1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 19DIGOPTS="" 20DIGCMD="$DIG $DIGOPTS -p ${PORT}" 21RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../_common/rndc.conf -s" 22 23status=0 24n=0 25 26n=$((n + 1)) 27echo_i "preparing ($n)" 28ret=0 29$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1 30server 10.53.0.2 31zone nil. 32update add text1.nil. 600 IN TXT "addition 1" 33send 34zone other. 35update add text1.other. 600 IN TXT "addition 1" 36send 37END 38[ -s ns2/nil.db.jnl ] || { 39 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 40 ret=1 41} 42[ -s ns2/other.db.jnl ] || { 43 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 44 ret=1 45} 46if [ $ret != 0 ]; then echo_i "failed"; fi 47status=$((status + ret)) 48 49echo_i "rndc freeze" 50$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i 51 52n=$((n + 1)) 53echo_i "checking zone was dumped ($n)" 54ret=0 55for i in 1 2 3 4 5 6 7 8 9 10; do 56 grep "addition 1" ns2/nil.db >/dev/null && break 57 sleep 1 58done 59grep "addition 1" ns2/nil.db >/dev/null 2>&1 || ret=1 60if [ $ret != 0 ]; then echo_i "failed"; fi 61status=$((status + ret)) 62 63n=$((n + 1)) 64echo_i "checking journal file is still present ($n)" 65ret=0 66[ -s ns2/nil.db.jnl ] || { 67 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 68 ret=1 69} 70if [ $ret != 0 ]; then echo_i "failed"; fi 71status=$((status + ret)) 72 73n=$((n + 1)) 74echo_i "checking zone not writable ($n)" 75ret=0 76$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END && ret=1 77server 10.53.0.2 78zone nil. 79update add text2.nil. 600 IN TXT "addition 2" 80send 81END 82 83$DIGCMD @10.53.0.2 text2.nil. TXT >dig.out.1.test$n || ret=1 84grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1 85if [ $ret != 0 ]; then echo_i "failed"; fi 86status=$((status + ret)) 87 88echo_i "rndc thaw" 89$RNDCCMD 10.53.0.2 thaw | sed 's/^/ns2 /' | cat_i 90 91wait_for_log 3 "zone_postload: zone nil/IN: done" ns2/named.run 92 93n=$((n + 1)) 94echo_i "checking zone now writable ($n)" 95ret=0 96$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 97server 10.53.0.2 98zone nil. 99update add text3.nil. 600 IN TXT "addition 3" 100send 101END 102$DIGCMD @10.53.0.2 text3.nil. TXT >dig.out.1.test$n || ret=1 103grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 104if [ $ret != 0 ]; then echo_i "failed"; fi 105status=$((status + ret)) 106 107echo_i "rndc sync" 108ret=0 109$RNDCCMD 10.53.0.2 sync nil | sed 's/^/ns2 /' | cat_i 110 111n=$((n + 1)) 112echo_i "checking zone was dumped ($n)" 113ret=0 114for i in 1 2 3 4 5 6 7 8 9 10; do 115 grep "addition 3" ns2/nil.db >/dev/null && break 116 sleep 1 117done 118grep "addition 3" ns2/nil.db >/dev/null 2>&1 || ret=1 119if [ $ret != 0 ]; then echo_i "failed"; fi 120status=$((status + ret)) 121 122n=$((n + 1)) 123echo_i "checking journal file is still present ($n)" 124ret=0 125[ -s ns2/nil.db.jnl ] || { 126 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 127 ret=1 128} 129if [ $ret != 0 ]; then echo_i "failed"; fi 130status=$((status + ret)) 131 132n=$((n + 1)) 133echo_i "checking zone is still writable ($n)" 134ret=0 135$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 136server 10.53.0.2 137zone nil. 138update add text4.nil. 600 IN TXT "addition 4" 139send 140END 141 142$DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1 143grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 144if [ $ret != 0 ]; then echo_i "failed"; fi 145status=$((status + ret)) 146 147echo_i "rndc sync -clean" 148ret=0 149$RNDCCMD 10.53.0.2 sync -clean nil | sed 's/^/ns2 /' | cat_i 150 151n=$((n + 1)) 152echo_i "checking zone was dumped ($n)" 153ret=0 154for i in 1 2 3 4 5 6 7 8 9 10; do 155 grep "addition 4" ns2/nil.db >/dev/null && break 156 sleep 1 157done 158grep "addition 4" ns2/nil.db >/dev/null 2>&1 || ret=1 159if [ $ret != 0 ]; then echo_i "failed"; fi 160status=$((status + ret)) 161 162n=$((n + 1)) 163echo_i "checking journal file is deleted ($n)" 164ret=0 165[ -s ns2/nil.db.jnl ] && { 166 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 167 ret=1 168} 169if [ $ret != 0 ]; then echo_i "failed"; fi 170status=$((status + ret)) 171 172n=$((n + 1)) 173echo_i "checking zone is still writable ($n)" 174ret=0 175$NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1 176server 10.53.0.2 177zone nil. 178update add text5.nil. 600 IN TXT "addition 5" 179send 180END 181 182$DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1 183grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 184if [ $ret != 0 ]; then echo_i "failed"; fi 185status=$((status + ret)) 186 187n=$((n + 1)) 188echo_i "checking other journal files not removed ($n)" 189ret=0 190[ -s ns2/other.db.jnl ] || { 191 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 192 ret=1 193} 194if [ $ret != 0 ]; then echo_i "failed"; fi 195status=$((status + ret)) 196 197echo_i "cleaning all zones ($n)" 198$RNDCCMD 10.53.0.2 sync -clean | sed 's/^/ns2 /' | cat_i 199 200n=$((n + 1)) 201echo_i "checking all journals removed ($n)" 202ret=0 203[ -s ns2/nil.db.jnl ] && { 204 echo_i "'test -s ns2/nil.db.jnl' succeeded when it shouldn't have" 205 ret=1 206} 207[ -s ns2/other.db.jnl ] && { 208 echo_i "'test -s ns2/other.db.jnl' succeeded when it shouldn't have" 209 ret=1 210} 211if [ $ret != 0 ]; then echo_i "failed"; fi 212status=$((status + ret)) 213 214n=$((n + 1)) 215echo_i "checking that freezing static zones is not allowed ($n)" 216ret=0 217$RNDCCMD 10.53.0.2 freeze static >rndc.out.1.test$n 2>&1 && ret=1 218grep 'not dynamic' rndc.out.1.test$n >/dev/null || ret=1 219if [ $ret != 0 ]; then echo_i "failed"; fi 220status=$((status + ret)) 221 222n=$((n + 1)) 223echo_i "checking that journal is removed when serial is changed before thaw ($n)" 224ret=0 225sleep 1 226$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 227server 10.53.0.2 228zone other. 229update add text6.other. 600 IN TXT "addition 6" 230send 231END 232[ -s ns2/other.db.jnl ] || { 233 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 234 ret=1 235} 236$RNDCCMD 10.53.0.2 freeze other 2>&1 | sed 's/^/ns2 /' | cat_i 237for i in 1 2 3 4 5 6 7 8 9 10; do 238 grep "addition 6" ns2/other.db >/dev/null && break 239 sleep 1 240done 241serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db) 242newserial=$((serial + 1)) 243sed s/$serial/$newserial/ ns2/other.db >ns2/other.db.new 244echo 'frozen TXT "frozen addition"' >>ns2/other.db.new 245mv -f ns2/other.db.new ns2/other.db 246$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i 247sleep 1 248[ -f ns2/other.db.jnl ] && { 249 echo_i "'test -f ns2/other.db.jnl' succeeded when it shouldn't have" 250 ret=1 251} 252$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1 253server 10.53.0.2 254zone other. 255update add text7.other. 600 IN TXT "addition 7" 256send 257END 258$DIGCMD @10.53.0.2 text6.other. TXT >dig.out.1.test$n || ret=1 259grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 260$DIGCMD @10.53.0.2 text7.other. TXT >dig.out.2.test$n || ret=1 261grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 262$DIGCMD @10.53.0.2 frozen.other. TXT >dig.out.3.test$n || ret=1 263grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 264if [ $ret != 0 ]; then echo_i "failed"; fi 265status=$((status + ret)) 266 267n=$((n + 1)) 268echo_i "checking that journal is kept when ixfr-from-differences is in use ($n)" 269ret=0 270$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 271server 10.53.0.2 272zone nil. 273update add text6.nil. 600 IN TXT "addition 6" 274send 275END 276[ -s ns2/nil.db.jnl ] || { 277 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 278 ret=1 279} 280$RNDCCMD 10.53.0.2 freeze nil 2>&1 | sed 's/^/ns2 /' | cat_i 281for i in 1 2 3 4 5 6 7 8 9 10; do 282 grep "addition 6" ns2/nil.db >/dev/null && break 283 sleep 1 284done 285serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db) 286newserial=$((serial + 1)) 287sed s/$serial/$newserial/ ns2/nil.db >ns2/nil.db.new 288echo 'frozen TXT "frozen addition"' >>ns2/nil.db.new 289mv -f ns2/nil.db.new ns2/nil.db 290$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i 291sleep 1 292[ -s ns2/nil.db.jnl ] || { 293 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 294 ret=1 295} 296$NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1 297server 10.53.0.2 298zone nil. 299update add text7.nil. 600 IN TXT "addition 7" 300send 301END 302$DIGCMD @10.53.0.2 text6.nil. TXT >dig.out.1.test$n || ret=1 303grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 304$DIGCMD @10.53.0.2 text7.nil. TXT >dig.out.2.test$n || ret=1 305grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 306$DIGCMD @10.53.0.2 frozen.nil. TXT >dig.out.3.test$n || ret=1 307grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 308if [ $ret != 0 ]; then echo_i "failed"; fi 309status=$((status + ret)) 310 311# temp test 312echo_i "dumping stats ($n)" 313$RNDCCMD 10.53.0.2 stats 314n=$((n + 1)) 315echo_i "verifying adb records in named.stats ($n)" 316grep "ADB stats" ns2/named.stats >/dev/null || ret=1 317if [ $ret != 0 ]; then echo_i "failed"; fi 318status=$((status + ret)) 319 320n=$((n + 1)) 321echo_i "test using second key ($n)" 322ret=0 323$RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status >/dev/null || ret=1 324if [ $ret != 0 ]; then echo_i "failed"; fi 325status=$((status + ret)) 326 327n=$((n + 1)) 328echo_i "test 'rndc dumpdb' on a empty cache ($n)" 329ret=0 330rndc_dumpdb ns3 || ret=1 331if [ $ret != 0 ]; then echo_i "failed"; fi 332status=$((status + ret)) 333 334n=$((n + 1)) 335echo_i "test 'rndc reload' on a zone with include files ($n)" 336ret=0 337grep "incl/IN: skipping load" ns2/named.run >/dev/null && ret=1 338loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) 339[ "$loads" -eq 1 ] || ret=1 340$RNDCCMD 10.53.0.2 reload >/dev/null || ret=1 341for i in 1 2 3 4 5 6 7 8 9; do 342 tmp=0 343 grep "incl/IN: skipping load" ns2/named.run >/dev/null || tmp=1 344 [ $tmp -eq 0 ] && break 345 sleep 1 346done 347[ $tmp -eq 1 ] && ret=1 348touch ns2/static.db 349$RNDCCMD 10.53.0.2 reload >/dev/null || ret=1 350for i in 1 2 3 4 5 6 7 8 9; do 351 tmp=0 352 loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) 353 [ "$loads" -eq 2 ] || tmp=1 354 [ $tmp -eq 0 ] && break 355 sleep 1 356done 357[ $tmp -eq 1 ] && ret=1 358if [ $ret != 0 ]; then echo_i "failed"; fi 359status=$((status + ret)) 360 361n=$((n + 1)) 362if $FEATURETEST --md5; then 363 echo_i "testing rndc with hmac-md5 ($n)" 364 ret=0 365 $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status >/dev/null 2>&1 || ret=1 366 for i in 2 3 4 5 6; do 367 $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 368 done 369 if [ $ret != 0 ]; then echo_i "failed"; fi 370 status=$((status + ret)) 371else 372 echo_i "skipping rndc with hmac-md5 ($n)" 373fi 374 375n=$((n + 1)) 376echo_i "testing rndc with hmac-sha1 ($n)" 377ret=0 378$RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key2.conf status >/dev/null 2>&1 || ret=1 379for i in 1 3 4 5 6; do 380 $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 381done 382if [ $ret != 0 ]; then echo_i "failed"; fi 383status=$((status + ret)) 384 385n=$((n + 1)) 386echo_i "testing rndc with hmac-sha224 ($n)" 387ret=0 388$RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key3.conf status >/dev/null 2>&1 || ret=1 389for i in 1 2 4 5 6; do 390 $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 391done 392if [ $ret != 0 ]; then echo_i "failed"; fi 393status=$((status + ret)) 394 395n=$((n + 1)) 396echo_i "testing rndc with hmac-sha256 ($n)" 397ret=0 398$RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key4.conf status >/dev/null 2>&1 || ret=1 399for i in 1 2 3 5 6; do 400 $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 401done 402if [ $ret != 0 ]; then echo_i "failed"; fi 403status=$((status + ret)) 404 405n=$((n + 1)) 406echo_i "testing rndc with hmac-sha384 ($n)" 407ret=0 408$RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key5.conf status >/dev/null 2>&1 || ret=1 409for i in 1 2 3 4 6; do 410 $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 411done 412if [ $ret != 0 ]; then echo_i "failed"; fi 413status=$((status + ret)) 414 415n=$((n + 1)) 416echo_i "testing rndc with hmac-sha512 ($n)" 417ret=0 418$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >/dev/null 2>&1 || ret=1 419for i in 1 2 3 4 5; do 420 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key${i}.conf status >/dev/null 2>&1 2>&1 && ret=1 421done 422if [ $ret != 0 ]; then echo_i "failed"; fi 423status=$((status + ret)) 424 425n=$((n + 1)) 426echo_i "testing single control channel with multiple algorithms ($n)" 427ret=0 428for i in 1 2 3 4 5 6; do 429 $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status >/dev/null 2>&1 || ret=1 430done 431if [ $ret != 0 ]; then echo_i "failed"; fi 432status=$((status + ret)) 433 434n=$((n + 1)) 435echo_i "testing automatic zones are reported ($n)" 436ret=0 437$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n || ret=1 438grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n >/dev/null || ret=1 439if [ $ret != 0 ]; then echo_i "failed"; fi 440status=$((status + ret)) 441 442n=$((n + 1)) 443echo_i "testing rndc with null command ($n)" 444ret=0 445$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf null || ret=1 446if [ $ret != 0 ]; then echo_i "failed"; fi 447status=$((status + ret)) 448 449n=$((n + 1)) 450echo_i "testing rndc with unknown control channel command ($n)" 451ret=0 452$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf obviouslynotacommand >/dev/null 2>&1 && ret=1 453# rndc: 'obviouslynotacommand' failed: unknown command 454if [ $ret != 0 ]; then echo_i "failed"; fi 455status=$((status + ret)) 456 457n=$((n + 1)) 458echo_i "testing rndc with querylog command ($n)" 459ret=0 460# first enable it with querylog on option 461$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog on >/dev/null 2>&1 || ret=1 462grep "query logging is now on" ns4/named.run >/dev/null || ret=1 463# query for builtin and check if query was logged (without +subnet) 464$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo12345.bind +qr >dig.out.1.test$n 2>&1 || ret=1 465grep "query: foo12345.bind CH TXT.*(.*)$" ns4/named.run >/dev/null || ret=1 466# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1) 467$DIG +subnet=127.0.0.1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12346.bind +qr >dig.out.2.test$n 2>&1 || ret=1 468grep "query: foo12346.bind CH TXT.*\[ECS 127\.0\.0\.1/32/0]" ns4/named.run >/dev/null || ret=1 469# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1/24) 470$DIG +subnet=127.0.0.1/24 @10.53.0.4 -p ${PORT} -c ch -t txt foo12347.bind +qr >dig.out.3.test$n 2>&1 || ret=1 471grep "query: foo12347.bind CH TXT.*\[ECS 127\.0\.0\.0/24/0]" ns4/named.run >/dev/null || ret=1 472# query for another builtin zone and check if query was logged (with +subnet=::1) 473$DIG +subnet=::1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12348.bind +qr >dig.out.4.test$n 2>&1 || ret=1 474grep "query: foo12348.bind CH TXT.*\[ECS ::1/128/0]" ns4/named.run >/dev/null || ret=1 475# toggle query logging and check again 476$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog >/dev/null 2>&1 || ret=1 477grep "query logging is now off" ns4/named.run >/dev/null || ret=1 478# query for another builtin zone and check if query was logged (without +subnet) 479$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo9876.bind +qr >dig.out.5.test$n 2>&1 || ret=1 480grep "query: foo9876.bind CH TXT.*(.*)$" ns4/named.run >/dev/null && ret=1 481if [ $ret != 0 ]; then echo_i "failed"; fi 482status=$((status + ret)) 483 484RNDCCMD4="$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf" 485n=$((n + 1)) 486echo_i "testing rndc nta time limits ($n)" 487ret=0 488$RNDCCMD4 nta -l 2h nta1.example >rndc.out.1.test$n 2>&1 489grep "Negative trust anchor added" rndc.out.1.test$n >/dev/null || ret=1 490$RNDCCMD4 nta -l 1d nta2.example >rndc.out.2.test$n 2>&1 491grep "Negative trust anchor added" rndc.out.2.test$n >/dev/null || ret=1 492$RNDCCMD4 nta -l 1w nta3.example >rndc.out.3.test$n 2>&1 493grep "Negative trust anchor added" rndc.out.3.test$n >/dev/null || ret=1 494$RNDCCMD4 nta -l 8d nta4.example >rndc.out.4.test$n 2>&1 && ret=1 495grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n >/dev/null || ret=1 496if [ $ret != 0 ]; then echo_i "failed"; fi 497status=$((status + ret)) 498 499n=$((n + 1)) 500echo_i "testing rndc nta -class option ($n)" 501ret=0 502nextpart ns4/named.run >/dev/null 503$RNDCCMD4 nta -c in nta1.example >rndc.out.1.test$n 2>&1 504nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1 505$RNDCCMD4 nta -c any nta1.example >rndc.out.2.test$n 2>&1 506nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1 507$RNDCCMD4 nta -c ch nta1.example >rndc.out.3.test$n 2>&1 508nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1 509$RNDCCMD4 nta -c fake nta1.example >rndc.out.4.test$n 2>&1 && ret=1 510nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1 511grep 'unknown class' rndc.out.4.test$n >/dev/null || ret=1 512if [ $ret != 0 ]; then echo_i "failed"; fi 513status=$((status + ret)) 514 515for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288; do 516 n=$((n + 1)) 517 echo_i "testing rndc buffer size limits (size=${i}) ($n)" 518 ret=0 519 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 >rndc.out.$i.test$n || ret=1 520 { 521 actual_size=$($GENCHECK rndc.out.$i.test$n) 522 rc=$? 523 } || true 524 if [ "$rc" = "0" ]; then 525 expected_size=$((i + 1)) 526 if [ $actual_size != $expected_size ]; then ret=1; fi 527 else 528 ret=1 529 fi 530 531 if [ $ret != 0 ]; then echo_i "failed"; fi 532 status=$((status + ret)) 533done 534 535n=$((n + 1)) 536echo_i "testing rndc -r (show result) ($n)" 537ret=0 538$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 >rndc.out.1.test$n || ret=1 539grep "ISC_R_SUCCESS 0" rndc.out.1.test$n >/dev/null || ret=1 540if [ $ret != 0 ]; then echo_i "failed"; fi 541status=$((status + ret)) 542 543n=$((n + 1)) 544echo_i "testing rndc with a token containing a space ($n)" 545ret=0 546$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r flush '"view with a space"' 2>&1 >rndc.out.1.test$n || ret=1 547grep "not found" rndc.out.1.test$n >/dev/null && ret=1 548if [ $ret != 0 ]; then echo_i "failed"; fi 549status=$((status + ret)) 550 551n=$((n + 1)) 552echo_i "test 'rndc reconfig' with a broken config ($n)" 553ret=0 554$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 555sleep 1 556mv ns4/named.conf ns4/named.conf.save 557echo "error error error" >>ns4/named.conf 558$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >rndc.out.1.test$n 2>&1 && ret=1 559grep "rndc: 'reconfig' failed: unexpected token" rndc.out.1.test$n >/dev/null || ret=1 560if [ $ret != 0 ]; then echo_i "failed"; fi 561status=$((status + ret)) 562 563n=$((n + 1)) 564echo_i "check rndc status reports failure ($n)" 565ret=0 566$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1 567grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null || ret=1 568if [ $ret != 0 ]; then echo_i "failed"; fi 569status=$((status + ret)) 570 571n=$((n + 1)) 572echo_i "restore working config ($n)" 573ret=0 574mv ns4/named.conf.save ns4/named.conf 575sleep 1 576$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 577sleep 1 578if [ $ret != 0 ]; then echo_i "failed"; fi 579status=$((status + ret)) 580 581n=$((n + 1)) 582echo_i "check 'rndc status' 'reload/reconfig failure' is cleared after successful reload/reconfig ($n)" 583ret=0 584$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1 585grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null && ret=1 586if [ $ret != 0 ]; then echo_i "failed"; fi 587status=$((status + ret)) 588 589n=$((n + 1)) 590echo_i "test read-only control channel access ($n)" 591ret=0 592$RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1 593$RNDCCMD 10.53.0.5 nta -dump >rndc.out.2.test$n 2>&1 || ret=1 594$RNDCCMD 10.53.0.5 reconfig >rndc.out.3.test$n 2>&1 && ret=1 595if [ $ret != 0 ]; then echo_i "failed"; fi 596status=$((status + ret)) 597 598n=$((n + 1)) 599echo_i "test rndc status shows running on ($n)" 600ret=0 601$RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1 602grep "^running on " rndc.out.1.test$n >/dev/null || ret=1 603if [ $ret != 0 ]; then echo_i "failed"; fi 604status=$((status + ret)) 605 606n=$((n + 1)) 607echo_i "test 'rndc reconfig' with loading of a large zone ($n)" 608ret=0 609nextpart ns6/named.run >/dev/null 610cp ns6/named.conf ns6/named.conf.save 611echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >>ns6/named.conf 612echo_i "reloading config" 613$RNDCCMD 10.53.0.6 reconfig >rndc.out.1.test$n 2>&1 || ret=1 614if [ $ret != 0 ]; then echo_i "failed"; fi 615status=$((status + ret)) 616sleep 1 617 618n=$((n + 1)) 619echo_i "check if zone load was scheduled ($n)" 620wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1 621if [ $ret != 0 ]; then echo_i "failed"; fi 622status=$((status + ret)) 623 624n=$((n + 1)) 625echo_i "check if query for the zone returns SERVFAIL ($n)" 626$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n 627grep "SERVFAIL" dig.out.1.test$n >/dev/null || ret=1 628if [ $ret != 0 ]; then 629 echo_i "failed (ignored)" 630 ret=0 631fi 632status=$((status + ret)) 633 634n=$((n + 1)) 635echo_i "wait for the zones to be loaded ($n)" 636wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1 637if [ $ret != 0 ]; then echo_i "failed"; fi 638status=$((status + ret)) 639 640n=$((n + 1)) 641echo_i "check if query for the zone returns NOERROR ($n)" 642$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n 643grep "NOERROR" dig.out.1.test$n >/dev/null || ret=1 644if [ $ret != 0 ]; then echo_i "failed"; fi 645status=$((status + ret)) 646 647n=$((n + 1)) 648echo_i "verify that the full command is logged ($n)" 649ret=0 650$RNDCCMD 10.53.0.2 null with extra arguments >/dev/null 2>&1 651grep "received control channel command 'null with extra arguments'" ns2/named.run >/dev/null || ret=1 652if [ $ret != 0 ]; then echo_i "failed"; fi 653status=$((status + ret)) 654 655mv ns6/named.conf.save ns6/named.conf 656sleep 1 657$RNDCCMD 10.53.0.6 reconfig >/dev/null || ret=1 658sleep 1 659if [ $ret != 0 ]; then echo_i "failed"; fi 660status=$((status + ret)) 661 662n=$((n + 1)) 663echo_i "check 'rndc \"\"' is handled ($n)" 664ret=0 665$RNDCCMD 10.53.0.2 "" >rndc.out.1.test$n 2>&1 && ret=1 666grep "rndc: '' failed: failure" rndc.out.1.test$n >/dev/null 667if [ $ret != 0 ]; then echo_i "failed"; fi 668status=$((status + ret)) 669 670n=$((n + 1)) 671echo_i "check rndc -4 -6 ($n)" 672ret=0 673$RNDCCMD 10.53.0.2 -4 -6 status >rndc.out.1.test$n 2>&1 && ret=1 674grep "only one of -4 and -6 allowed" rndc.out.1.test$n >/dev/null || ret=1 675if [ $ret != 0 ]; then echo_i "failed"; fi 676status=$((status + ret)) 677 678n=$((n + 1)) 679echo_i "check rndc -4 with an IPv6 server address ($n)" 680ret=0 681$RNDCCMD fd92:7065:b8e:ffff::2 -4 status >rndc.out.1.test$n 2>&1 && ret=1 682grep "address family not supported" rndc.out.1.test$n >/dev/null || ret=1 683if [ $ret != 0 ]; then echo_i "failed"; fi 684status=$((status + ret)) 685 686n=$((n + 1)) 687echo_i "check rndc nta reports adding to multiple views ($n)" 688ret=0 689$RNDCCMD 10.53.0.3 nta test.com >rndc.out.test$n 2>&1 || ret=1 690lines=$(cat rndc.out.test$n | wc -l) 691[ ${lines:-0} -eq 2 ] || ret=1 692if [ $ret != 0 ]; then echo_i "failed"; fi 693status=$((status + ret)) 694 695n=$((n + 1)) 696echo_i "check 'rndc retransfer' of primary error message ($n)" 697ret=0 698$RNDCCMD 10.53.0.2 retransfer nil >rndc.out.test$n 2>&1 && ret=1 699grep "rndc: 'retransfer' failed: failure" rndc.out.test$n >/dev/null || ret=1 700grep "retransfer: inappropriate zone type: primary" rndc.out.test$n >/dev/null || ret=1 701lines=$(cat rndc.out.test$n | wc -l) 702[ ${lines:-0} -eq 2 ] || ret=1 703if [ $ret != 0 ]; then echo_i "failed"; fi 704status=$((status + ret)) 705 706n=$((n + 1)) 707echo_i "check 'rndc freeze' with in-view zones works ($n)" 708ret=0 709$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze >rndc.out.test$n 2>&1 || ret=1 710test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i 711if [ $ret != 0 ]; then echo_i "failed"; fi 712status=$((status + ret)) 713 714n=$((n + 1)) 715echo_i "checking non in-view zone instance is not writable ($n)" 716ret=0 717$NSUPDATE -p ${PORT} >/dev/null 2>&1 <<END && ret=1 718server 10.53.0.4 719zone example. 720update add text2.example. 600 IN TXT "addition 3" 721send 722END 723$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1 724grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1 725if [ $ret != 0 ]; then echo_i "failed"; fi 726status=$((status + ret)) 727 728n=$((n + 1)) 729echo_i "check 'rndc thaw' with in-view zones works ($n)" 730ret=0 731$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw >rndc.out.test$n 2>&1 || ret=1 732test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i 733if [ $ret != 0 ]; then echo_i "failed"; fi 734status=$((status + ret)) 735 736n=$((n + 1)) 737echo_i "checking non in-view zone instance is now writable ($n)" 738ret=0 739$NSUPDATE -p ${PORT} >nsupdate.out.test$n 2>&1 <<END || ret=1 740server 10.53.0.4 741zone example. 742update add text2.example. 600 IN TXT "addition 3" 743send 744END 745$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1 746grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 747if [ $ret != 0 ]; then echo_i "failed"; fi 748status=$((status + ret)) 749 750n=$((n + 1)) 751echo_i "checking initial in-view zone file is loaded ($n)" 752ret=0 753TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 754$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1 755grep 'include 1' dig.out.1.test$n >/dev/null || ret=1 756TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 757$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1 758grep 'include 1' dig.out.2.test$n >/dev/null || ret=1 759if [ $ret != 0 ]; then echo_i "failed"; fi 760status=$((status + ret)) 761 762echo_i "update in-view zone ($n)" 763ret=0 764TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 765$NSUPDATE -p ${PORT} -y "$TSIG" >/dev/null 2>&1 <<END || ret=1 766server 10.53.0.7 767zone test. 768update add text2.test. 600 IN TXT "addition 1" 769send 770END 771[ -s ns7/test.db.jnl ] || { 772 echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have" 773 ret=1 774} 775if [ $ret != 0 ]; then echo_i "failed"; fi 776status=$((status + ret)) 777 778echo_i "checking update ($n)" 779ret=0 780TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 781$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT >dig.out.1.test$n || ret=1 782grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1 783if [ $ret != 0 ]; then echo_i "failed"; fi 784status=$((status + ret)) 785 786nextpart ns7/named.run >/dev/null 787 788echo_i "rndc freeze" 789$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i 790 791wait_for_log 3 "dump_done: zone test/IN/internal: enter" ns7/named.run 792 793echo_i "edit zone files" 794cp ns7/test.db.in ns7/test.db 795cp ns7/include2.db.in ns7/include.db 796 797echo_i "rndc thaw" 798$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i 799 800wait_for_log 3 "zone_postload: zone test/IN/internal: done" ns7/named.run 801 802echo_i "rndc reload" 803$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i 804 805wait_for_log 3 "all zones loaded" ns7/named.run 806 807n=$((n + 1)) 808echo_i "checking zone file edits are loaded ($n)" 809ret=0 810TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 811$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1 812grep 'include 2' dig.out.1.test$n >/dev/null || ret=1 813TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 814$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1 815grep 'include 2' dig.out.2.test$n >/dev/null || ret=1 816if [ $ret != 0 ]; then echo_i "failed"; fi 817status=$((status + ret)) 818 819n=$((n + 1)) 820echo_i "check rndc nta -dump reports NTAs in multiple views ($n)" 821ret=0 822$RNDCCMD 10.53.0.3 nta -dump >rndc.out.test$n 2>&1 || ret=1 823lines=$(cat rndc.out.test$n | wc -l) 824[ ${lines:-0} -eq 2 ] || ret=1 825if [ $ret != 0 ]; then echo_i "failed"; fi 826status=$((status + ret)) 827 828echo_i "exit status: $status" 829[ $status -eq 0 ] || exit 1 830