tests.sh revision 1.1.1.4
1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14# ns1 = stealth primary 15# ns2 = secondary with update forwarding disabled; not currently used 16# ns3 = secondary with update forwarding enabled 17 18SYSTEMTESTTOP=.. 19. $SYSTEMTESTTOP/conf.sh 20 21DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" 22RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf" 23 24status=0 25n=1 26capture_dnstap() { 27 retry_quiet 20 test -f ns3/dnstap.out && mv ns3/dnstap.out dnstap.out.$n 28 $RNDCCMD -s 10.53.0.3 dnstap -reopen 29} 30 31uq_equals_ur() { 32 "$DNSTAPREAD" dnstap.out.$n | 33 awk '$3 == "UQ" { UQ+=1 } $3 == "UR" { UR += 1 } END { print UQ+0, UR+0 }' > dnstapread.out$n 34 read UQ UR < dnstapread.out$n 35 echo_i "UQ=$UQ UR=$UR" 36 test $UQ -eq $UR || return 1 37} 38 39echo_i "waiting for servers to be ready for testing ($n)" 40for i in 1 2 3 4 5 6 7 8 9 10 41do 42 ret=0 43 $DIG +tcp -p ${PORT} example. @10.53.0.1 soa > dig.out.ns1 || ret=1 44 grep "status: NOERROR" dig.out.ns1 > /dev/null || ret=1 45 $DIG +tcp -p ${PORT} example. @10.53.0.2 soa > dig.out.ns2 || ret=1 46 grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1 47 $DIG +tcp -p ${PORT} example. @10.53.0.3 soa > dig.out.ns3 || ret=1 48 grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 49 test $ret = 0 && break 50 sleep 1 51done 52if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 53n=`expr $n + 1` 54 55echo_i "fetching primary copy of zone before update ($n)" 56ret=0 57$DIG $DIGOPTS example.\ 58 @10.53.0.1 axfr > dig.out.ns1 || ret=1 59if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 60n=`expr $n + 1` 61 62echo_i "fetching secondary 1 copy of zone before update ($n)" 63$DIG $DIGOPTS example.\ 64 @10.53.0.2 axfr > dig.out.ns2 || ret=1 65if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 66n=`expr $n + 1` 67 68echo_i "fetching secondary 2 copy of zone before update ($n)" 69ret=0 70$DIG $DIGOPTS example.\ 71 @10.53.0.3 axfr > dig.out.ns3 || ret=1 72if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 73n=`expr $n + 1` 74 75echo_i "comparing pre-update copies to known good data ($n)" 76ret=0 77digcomp knowngood.before dig.out.ns1 || ret=1 78digcomp knowngood.before dig.out.ns2 || ret=1 79digcomp knowngood.before dig.out.ns3 || ret=1 80if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 81 82echo_i "updating zone (signed) ($n)" 83ret=0 84$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1 85server 10.53.0.3 ${PORT} 86update add updated.example. 600 A 10.10.10.1 87update add updated.example. 600 TXT Foo 88send 89EOF 90if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 91n=`expr $n + 1` 92 93echo_i "sleeping 15 seconds for server to incorporate changes" 94sleep 15 95 96echo_i "fetching primary copy of zone after update ($n)" 97ret=0 98$DIG $DIGOPTS example.\ 99 @10.53.0.1 axfr > dig.out.ns1 || ret=1 100if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 101n=`expr $n + 1` 102 103echo_i "fetching secondary 1 copy of zone after update ($n)" 104ret=0 105$DIG $DIGOPTS example.\ 106 @10.53.0.2 axfr > dig.out.ns2 || ret=1 107if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 108 109echo_i "fetching secondary 2 copy of zone after update ($n)" 110ret=0 111$DIG $DIGOPTS example.\ 112 @10.53.0.3 axfr > dig.out.ns3 || ret=1 113if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 114n=`expr $n + 1` 115 116echo_i "comparing post-update copies to known good data ($n)" 117ret=0 118digcomp knowngood.after1 dig.out.ns1 || ret=1 119digcomp knowngood.after1 dig.out.ns2 || ret=1 120digcomp knowngood.after1 dig.out.ns3 || ret=1 121if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 122 123echo_i "checking 'forwarding update for zone' is logged ($n)" 124ret=0 125grep "forwarding update for zone 'example/IN'" ns3/named.run > /dev/null || ret=1 126if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 127n=`expr $n + 1` 128 129if $FEATURETEST --enable-dnstap 130then 131 echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)" 132 ret=0 133 capture_dnstap 134 uq_equals_ur || ret=1 135 if [ $ret != 0 ] ; then echo_i "failed"; fi 136 status=`expr $status + $ret` 137 n=`expr $n + 1` 138fi 139 140echo_i "updating zone (unsigned) ($n)" 141ret=0 142$NSUPDATE -- - <<EOF || ret=1 143server 10.53.0.3 ${PORT} 144update add unsigned.example. 600 A 10.10.10.1 145update add unsigned.example. 600 TXT Foo 146send 147EOF 148if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 149n=`expr $n + 1` 150 151echo_i "sleeping 15 seconds for server to incorporate changes" 152sleep 15 153 154echo_i "fetching primary copy of zone after update ($n)" 155ret=0 156$DIG $DIGOPTS example.\ 157 @10.53.0.1 axfr > dig.out.ns1 || ret=1 158if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 159 160echo_i "fetching secondary 1 copy of zone after update ($n)" 161ret=0 162$DIG $DIGOPTS example.\ 163 @10.53.0.2 axfr > dig.out.ns2 || ret=1 164if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 165n=`expr $n + 1` 166 167echo_i "fetching secondary 2 copy of zone after update ($n)" 168ret=0 169$DIG $DIGOPTS example.\ 170 @10.53.0.3 axfr > dig.out.ns3 || ret=1 171if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 172 173echo_i "comparing post-update copies to known good data ($n)" 174ret=0 175digcomp knowngood.after2 dig.out.ns1 || ret=1 176digcomp knowngood.after2 dig.out.ns2 || ret=1 177digcomp knowngood.after2 dig.out.ns3 || ret=1 178if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 179 180if $FEATURETEST --enable-dnstap 181then 182 echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)" 183 ret=0 184 capture_dnstap 185 uq_equals_ur || ret=1 186 if [ $ret != 0 ] ; then echo_i "failed"; fi 187 status=`expr $status + $ret` 188 n=`expr $n + 1` 189fi 190n=`expr $n + 1` 191 192echo_i "checking update forwarding to dead primary ($n)" 193count=0 194ret=0 195while [ $count -lt 5 -a $ret -eq 0 ] 196do 197( 198$NSUPDATE -- - <<EOF 199server 10.53.0.3 ${PORT} 200zone nomaster 201update add unsigned.nomaster. 600 A 10.10.10.1 202update add unsigned.nomaster. 600 TXT Foo 203send 204EOF 205) > /dev/null 2>&1 & 206 $DIG -p ${PORT} +noadd +notcp +noauth nomaster. @10.53.0.3 soa > dig.out.ns3 || ret=1 207 grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 208 count=`expr $count + 1` 209done 210if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi 211n=`expr $n + 1` 212 213if $FEATURETEST --enable-dnstap 214then 215 echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)" 216 ret=0 217 capture_dnstap 218 uq_equals_ur && ret=1 219 if [ $ret != 0 ] ; then echo_i "failed"; fi 220 status=`expr $status + $ret` 221 n=`expr $n + 1` 222fi 223 224if test -f keyname 225then 226 echo_i "checking update forwarding to with sig0 ($n)" 227 ret=0 228 keyname=`cat keyname` 229 $NSUPDATE -k $keyname.private -- - <<EOF 230 server 10.53.0.3 ${PORT} 231 zone example2 232 update add unsigned.example2. 600 A 10.10.10.1 233 update add unsigned.example2. 600 TXT Foo 234 send 235EOF 236 $DIG -p ${PORT} unsigned.example2 A @10.53.0.1 > dig.out.ns1.test$n 237 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 238 if [ $ret != 0 ] ; then echo_i "failed"; fi 239 status=`expr $status + $ret` 240 n=`expr $n + 1` 241 242 if $FEATURETEST --enable-dnstap 243 then 244 echo_i "checking DNSTAP logging of UPDATE forwarded update replies ($n)" 245 ret=0 246 capture_dnstap 247 uq_equals_ur || ret=1 248 if [ $ret != 0 ] ; then echo_i "failed"; fi 249 status=`expr $status + $ret` 250 n=`expr $n + 1` 251 fi 252fi 253 254echo_i "exit status: $status" 255[ $status -eq 0 ] || exit 1 256