1#!/bin/sh 2# 3# Copyright (C) 2004, 2005, 2007, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") 4# Copyright (C) 2000, 2001 Internet Software Consortium. 5# 6# Permission to use, copy, modify, and/or distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16# PERFORMANCE OF THIS SOFTWARE. 17 18# Id 19 20SYSTEMTESTTOP=.. 21. $SYSTEMTESTTOP/conf.sh 22 23DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 24 25status=0 26 27echo "I:testing basic zone transfer functionality" 28$DIG $DIGOPTS example. \ 29 @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 30grep ";" dig.out.ns2 31 32# 33# Spin to allow the zone to tranfer. 34# 35for i in 1 2 3 4 5 36do 37tmp=0 38$DIG $DIGOPTS example. \ 39 @10.53.0.3 axfr -p 5300 > dig.out.ns3 || tmp=1 40 grep ";" dig.out.ns3 > /dev/null 41 if test $? -ne 0 ; then break; fi 42 echo "I: plain zone re-transfer" 43 sleep 5 44done 45if test $tmp -eq 1 ; then status=1; fi 46grep ";" dig.out.ns3 47 48$PERL ../digcomp.pl dig1.good dig.out.ns2 || status=1 49 50$PERL ../digcomp.pl dig1.good dig.out.ns3 || status=1 51 52echo "I:testing TSIG signed zone transfers" 53$DIG $DIGOPTS tsigzone. \ 54 @10.53.0.2 axfr -y tsigzone.:1234abcd8765 -p 5300 \ 55 > dig.out.ns2 || status=1 56grep ";" dig.out.ns2 57 58# 59# Spin to allow the zone to tranfer. 60# 61for i in 1 2 3 4 5 62do 63tmp=0 64$DIG $DIGOPTS tsigzone. \ 65 @10.53.0.3 axfr -y tsigzone.:1234abcd8765 -p 5300 \ 66 > dig.out.ns3 || tmp=1 67 grep ";" dig.out.ns3 > /dev/null 68 if test $? -ne 0 ; then break; fi 69 echo "I: plain zone re-transfer" 70 sleep 5 71done 72if test $tmp -eq 1 ; then status=1; fi 73grep ";" dig.out.ns3 74 75$PERL ../digcomp.pl dig.out.ns2 dig.out.ns3 || status=1 76 77echo "I:reload servers for in preparation for ixfr-from-differences tests" 78 79$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' 80$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 81$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 | sed 's/^/I:ns3 /' 82$RNDC -c ../common/rndc.conf -s 10.53.0.6 -p 9953 reload 2>&1 | sed 's/^/I:ns6 /' 83$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reload 2>&1 | sed 's/^/I:ns7 /' 84 85sleep 2 86 87echo "I:updating master zones for ixfr-from-differences tests" 88 89$PERL -i -p -e ' 90 s/0\.0\.0\.0/0.0.0.1/; 91 s/1397051952/1397051953/ 92' ns1/slave.db 93 94$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' 95 96$PERL -i -p -e ' 97 s/0\.0\.0\.0/0.0.0.1/; 98 s/1397051952/1397051953/ 99' ns2/example.db 100 101$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 102 103$PERL -i -p -e ' 104 s/0\.0\.0\.0/0.0.0.1/; 105 s/1397051952/1397051953/ 106' ns6/master.db 107 108$RNDC -c ../common/rndc.conf -s 10.53.0.6 -p 9953 reload 2>&1 | sed 's/^/I:ns6 /' 109 110$PERL -i -p -e ' 111 s/0\.0\.0\.0/0.0.0.1/; 112 s/1397051952/1397051953/ 113' ns7/master2.db 114 115$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reload 2>&1 | sed 's/^/I:ns7 /' 116 117sleep 3 118 119echo "I:testing ixfr-from-differences yes;" 120tmp=0 121 122$DIG $DIGOPTS example. \ 123 @10.53.0.3 axfr -p 5300 > dig.out.ns3 || tmp=1 124grep ";" dig.out.ns3 125 126$PERL ../digcomp.pl dig2.good dig.out.ns3 || tmp=1 127 128# ns3 has a journal iff it received an IXFR. 129test -f ns3/example.bk || tmp=1 130test -f ns3/example.bk.jnl || tmp=1 131 132if test $tmp != 0 ; then echo "I:failed"; fi 133status=`expr $status + $tmp` 134 135echo "I:testing ixfr-from-differences master; (master zone)" 136tmp=0 137 138$DIG $DIGOPTS master. \ 139 @10.53.0.6 axfr -p 5300 > dig.out.ns6 || tmp=1 140grep ";" dig.out.ns6 141 142$DIG $DIGOPTS master. \ 143 @10.53.0.3 axfr -p 5300 > dig.out.ns3 || tmp=1 144grep ";" dig.out.ns3 && cat dig.out.ns3 145 146$PERL ../digcomp.pl dig.out.ns6 dig.out.ns3 || tmp=1 147 148# ns3 has a journal iff it received an IXFR. 149test -f ns3/master.bk || tmp=1 150test -f ns3/master.bk.jnl || tmp=1 151 152if test $tmp != 0 ; then echo "I:failed"; fi 153status=`expr $status + $tmp` 154 155echo "I:testing ixfr-from-differences master; (slave zone)" 156tmp=0 157 158$DIG $DIGOPTS slave. \ 159 @10.53.0.6 axfr -p 5300 > dig.out.ns6 || tmp=1 160grep ";" dig.out.ns6 161 162$DIG $DIGOPTS slave. \ 163 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || tmp=1 164grep ";" dig.out.ns1 165 166$PERL ../digcomp.pl dig.out.ns6 dig.out.ns1 || tmp=1 167 168# ns6 has a journal iff it received an IXFR. 169test -f ns6/slave.bk || tmp=1 170test -f ns6/slave.bk.jnl && tmp=1 171 172if test $tmp != 0 ; then echo "I:failed"; fi 173status=`expr $status + $tmp` 174 175echo "I:testing ixfr-from-differences slave; (master zone)" 176tmp=0 177 178# ns7 has a journal iff it generates an IXFR. 179test -f ns7/master2.db || tmp=1 180test -f ns7/master2.db.jnl && tmp=1 181 182if test $tmp != 0 ; then echo "I:failed"; fi 183status=`expr $status + $tmp` 184echo "I:testing ixfr-from-differences slave; (slave zone)" 185tmp=0 186 187$DIG $DIGOPTS slave. \ 188 @10.53.0.1 axfr -p 5300 > dig.out.ns1 || tmp=1 189grep ";" dig.out.ns1 190 191$DIG $DIGOPTS slave. \ 192 @10.53.0.7 axfr -p 5300 > dig.out.ns7 || tmp=1 193grep ";" dig.out.ns1 194 195$PERL ../digcomp.pl dig.out.ns7 dig.out.ns1 || tmp=1 196 197# ns7 has a journal iff it generates an IXFR. 198test -f ns7/slave.bk || tmp=1 199test -f ns7/slave.bk.jnl || tmp=1 200 201if test $tmp != 0 ; then echo "I:failed"; fi 202status=`expr $status + $tmp` 203 204echo "I:check that a multi-message uncompressable zone transfers" 205$DIG axfr . -p 5300 @10.53.0.4 | grep SOA > axfr.out 206if test `wc -l < axfr.out` != 2 207then 208 echo "I:failed" 209 status=`expr $status + 1` 210fi 211 212# now we test transfers with assorted TSIG glitches 213DIGCMD="$DIG $DIGOPTS @10.53.0.4 -p 5300" 214SENDCMD="$PERL ../send.pl 10.53.0.5 5301" 215RNDCCMD="$RNDC -s 10.53.0.4 -p 9953 -c ../common/rndc.conf" 216 217echo "I:testing that incorrectly signed transfers will fail..." 218echo "I:initial correctly-signed transfer should succeed" 219 220$SENDCMD < ans5/goodaxfr 221sleep 1 222 223# Initially, ns4 is not authoritative for anything. 224# Now that ans is up and running with the right data, we make it 225# a slave for nil. 226 227cat <<EOF >>ns4/named.conf 228zone "nil" { 229 type slave; 230 file "nil.db"; 231 masters { 10.53.0.5 key tsig_key; }; 232}; 233EOF 234 235$RNDCCMD reload | sed 's/^/I:ns4 /' 236 237 238for i in 0 1 2 3 4 5 6 7 8 9 239do 240 $DIGCMD nil. SOA > dig.out.ns4 241 grep SOA dig.out.ns4 > /dev/null && break 242 sleep 1 243done 244 245$DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { 246 echo "I:failed" 247 status=1 248} 249 250echo "I:unsigned transfer" 251 252$SENDCMD < ans5/unsigned 253sleep 1 254 255$RNDCCMD retransfer nil | sed 's/^/I:ns4 /' 256 257sleep 2 258 259$DIGCMD nil. TXT | grep 'unsigned AXFR' >/dev/null && { 260 echo "I:failed" 261 status=1 262} 263 264echo "I:bad keydata" 265 266$SENDCMD < ans5/badkeydata 267sleep 1 268 269$RNDCCMD retransfer nil | sed 's/^/I:ns4 /' 270 271sleep 2 272 273$DIGCMD nil. TXT | grep 'bad keydata AXFR' >/dev/null && { 274 echo "I:failed" 275 status=1 276} 277 278echo "I:partially-signed transfer" 279 280$SENDCMD < ans5/partial 281sleep 1 282 283$RNDCCMD retransfer nil | sed 's/^/I:ns4 /' 284 285sleep 2 286 287$DIGCMD nil. TXT | grep 'partially signed AXFR' >/dev/null && { 288 echo "I:failed" 289 status=1 290} 291 292echo "I:unknown key" 293 294$SENDCMD < ans5/unknownkey 295sleep 1 296 297$RNDCCMD retransfer nil | sed 's/^/I:ns4 /' 298 299sleep 2 300 301$DIGCMD nil. TXT | grep 'unknown key AXFR' >/dev/null && { 302 echo "I:failed" 303 status=1 304} 305 306echo "I:incorrect key" 307 308$SENDCMD < ans5/wrongkey 309sleep 1 310 311$RNDCCMD retransfer nil | sed 's/^/I:ns4 /' 312 313sleep 2 314 315$DIGCMD nil. TXT | grep 'incorrect key AXFR' >/dev/null && { 316 echo "I:failed" 317 status=1 318} 319 320echo "I:exit status: $status" 321exit $status 322