ckdnsrps.sh revision 1.1.1.1
1#! /bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12set -e 13 14# Say on stdout whether to test DNSRPS 15# and create dnsrps.conf and dnsrps-slave.conf 16# Note that dnsrps.conf and dnsrps-slave.conf are included in named.conf 17# and differ from dnsrpz.conf which is used by dnsrpzd. 18 19 20SYSTEMTESTTOP=.. 21. $SYSTEMTESTTOP/conf.sh 22 23DNSRPS_CMD=../rpz/dnsrps 24 25AS_NS= 26TEST_DNSRPS= 27MCONF=dnsrps.conf 28SCONF=dnsrps-slave.conf 29USAGE="$0: [-xAD] [-M dnsrps.conf] [-S dnsrps-slave.conf]" 30while getopts "xADM:S:" c; do 31 case $c in 32 x) set -x; DEBUG=-x;; 33 A) AS_NS=yes;; 34 D) TEST_DNSRPS=yes;; 35 M) MCONF="$OPTARG";; 36 S) SCONF="$OPTARG";; 37 *) echo "$USAGE" 1>&2; exit 1;; 38 esac 39done 40shift `expr $OPTIND - 1 || true` 41if [ "$#" -ne 0 ]; then 42 echo "$USAGE" 1>&2 43 exit 1 44fi 45 46# erase any existing conf files 47cat /dev/null > $MCONF 48cat /dev/null > $SCONF 49 50add_conf () { 51 echo "$*" >>$MCONF 52 echo "$*" >>$SCONF 53} 54 55if ! $FEATURETEST --enable-dnsrps; then 56 if [ -n "$TEST_DNSRPS" ]; then 57 add_conf "## DNSRPS disabled at compile time" 58 fi 59 add_conf "#skip" 60 exit 0 61fi 62 63if [ -z "$TEST_DNSRPS" ]; then 64 add_conf "## testing with native RPZ" 65 add_conf '#skip' 66 exit 0 67else 68 add_conf "## testing with DNSRPS" 69fi 70 71if [ ! -x $DNSRPS_CMD ]; then 72 add_conf "## make $DNSRPS_CMD to test DNSRPS" 73 add_conf '#skip' 74 exit 0 75fi 76 77if $DNSRPS_CMD -a >/dev/null; then : 78else 79 add_conf "## DNSRPS provider library is not available" 80 add_conf '#skip' 81 exit 0 82fi 83 84CMN=" dnsrps-options { dnsrpzd-conf ../dnsrpzd.conf 85 dnsrpzd-sock ../dnsrpzd.sock 86 dnsrpzd-rpzf ../dnsrpzd.rpzf 87 dnsrpzd-args '-dddd -L stdout' 88 log-level 3" 89 90MASTER="$CMN" 91if [ -n "$AS_NS" ]; then 92 MASTER="$MASTER 93 qname-as-ns yes 94 ip-as-ns yes" 95fi 96 97# write dnsrps settings for master resolver 98cat <<EOF >>$MCONF 99$MASTER }; 100EOF 101 102# write dnsrps settings for resolvers that should not start dnsrpzd 103cat <<EOF >>$SCONF 104$CMN 105 dnsrpzd '' }; # do not start dnsrpzd 106EOF 107 108 109# DNSRPS is available. 110# The test should fail if the license is bad. 111add_conf "dnsrps-enable yes;" 112 113# Use alt-dnsrpzd-license.conf if it exists 114CUR_L=dnsrpzd-license-cur.conf 115ALT_L=alt-dnsrpzd-license.conf 116# try ../rpz/alt-dnsrpzd-license.conf if alt-dnsrpzd-license.conf does not exist 117[ -s $ALT_L ] || ALT_L=../rpz/alt-dnsrpzd-license.conf 118if [ -s $ALT_L ]; then 119 SRC_L=$ALT_L 120 USE_ALT= 121else 122 SRC_L=../rpz/dnsrpzd-license.conf 123 USE_ALT="## consider installing alt-dnsrpzd-license.conf" 124fi 125cp $SRC_L $CUR_L 126 127# parse $CUR_L for the license zone name, master IP addresses, and optional 128# transfer-source IP addresses 129eval `sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'\ 130 -e 's/.*zone *\([-a-z0-9]*.license.fastrpz.com\).*/NAME=\1/p' \ 131 -e 's/.*farsight_fastrpz_license *\([0-9.]*\);.*/IPV4=\1/p' \ 132 -e 's/.*farsight_fastrpz_license *\([0-9a-f:]*\);.*/IPV6=\1/p' \ 133 -e 's/.*transfer-source *\([0-9.]*\);.*/TS4=-b\1/p' \ 134 -e 's/.*transfer-source *\([0-9a-f:]*\);.*/TS6=-b\1/p' \ 135 -e 's/.*transfer-source-v6 *\([0-9a-f:]*\);.*/TS6=-b\1/p' \ 136 $CUR_L` 137if [ -z "$NAME" ]; then 138 add_conf "## no DNSRPS tests; no license domain name in $SRC_L" 139 add_conf '#fail' 140 exit 0 141fi 142if [ -z "$IPV4" ]; then 143 IPV4=license1.fastrpz.com 144 TS4= 145fi 146if [ -z "$IPV6" ]; then 147 IPV6=license1.fastrpz.com 148 TS6= 149fi 150 151# This TSIG key is common and NOT a secret 152KEY='hmac-sha256:farsight_fastrpz_license:f405d02b4c8af54855fcebc1' 153 154# Try IPv4 and then IPv6 to deal with IPv6 tunnel and connectivity problems 155if `$DIG -4 -t axfr -y$KEY $TS4 $NAME @$IPV4 \ 156 | grep -i "^$NAME.*TXT" >/dev/null`; then 157 exit 0 158fi 159if `$DIG -6 -t axfr -y$KEY $TS6 $NAME @$IPV6 \ 160 | grep -i "^$NAME.*TXT" >/dev/null`; then 161 exit 0 162fi 163 164add_conf "## DNSRPS lacks a valid license via $SRC_L" 165[ -z "$USE_ALT" ] || add_conf "$USE_ALT" 166add_conf '#fail' 167