . ns1 247then 248 echo "I:restarted server ns1" 249else 250 echo "I:could not restart server ns1" 251 exit 1 252fi 253sleep 10 254 255echo "I:fetching ns1 after hard restart" 256$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ 257 @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || status=1 258 259echo "I:comparing zones" 260$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1 261 262echo "I:begin RT #482 regression test" 263 264echo "I:update master" 265$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1 266server 10.53.0.1 5300 267update add updated2.example.nil. 600 A 10.10.10.2 268update add updated2.example.nil. 600 TXT Bar 269update delete c.example.nil. 270send 271END 272 273sleep 5 274 275echo "I:SIGHUP slave" 276kill -HUP `cat ns2/named.pid` 277 278sleep 5 279 280echo "I:update master again" 281$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1 282server 10.53.0.1 5300 283update add updated3.example.nil. 600 A 10.10.10.3 284update add updated3.example.nil. 600 TXT Zap 285update delete d.example.nil. 286send 287END 288 289sleep 5 290 291echo "I:SIGHUP slave again" 292kill -HUP `cat ns2/named.pid` 293 294sleep 5 295 296if grep "out of sync" ns2/named.run 297then 298 status=1 299fi 300 301echo "I:end RT #482 regression test" 302 303n=`expr $n + 1` 304echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)" 305ret=0 306$NSUPDATE << EOF 307server 10.53.0.3 5300 308update add example 3600 nsec3param 1 0 0 - 309send 310EOF 311 312sleep 1 313 314# the zone is not signed. The nsec3param records should be removed. 315# this also proves that the server is still running. 316$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\ 317 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 318grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1 319grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 320if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 321 322n=`expr $n + 1` 323echo "I:change the NSEC3PARAM ttl via update ($n)" 324ret=0 325$NSUPDATE << EOF 326server 10.53.0.3 5300 327update add nsec3param.test 3600 NSEC3PARAM 1 0 1 - 328send 329EOF 330 331sleep 1 332 333$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 334 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 335grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 336grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1 337grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 338if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 339 340n=`expr $n + 1` 341echo "I:add a new the NSEC3PARAM via update ($n)" 342ret=0 343$NSUPDATE << EOF 344server 10.53.0.3 5300 345update add nsec3param.test 3600 NSEC3PARAM 1 0 4 - 346send 347EOF 348 349sleep 1 350 351$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 352 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 353grep "ANSWER: 2" dig.out.ns3.$n > /dev/null || ret=1 354grep "NSEC3PARAM 1 0 4 -" dig.out.ns3.$n > /dev/null || ret=1 355grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 356if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 357 358n=`expr $n + 1` 359echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)" 360ret=0 361$NSUPDATE << EOF 362server 10.53.0.3 5300 363update delete nsec3param.test NSEC3PARAM 364update add nsec3param.test 7200 NSEC3PARAM 1 0 5 - 365send 366EOF 367 368sleep 1 369 370$DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ 371 @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 372grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 373grep "7200.*NSEC3PARAM 1 0 5 -" dig.out.ns3.$n > /dev/null || ret=1 374grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 375$JOURNALPRINT ns3/nsec3param.test.db.signed.jnl > jp.out.ns3.$n 376# intermediate TTL changes. 377grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 4 -" jp.out.ns3.$n > /dev/null || ret=1 378grep "add nsec3param.test. 7200 IN NSEC3PARAM 1 0 1 -" jp.out.ns3.$n > /dev/null || ret=1 379# delayed adds and deletes. 380grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000180000500" jp.out.ns3.$n > /dev/null || ret=1 381grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000100" jp.out.ns3.$n > /dev/null || ret=1 382grep "add nsec3param.test. 0 IN TYPE65534 .# 6 000140000400" jp.out.ns3.$n > /dev/null || ret=1 383if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi 384 385 386 387echo "I:testing that rndc stop updates the master file" 388$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1 389server 10.53.0.1 5300 390update add updated4.example.nil. 600 A 10.10.10.3 391send 392END 393$PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1 394# Removing the journal file and restarting the server means 395# that the data served by the new server process are exactly 396# those dumped to the master file by "rndc stop". 397rm -f ns1/*jnl 398$PERL $SYSTEMTESTTOP/start.pl --noclean . ns1 399$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\ 400 @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1 401$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || status=1 402 403ret=0 404echo "I:check that 'nsupdate -l' with a missing keyfile reports the missing file" 405$NSUPDATE -l -p 5300 -k ns1/nonexistant.key 2> nsupdate.out < /dev/null 406grep ns1/nonexistant.key nsupdate.out > /dev/null || ret=1 407if test $ret -ne 0 408then 409echo "I:failed"; status=1 410fi 411 412n=`expr $n + 1` 413ret=0 414echo "I:check that changes to the DNSKEY RRset TTL do not have side effects ($n)" 415$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ 416 @10.53.0.3 -p 5300 dnskey | \ 417 sed -n 's/\(.*\)10.IN/update add \1600 IN/p' | 418 (echo server 10.53.0.3 5300; cat - ; echo send ) | 419$NSUPDATE 420 421$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd dnskey.test. \ 422 @10.53.0.3 -p 5300 any > dig.out.ns3.$n 423 424grep "600.*DNSKEY" dig.out.ns3.$n > /dev/null || ret=1 425grep TYPE65534 dig.out.ns3.$n > /dev/null && ret=1 426if test $ret -ne 0 427then 428echo "I:failed"; status=1 429fi 430 431echo "I:exit status: $status" 432exit $status 433