1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14set -e
15
16. ../conf.sh
17
18DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
19DIGOPTS=""
20DIGCMD="$DIG $DIGOPTS -p ${PORT}"
21RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../_common/rndc.conf -s"
22
23status=0
24n=0
25
26n=$((n + 1))
27echo_i "preparing ($n)"
28ret=0
29$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1
30server 10.53.0.2
31zone nil.
32update add text1.nil. 600 IN TXT "addition 1"
33send
34zone other.
35update add text1.other. 600 IN TXT "addition 1"
36send
37END
38[ -s ns2/nil.db.jnl ] || {
39  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
40  ret=1
41}
42[ -s ns2/other.db.jnl ] || {
43  echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"
44  ret=1
45}
46if [ $ret != 0 ]; then echo_i "failed"; fi
47status=$((status + ret))
48
49echo_i "rndc freeze"
50$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i
51
52n=$((n + 1))
53echo_i "checking zone was dumped ($n)"
54ret=0
55for i in 1 2 3 4 5 6 7 8 9 10; do
56  grep "addition 1" ns2/nil.db >/dev/null && break
57  sleep 1
58done
59grep "addition 1" ns2/nil.db >/dev/null 2>&1 || ret=1
60if [ $ret != 0 ]; then echo_i "failed"; fi
61status=$((status + ret))
62
63n=$((n + 1))
64echo_i "checking journal file is still present ($n)"
65ret=0
66[ -s ns2/nil.db.jnl ] || {
67  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
68  ret=1
69}
70if [ $ret != 0 ]; then echo_i "failed"; fi
71status=$((status + ret))
72
73n=$((n + 1))
74echo_i "checking zone not writable ($n)"
75ret=0
76$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END && ret=1
77server 10.53.0.2
78zone nil.
79update add text2.nil. 600 IN TXT "addition 2"
80send
81END
82
83$DIGCMD @10.53.0.2 text2.nil. TXT >dig.out.1.test$n || ret=1
84grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1
85if [ $ret != 0 ]; then echo_i "failed"; fi
86status=$((status + ret))
87
88echo_i "rndc thaw"
89$RNDCCMD 10.53.0.2 thaw | sed 's/^/ns2 /' | cat_i
90
91wait_for_log 3 "zone_postload: zone nil/IN: done" ns2/named.run
92
93n=$((n + 1))
94echo_i "checking zone now writable ($n)"
95ret=0
96$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1
97server 10.53.0.2
98zone nil.
99update add text3.nil. 600 IN TXT "addition 3"
100send
101END
102$DIGCMD @10.53.0.2 text3.nil. TXT >dig.out.1.test$n || ret=1
103grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
104if [ $ret != 0 ]; then echo_i "failed"; fi
105status=$((status + ret))
106
107echo_i "rndc sync"
108ret=0
109$RNDCCMD 10.53.0.2 sync nil | sed 's/^/ns2 /' | cat_i
110
111n=$((n + 1))
112echo_i "checking zone was dumped ($n)"
113ret=0
114for i in 1 2 3 4 5 6 7 8 9 10; do
115  grep "addition 3" ns2/nil.db >/dev/null && break
116  sleep 1
117done
118grep "addition 3" ns2/nil.db >/dev/null 2>&1 || ret=1
119if [ $ret != 0 ]; then echo_i "failed"; fi
120status=$((status + ret))
121
122n=$((n + 1))
123echo_i "checking journal file is still present ($n)"
124ret=0
125[ -s ns2/nil.db.jnl ] || {
126  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
127  ret=1
128}
129if [ $ret != 0 ]; then echo_i "failed"; fi
130status=$((status + ret))
131
132n=$((n + 1))
133echo_i "checking zone is still writable ($n)"
134ret=0
135$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1
136server 10.53.0.2
137zone nil.
138update add text4.nil. 600 IN TXT "addition 4"
139send
140END
141
142$DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1
143grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1
144if [ $ret != 0 ]; then echo_i "failed"; fi
145status=$((status + ret))
146
147echo_i "rndc sync -clean"
148ret=0
149$RNDCCMD 10.53.0.2 sync -clean nil | sed 's/^/ns2 /' | cat_i
150
151n=$((n + 1))
152echo_i "checking zone was dumped ($n)"
153ret=0
154for i in 1 2 3 4 5 6 7 8 9 10; do
155  grep "addition 4" ns2/nil.db >/dev/null && break
156  sleep 1
157done
158grep "addition 4" ns2/nil.db >/dev/null 2>&1 || ret=1
159if [ $ret != 0 ]; then echo_i "failed"; fi
160status=$((status + ret))
161
162n=$((n + 1))
163echo_i "checking journal file is deleted ($n)"
164ret=0
165[ -s ns2/nil.db.jnl ] && {
166  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
167  ret=1
168}
169if [ $ret != 0 ]; then echo_i "failed"; fi
170status=$((status + ret))
171
172n=$((n + 1))
173echo_i "checking zone is still writable ($n)"
174ret=0
175$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1
176server 10.53.0.2
177zone nil.
178update add text5.nil. 600 IN TXT "addition 5"
179send
180END
181
182$DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1
183grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1
184if [ $ret != 0 ]; then echo_i "failed"; fi
185status=$((status + ret))
186
187n=$((n + 1))
188echo_i "checking other journal files not removed ($n)"
189ret=0
190[ -s ns2/other.db.jnl ] || {
191  echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"
192  ret=1
193}
194if [ $ret != 0 ]; then echo_i "failed"; fi
195status=$((status + ret))
196
197echo_i "cleaning all zones ($n)"
198$RNDCCMD 10.53.0.2 sync -clean | sed 's/^/ns2 /' | cat_i
199
200n=$((n + 1))
201echo_i "checking all journals removed ($n)"
202ret=0
203[ -s ns2/nil.db.jnl ] && {
204  echo_i "'test -s ns2/nil.db.jnl' succeeded when it shouldn't have"
205  ret=1
206}
207[ -s ns2/other.db.jnl ] && {
208  echo_i "'test -s ns2/other.db.jnl' succeeded when it shouldn't have"
209  ret=1
210}
211if [ $ret != 0 ]; then echo_i "failed"; fi
212status=$((status + ret))
213
214n=$((n + 1))
215echo_i "checking that freezing static zones is not allowed ($n)"
216ret=0
217$RNDCCMD 10.53.0.2 freeze static >rndc.out.1.test$n 2>&1 && ret=1
218grep 'not dynamic' rndc.out.1.test$n >/dev/null || ret=1
219if [ $ret != 0 ]; then echo_i "failed"; fi
220status=$((status + ret))
221
222n=$((n + 1))
223echo_i "checking that journal is removed when serial is changed before thaw ($n)"
224ret=0
225sleep 1
226$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1
227server 10.53.0.2
228zone other.
229update add text6.other. 600 IN TXT "addition 6"
230send
231END
232[ -s ns2/other.db.jnl ] || {
233  echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"
234  ret=1
235}
236$RNDCCMD 10.53.0.2 freeze other 2>&1 | sed 's/^/ns2 /' | cat_i
237for i in 1 2 3 4 5 6 7 8 9 10; do
238  grep "addition 6" ns2/other.db >/dev/null && break
239  sleep 1
240done
241serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db)
242newserial=$((serial + 1))
243sed s/$serial/$newserial/ ns2/other.db >ns2/other.db.new
244echo 'frozen TXT "frozen addition"' >>ns2/other.db.new
245mv -f ns2/other.db.new ns2/other.db
246$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i
247sleep 1
248[ -f ns2/other.db.jnl ] && {
249  echo_i "'test -f ns2/other.db.jnl' succeeded when it shouldn't have"
250  ret=1
251}
252$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1
253server 10.53.0.2
254zone other.
255update add text7.other. 600 IN TXT "addition 7"
256send
257END
258$DIGCMD @10.53.0.2 text6.other. TXT >dig.out.1.test$n || ret=1
259grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1
260$DIGCMD @10.53.0.2 text7.other. TXT >dig.out.2.test$n || ret=1
261grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1
262$DIGCMD @10.53.0.2 frozen.other. TXT >dig.out.3.test$n || ret=1
263grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
264if [ $ret != 0 ]; then echo_i "failed"; fi
265status=$((status + ret))
266
267n=$((n + 1))
268echo_i "checking that journal is kept when ixfr-from-differences is in use ($n)"
269ret=0
270$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1
271server 10.53.0.2
272zone nil.
273update add text6.nil. 600 IN TXT "addition 6"
274send
275END
276[ -s ns2/nil.db.jnl ] || {
277  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
278  ret=1
279}
280$RNDCCMD 10.53.0.2 freeze nil 2>&1 | sed 's/^/ns2 /' | cat_i
281for i in 1 2 3 4 5 6 7 8 9 10; do
282  grep "addition 6" ns2/nil.db >/dev/null && break
283  sleep 1
284done
285serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db)
286newserial=$((serial + 1))
287sed s/$serial/$newserial/ ns2/nil.db >ns2/nil.db.new
288echo 'frozen TXT "frozen addition"' >>ns2/nil.db.new
289mv -f ns2/nil.db.new ns2/nil.db
290$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i
291sleep 1
292[ -s ns2/nil.db.jnl ] || {
293  echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"
294  ret=1
295}
296$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1
297server 10.53.0.2
298zone nil.
299update add text7.nil. 600 IN TXT "addition 7"
300send
301END
302$DIGCMD @10.53.0.2 text6.nil. TXT >dig.out.1.test$n || ret=1
303grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1
304$DIGCMD @10.53.0.2 text7.nil. TXT >dig.out.2.test$n || ret=1
305grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1
306$DIGCMD @10.53.0.2 frozen.nil. TXT >dig.out.3.test$n || ret=1
307grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
308if [ $ret != 0 ]; then echo_i "failed"; fi
309status=$((status + ret))
310
311# temp test
312echo_i "dumping stats ($n)"
313$RNDCCMD 10.53.0.2 stats
314n=$((n + 1))
315echo_i "verifying adb records in named.stats ($n)"
316grep "ADB stats" ns2/named.stats >/dev/null || ret=1
317if [ $ret != 0 ]; then echo_i "failed"; fi
318status=$((status + ret))
319
320n=$((n + 1))
321echo_i "test using second key ($n)"
322ret=0
323$RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status >/dev/null || ret=1
324if [ $ret != 0 ]; then echo_i "failed"; fi
325status=$((status + ret))
326
327n=$((n + 1))
328echo_i "test 'rndc dumpdb' on a empty cache ($n)"
329ret=0
330rndc_dumpdb ns3 || ret=1
331if [ $ret != 0 ]; then echo_i "failed"; fi
332status=$((status + ret))
333
334n=$((n + 1))
335echo_i "test 'rndc reload' on a zone with include files ($n)"
336ret=0
337grep "incl/IN: skipping load" ns2/named.run >/dev/null && ret=1
338loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
339[ "$loads" -eq 1 ] || ret=1
340$RNDCCMD 10.53.0.2 reload >/dev/null || ret=1
341for i in 1 2 3 4 5 6 7 8 9; do
342  tmp=0
343  grep "incl/IN: skipping load" ns2/named.run >/dev/null || tmp=1
344  [ $tmp -eq 0 ] && break
345  sleep 1
346done
347[ $tmp -eq 1 ] && ret=1
348touch ns2/static.db
349$RNDCCMD 10.53.0.2 reload >/dev/null || ret=1
350for i in 1 2 3 4 5 6 7 8 9; do
351  tmp=0
352  loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
353  [ "$loads" -eq 2 ] || tmp=1
354  [ $tmp -eq 0 ] && break
355  sleep 1
356done
357[ $tmp -eq 1 ] && ret=1
358if [ $ret != 0 ]; then echo_i "failed"; fi
359status=$((status + ret))
360
361n=$((n + 1))
362if $FEATURETEST --md5; then
363  echo_i "testing rndc with hmac-md5 ($n)"
364  ret=0
365  $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status >/dev/null 2>&1 || ret=1
366  for i in 2 3 4 5 6; do
367    $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1
368  done
369  if [ $ret != 0 ]; then echo_i "failed"; fi
370  status=$((status + ret))
371else
372  echo_i "skipping rndc with hmac-md5 ($n)"
373fi
374
375n=$((n + 1))
376echo_i "testing rndc with hmac-sha1 ($n)"
377ret=0
378$RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key2.conf status >/dev/null 2>&1 || ret=1
379for i in 1 3 4 5 6; do
380  $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1
381done
382if [ $ret != 0 ]; then echo_i "failed"; fi
383status=$((status + ret))
384
385n=$((n + 1))
386echo_i "testing rndc with hmac-sha224 ($n)"
387ret=0
388$RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key3.conf status >/dev/null 2>&1 || ret=1
389for i in 1 2 4 5 6; do
390  $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1
391done
392if [ $ret != 0 ]; then echo_i "failed"; fi
393status=$((status + ret))
394
395n=$((n + 1))
396echo_i "testing rndc with hmac-sha256 ($n)"
397ret=0
398$RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key4.conf status >/dev/null 2>&1 || ret=1
399for i in 1 2 3 5 6; do
400  $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1
401done
402if [ $ret != 0 ]; then echo_i "failed"; fi
403status=$((status + ret))
404
405n=$((n + 1))
406echo_i "testing rndc with hmac-sha384 ($n)"
407ret=0
408$RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key5.conf status >/dev/null 2>&1 || ret=1
409for i in 1 2 3 4 6; do
410  $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1
411done
412if [ $ret != 0 ]; then echo_i "failed"; fi
413status=$((status + ret))
414
415n=$((n + 1))
416echo_i "testing rndc with hmac-sha512 ($n)"
417ret=0
418$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >/dev/null 2>&1 || ret=1
419for i in 1 2 3 4 5; do
420  $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key${i}.conf status >/dev/null 2>&1 2>&1 && ret=1
421done
422if [ $ret != 0 ]; then echo_i "failed"; fi
423status=$((status + ret))
424
425n=$((n + 1))
426echo_i "testing single control channel with multiple algorithms ($n)"
427ret=0
428for i in 1 2 3 4 5 6; do
429  $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status >/dev/null 2>&1 || ret=1
430done
431if [ $ret != 0 ]; then echo_i "failed"; fi
432status=$((status + ret))
433
434n=$((n + 1))
435echo_i "testing automatic zones are reported ($n)"
436ret=0
437$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n || ret=1
438grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n >/dev/null || ret=1
439if [ $ret != 0 ]; then echo_i "failed"; fi
440status=$((status + ret))
441
442n=$((n + 1))
443echo_i "testing rndc with null command ($n)"
444ret=0
445$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf null || ret=1
446if [ $ret != 0 ]; then echo_i "failed"; fi
447status=$((status + ret))
448
449n=$((n + 1))
450echo_i "testing rndc with unknown control channel command ($n)"
451ret=0
452$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf obviouslynotacommand >/dev/null 2>&1 && ret=1
453# rndc: 'obviouslynotacommand' failed: unknown command
454if [ $ret != 0 ]; then echo_i "failed"; fi
455status=$((status + ret))
456
457n=$((n + 1))
458echo_i "testing rndc with querylog command ($n)"
459ret=0
460# first enable it with querylog on option
461$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog on >/dev/null 2>&1 || ret=1
462grep "query logging is now on" ns4/named.run >/dev/null || ret=1
463# query for builtin and check if query was logged (without +subnet)
464$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo12345.bind +qr >dig.out.1.test$n 2>&1 || ret=1
465grep "query: foo12345.bind CH TXT.*(.*)$" ns4/named.run >/dev/null || ret=1
466# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1)
467$DIG +subnet=127.0.0.1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12346.bind +qr >dig.out.2.test$n 2>&1 || ret=1
468grep "query: foo12346.bind CH TXT.*\[ECS 127\.0\.0\.1/32/0]" ns4/named.run >/dev/null || ret=1
469# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1/24)
470$DIG +subnet=127.0.0.1/24 @10.53.0.4 -p ${PORT} -c ch -t txt foo12347.bind +qr >dig.out.3.test$n 2>&1 || ret=1
471grep "query: foo12347.bind CH TXT.*\[ECS 127\.0\.0\.0/24/0]" ns4/named.run >/dev/null || ret=1
472# query for another builtin zone and check if query was logged (with +subnet=::1)
473$DIG +subnet=::1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12348.bind +qr >dig.out.4.test$n 2>&1 || ret=1
474grep "query: foo12348.bind CH TXT.*\[ECS ::1/128/0]" ns4/named.run >/dev/null || ret=1
475# toggle query logging and check again
476$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog >/dev/null 2>&1 || ret=1
477grep "query logging is now off" ns4/named.run >/dev/null || ret=1
478# query for another builtin zone and check if query was logged (without +subnet)
479$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo9876.bind +qr >dig.out.5.test$n 2>&1 || ret=1
480grep "query: foo9876.bind CH TXT.*(.*)$" ns4/named.run >/dev/null && ret=1
481if [ $ret != 0 ]; then echo_i "failed"; fi
482status=$((status + ret))
483
484RNDCCMD4="$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf"
485n=$((n + 1))
486echo_i "testing rndc nta time limits ($n)"
487ret=0
488$RNDCCMD4 nta -l 2h nta1.example >rndc.out.1.test$n 2>&1
489grep "Negative trust anchor added" rndc.out.1.test$n >/dev/null || ret=1
490$RNDCCMD4 nta -l 1d nta2.example >rndc.out.2.test$n 2>&1
491grep "Negative trust anchor added" rndc.out.2.test$n >/dev/null || ret=1
492$RNDCCMD4 nta -l 1w nta3.example >rndc.out.3.test$n 2>&1
493grep "Negative trust anchor added" rndc.out.3.test$n >/dev/null || ret=1
494$RNDCCMD4 nta -l 8d nta4.example >rndc.out.4.test$n 2>&1 && ret=1
495grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n >/dev/null || ret=1
496if [ $ret != 0 ]; then echo_i "failed"; fi
497status=$((status + ret))
498
499n=$((n + 1))
500echo_i "testing rndc nta -class option ($n)"
501ret=0
502nextpart ns4/named.run >/dev/null
503$RNDCCMD4 nta -c in nta1.example >rndc.out.1.test$n 2>&1
504nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1
505$RNDCCMD4 nta -c any nta1.example >rndc.out.2.test$n 2>&1
506nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1
507$RNDCCMD4 nta -c ch nta1.example >rndc.out.3.test$n 2>&1
508nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1
509$RNDCCMD4 nta -c fake nta1.example >rndc.out.4.test$n 2>&1 && ret=1
510nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1
511grep 'unknown class' rndc.out.4.test$n >/dev/null || ret=1
512if [ $ret != 0 ]; then echo_i "failed"; fi
513status=$((status + ret))
514
515for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288; do
516  n=$((n + 1))
517  echo_i "testing rndc buffer size limits (size=${i}) ($n)"
518  ret=0
519  $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 >rndc.out.$i.test$n || ret=1
520  {
521    actual_size=$($GENCHECK rndc.out.$i.test$n)
522    rc=$?
523  } || true
524  if [ "$rc" = "0" ]; then
525    expected_size=$((i + 1))
526    if [ $actual_size != $expected_size ]; then ret=1; fi
527  else
528    ret=1
529  fi
530
531  if [ $ret != 0 ]; then echo_i "failed"; fi
532  status=$((status + ret))
533done
534
535n=$((n + 1))
536echo_i "testing rndc -r (show result) ($n)"
537ret=0
538$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 >rndc.out.1.test$n || ret=1
539grep "ISC_R_SUCCESS 0" rndc.out.1.test$n >/dev/null || ret=1
540if [ $ret != 0 ]; then echo_i "failed"; fi
541status=$((status + ret))
542
543n=$((n + 1))
544echo_i "testing rndc with a token containing a space ($n)"
545ret=0
546$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r flush '"view with a space"' 2>&1 >rndc.out.1.test$n || ret=1
547grep "not found" rndc.out.1.test$n >/dev/null && ret=1
548if [ $ret != 0 ]; then echo_i "failed"; fi
549status=$((status + ret))
550
551n=$((n + 1))
552echo_i "test 'rndc reconfig' with a broken config ($n)"
553ret=0
554$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1
555sleep 1
556mv ns4/named.conf ns4/named.conf.save
557echo "error error error" >>ns4/named.conf
558$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >rndc.out.1.test$n 2>&1 && ret=1
559grep "rndc: 'reconfig' failed: unexpected token" rndc.out.1.test$n >/dev/null || ret=1
560if [ $ret != 0 ]; then echo_i "failed"; fi
561status=$((status + ret))
562
563n=$((n + 1))
564echo_i "check rndc status reports failure ($n)"
565ret=0
566$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1
567grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null || ret=1
568if [ $ret != 0 ]; then echo_i "failed"; fi
569status=$((status + ret))
570
571n=$((n + 1))
572echo_i "restore working config ($n)"
573ret=0
574mv ns4/named.conf.save ns4/named.conf
575sleep 1
576$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1
577sleep 1
578if [ $ret != 0 ]; then echo_i "failed"; fi
579status=$((status + ret))
580
581n=$((n + 1))
582echo_i "check 'rndc status' 'reload/reconfig failure' is cleared after successful reload/reconfig ($n)"
583ret=0
584$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1
585grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null && ret=1
586if [ $ret != 0 ]; then echo_i "failed"; fi
587status=$((status + ret))
588
589n=$((n + 1))
590echo_i "test read-only control channel access ($n)"
591ret=0
592$RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1
593$RNDCCMD 10.53.0.5 nta -dump >rndc.out.2.test$n 2>&1 || ret=1
594$RNDCCMD 10.53.0.5 reconfig >rndc.out.3.test$n 2>&1 && ret=1
595if [ $ret != 0 ]; then echo_i "failed"; fi
596status=$((status + ret))
597
598n=$((n + 1))
599echo_i "test rndc status shows running on ($n)"
600ret=0
601$RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1
602grep "^running on " rndc.out.1.test$n >/dev/null || ret=1
603if [ $ret != 0 ]; then echo_i "failed"; fi
604status=$((status + ret))
605
606n=$((n + 1))
607echo_i "test 'rndc reconfig' with loading of a large zone ($n)"
608ret=0
609nextpart ns6/named.run >/dev/null
610cp ns6/named.conf ns6/named.conf.save
611echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >>ns6/named.conf
612echo_i "reloading config"
613$RNDCCMD 10.53.0.6 reconfig >rndc.out.1.test$n 2>&1 || ret=1
614if [ $ret != 0 ]; then echo_i "failed"; fi
615status=$((status + ret))
616sleep 1
617
618n=$((n + 1))
619echo_i "check if zone load was scheduled ($n)"
620wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1
621if [ $ret != 0 ]; then echo_i "failed"; fi
622status=$((status + ret))
623
624n=$((n + 1))
625echo_i "check if query for the zone returns SERVFAIL ($n)"
626$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n
627grep "SERVFAIL" dig.out.1.test$n >/dev/null || ret=1
628if [ $ret != 0 ]; then
629  echo_i "failed (ignored)"
630  ret=0
631fi
632status=$((status + ret))
633
634n=$((n + 1))
635echo_i "wait for the zones to be loaded ($n)"
636wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1
637if [ $ret != 0 ]; then echo_i "failed"; fi
638status=$((status + ret))
639
640n=$((n + 1))
641echo_i "check if query for the zone returns NOERROR ($n)"
642$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n
643grep "NOERROR" dig.out.1.test$n >/dev/null || ret=1
644if [ $ret != 0 ]; then echo_i "failed"; fi
645status=$((status + ret))
646
647n=$((n + 1))
648echo_i "verify that the full command is logged ($n)"
649ret=0
650$RNDCCMD 10.53.0.2 null with extra arguments >/dev/null 2>&1
651grep "received control channel command 'null with extra arguments'" ns2/named.run >/dev/null || ret=1
652if [ $ret != 0 ]; then echo_i "failed"; fi
653status=$((status + ret))
654
655mv ns6/named.conf.save ns6/named.conf
656sleep 1
657$RNDCCMD 10.53.0.6 reconfig >/dev/null || ret=1
658sleep 1
659if [ $ret != 0 ]; then echo_i "failed"; fi
660status=$((status + ret))
661
662n=$((n + 1))
663echo_i "check 'rndc \"\"' is handled ($n)"
664ret=0
665$RNDCCMD 10.53.0.2 "" >rndc.out.1.test$n 2>&1 && ret=1
666grep "rndc: '' failed: failure" rndc.out.1.test$n >/dev/null
667if [ $ret != 0 ]; then echo_i "failed"; fi
668status=$((status + ret))
669
670n=$((n + 1))
671echo_i "check rndc -4 -6 ($n)"
672ret=0
673$RNDCCMD 10.53.0.2 -4 -6 status >rndc.out.1.test$n 2>&1 && ret=1
674grep "only one of -4 and -6 allowed" rndc.out.1.test$n >/dev/null || ret=1
675if [ $ret != 0 ]; then echo_i "failed"; fi
676status=$((status + ret))
677
678n=$((n + 1))
679echo_i "check rndc -4 with an IPv6 server address ($n)"
680ret=0
681$RNDCCMD fd92:7065:b8e:ffff::2 -4 status >rndc.out.1.test$n 2>&1 && ret=1
682grep "address family not supported" rndc.out.1.test$n >/dev/null || ret=1
683if [ $ret != 0 ]; then echo_i "failed"; fi
684status=$((status + ret))
685
686n=$((n + 1))
687echo_i "check rndc nta reports adding to multiple views ($n)"
688ret=0
689$RNDCCMD 10.53.0.3 nta test.com >rndc.out.test$n 2>&1 || ret=1
690lines=$(cat rndc.out.test$n | wc -l)
691[ ${lines:-0} -eq 2 ] || ret=1
692if [ $ret != 0 ]; then echo_i "failed"; fi
693status=$((status + ret))
694
695n=$((n + 1))
696echo_i "check 'rndc retransfer' of primary error message ($n)"
697ret=0
698$RNDCCMD 10.53.0.2 retransfer nil >rndc.out.test$n 2>&1 && ret=1
699grep "rndc: 'retransfer' failed: failure" rndc.out.test$n >/dev/null || ret=1
700grep "retransfer: inappropriate zone type: primary" rndc.out.test$n >/dev/null || ret=1
701lines=$(cat rndc.out.test$n | wc -l)
702[ ${lines:-0} -eq 2 ] || ret=1
703if [ $ret != 0 ]; then echo_i "failed"; fi
704status=$((status + ret))
705
706n=$((n + 1))
707echo_i "check 'rndc freeze' with in-view zones works ($n)"
708ret=0
709$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze >rndc.out.test$n 2>&1 || ret=1
710test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
711if [ $ret != 0 ]; then echo_i "failed"; fi
712status=$((status + ret))
713
714n=$((n + 1))
715echo_i "checking non in-view zone instance is not writable ($n)"
716ret=0
717$NSUPDATE -p ${PORT} >/dev/null 2>&1 <<END && ret=1
718server 10.53.0.4
719zone example.
720update add text2.example. 600 IN TXT "addition 3"
721send
722END
723$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1
724grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1
725if [ $ret != 0 ]; then echo_i "failed"; fi
726status=$((status + ret))
727
728n=$((n + 1))
729echo_i "check 'rndc thaw' with in-view zones works ($n)"
730ret=0
731$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw >rndc.out.test$n 2>&1 || ret=1
732test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
733if [ $ret != 0 ]; then echo_i "failed"; fi
734status=$((status + ret))
735
736n=$((n + 1))
737echo_i "checking non in-view zone instance is now writable ($n)"
738ret=0
739$NSUPDATE -p ${PORT} >nsupdate.out.test$n 2>&1 <<END || ret=1
740server 10.53.0.4
741zone example.
742update add text2.example. 600 IN TXT "addition 3"
743send
744END
745$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1
746grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
747if [ $ret != 0 ]; then echo_i "failed"; fi
748status=$((status + ret))
749
750n=$((n + 1))
751echo_i "checking initial in-view zone file is loaded ($n)"
752ret=0
753TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
754$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1
755grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
756TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
757$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1
758grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
759if [ $ret != 0 ]; then echo_i "failed"; fi
760status=$((status + ret))
761
762echo_i "update in-view zone ($n)"
763ret=0
764TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
765$NSUPDATE -p ${PORT} -y "$TSIG" >/dev/null 2>&1 <<END || ret=1
766server 10.53.0.7
767zone test.
768update add text2.test. 600 IN TXT "addition 1"
769send
770END
771[ -s ns7/test.db.jnl ] || {
772  echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have"
773  ret=1
774}
775if [ $ret != 0 ]; then echo_i "failed"; fi
776status=$((status + ret))
777
778echo_i "checking update ($n)"
779ret=0
780TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
781$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT >dig.out.1.test$n || ret=1
782grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
783if [ $ret != 0 ]; then echo_i "failed"; fi
784status=$((status + ret))
785
786nextpart ns7/named.run >/dev/null
787
788echo_i "rndc freeze"
789$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i
790
791wait_for_log 3 "dump_done: zone test/IN/internal: enter" ns7/named.run
792
793echo_i "edit zone files"
794cp ns7/test.db.in ns7/test.db
795cp ns7/include2.db.in ns7/include.db
796
797echo_i "rndc thaw"
798$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i
799
800wait_for_log 3 "zone_postload: zone test/IN/internal: done" ns7/named.run
801
802echo_i "rndc reload"
803$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i
804
805wait_for_log 3 "all zones loaded" ns7/named.run
806
807n=$((n + 1))
808echo_i "checking zone file edits are loaded ($n)"
809ret=0
810TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
811$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1
812grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
813TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
814$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1
815grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
816if [ $ret != 0 ]; then echo_i "failed"; fi
817status=$((status + ret))
818
819n=$((n + 1))
820echo_i "check rndc nta -dump reports NTAs in multiple views ($n)"
821ret=0
822$RNDCCMD 10.53.0.3 nta -dump >rndc.out.test$n 2>&1 || ret=1
823lines=$(cat rndc.out.test$n | wc -l)
824[ ${lines:-0} -eq 2 ] || ret=1
825if [ $ret != 0 ]; then echo_i "failed"; fi
826status=$((status + ret))
827
828echo_i "exit status: $status"
829[ $status -eq 0 ] || exit 1
830