1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -e 15 16. ../conf.sh 17 18DIGOPTS="+tcp -p ${PORT}" 19 20status=0 21echo_i "check that the stub zone has been saved to disk" 22for i in 1 2 3 4 5 6 7 8 9 20; do 23 [ -f ns3/child.example.st ] && break 24 sleep 1 25done 26[ -f ns3/child.example.st ] || { 27 status=1 28 echo_i "failed" 29} 30 31for pass in 1 2; do 32 33 echo_i "trying an axfr that should be denied (NOTAUTH) (pass=$pass)" 34 ret=0 35 $DIG $DIGOPTS child.example. @10.53.0.3 axfr >dig.out.ns3 || ret=1 36 grep "; Transfer failed." dig.out.ns3 >/dev/null || ret=1 37 [ $ret = 0 ] || { 38 status=1 39 echo_i "failed" 40 } 41 42 echo_i "look for stub zone data without recursion (should not be found) (pass=$pass)" 43 for i in 1 2 3 4 5 6 7 8 9; do 44 ret=0 45 $DIG $DIGOPTS +norec data.child.example. \ 46 @10.53.0.3 txt >dig.out.ns3 || ret=1 47 grep "status: NOERROR" dig.out.ns3 >/dev/null || ret=1 48 [ $ret = 0 ] && break 49 sleep 1 50 done 51 digcomp knowngood.dig.out.norec dig.out.ns3 || ret=1 52 [ $ret = 0 ] || { 53 status=1 54 echo_i "failed" 55 } 56 57 echo_i "look for stub zone data with recursion (should be found) (pass=$pass)" 58 ret=0 59 $DIG $DIGOPTS +noauth +noadd data.child.example. @10.53.0.3 txt >dig.out.ns3 || ret=1 60 digcomp knowngood.dig.out.rec dig.out.ns3 || ret=1 61 [ $ret = 0 ] || { 62 status=1 63 echo_i "failed" 64 } 65 66 [ $pass = 1 ] && { 67 echo_i "stopping stub server" 68 stop_server ns3 69 70 echo_i "re-starting stub server" 71 start_server --noclean --restart --port ${PORT} ns3 72 } 73done 74 75echo_i "check that glue record is correctly transferred from primary when minimal-responses is on" 76ret=0 77# First ensure that zone data was transfered. 78for i in 1 2 3 4 5 6 7; do 79 [ -f ns5/example.db ] && break 80 sleep 1 81done 82 83if [ -f ns5/example.db ]; then 84 # If NS glue wasn't transferred, this query would fail. 85 $DIG $DIGOPTS +nodnssec @10.53.0.5 target.example. txt >dig.out.ns5 || ret=1 86 grep 'target\.example.*TXT.*"test"' dig.out.ns5 >/dev/null || ret=1 87 # Ensure both ipv4 and ipv6 glue records were transferred. 88 grep -E 'ns4[[:space:]]+A[[:space:]]+10.53.0.4' ns5/example.db >/dev/null || ret=1 89 grep -E 'AAAA[[:space:]]+fd92:7065:b8e:ffff::4' ns5/example.db >/dev/null || ret=1 90 [ $ret = 0 ] || { 91 status=1 92 echo_i "failed" 93 } 94else 95 status=1 96 echo_i "failed: stub zone transfer failed ns4(primary) <---> ns5/example.db" 97fi 98 99echo_i "exit status: $status" 100[ $status -eq 0 ] || exit 1 101