From 9491616e5cd412e30cd2802d963a3f024af9399e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 1/9] Properly test servers with TCP support disabled Sending TCP queries to test named instances with TCP support disabled should cause dig output to contain the phrase "connection refused", not "connection timed out", as such instances never open the relevant sockets. Make sure that the "legacy" system test fails if the expected phrase is not found in any of the relevant files containing dig output. --- bin/tests/system/legacy/tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index effc236628..97ed960c0b 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -101,7 +101,7 @@ ret=0 $DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n grep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns +tcp @10.53.0.3 dropedns-notcp soa > dig.out.2.test$n -grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null +grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 @@ -140,7 +140,7 @@ $DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n -grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null +grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -180,7 +180,7 @@ ret=0 $DIG $DIGOPTS +noedns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n -grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null +grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null $DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.7 edns512-notcp soa > dig.out.4.test$n From 6283c1cc7e8d0dd0b841d9c533849a63bd8dcbe7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 2/9] Ensure queries expected to time out really do Make sure that the "legacy" system test fails if queries which are expected to time out do not really time out. --- bin/tests/system/legacy/tests.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 97ed960c0b..a8b029ac6f 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -160,7 +160,7 @@ grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns @10.53.0.6 txt500.edns512 txt > dig.out.3.test$n -grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null +grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.6 txt500.edns512 txt > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -182,7 +182,7 @@ grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.3.test$n -grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null +grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.7 edns512-notcp soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi From 3e7fa15ca378c1bf55938cd13d9839bcd98c21f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 3/9] Fix the name of the file to inspect One of the checks in the "legacy" system test inspects dig.out.1.test$n instead of dig.out.2.test$n. Fix the file name used in that check. --- bin/tests/system/legacy/tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index a8b029ac6f..742a6a43a1 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -158,7 +158,7 @@ ret=0 $DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 -grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns @10.53.0.6 txt500.edns512 txt > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.6 txt500.edns512 txt > dig.out.4.test$n From aaf81ca6ef0a4b3725de9f41efa3f442a6de1c85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 4/9] Use +dnssec instead of separate TXT records When testing named instances which are configured to drop outgoing UDP responses larger than 512 bytes, querying with DO=1 may be used instead of querying for large TXT records as the effect achieved will be identical: an unsigned response for a SOA query will be below 512 bytes in size while a signed response for the same query will be over 512 bytes in size. Doing this makes all resolution checks in the "legacy" system test more similar. Add checks for the TC flag being set in UDP responses which are expected to be truncated to further make sure that tested named instances behave as expected. --- bin/tests/system/legacy/ns6/edns512.db.in | 12 ------------ bin/tests/system/legacy/ns7/edns512-notcp.db.in | 12 ------------ bin/tests/system/legacy/tests.sh | 16 +++++++++------- 3 files changed, 9 insertions(+), 31 deletions(-) diff --git a/bin/tests/system/legacy/ns6/edns512.db.in b/bin/tests/system/legacy/ns6/edns512.db.in index 6da723f180..8afe499c00 100644 --- a/bin/tests/system/legacy/ns6/edns512.db.in +++ b/bin/tests/system/legacy/ns6/edns512.db.in @@ -10,15 +10,3 @@ @ 60 SOA ns marka.isc.org. 1 0 0 0 0 @ 60 NS ns ns 60 A 10.53.0.6 -txt500 60 TXT ( "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" ) diff --git a/bin/tests/system/legacy/ns7/edns512-notcp.db.in b/bin/tests/system/legacy/ns7/edns512-notcp.db.in index 007eefca61..646d488e1a 100644 --- a/bin/tests/system/legacy/ns7/edns512-notcp.db.in +++ b/bin/tests/system/legacy/ns7/edns512-notcp.db.in @@ -10,15 +10,3 @@ @ 60 SOA ns marka.isc.org. 1 0 0 0 0 @ 60 NS ns ns 60 A 10.53.0.7 -txt500 60 TXT ( "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" ) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 742a6a43a1..5a7da20963 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -159,17 +159,18 @@ $DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns @10.53.0.6 txt500.edns512 txt > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.6 txt500.edns512 txt > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to edns 512 server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 txt500.edns512 txt > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 edns512 soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -177,14 +178,15 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 -$DIG $DIGOPTS +noedns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +noedns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.7 edns512-notcp soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` From effd16ab252e65fc4fe050cd125fd0462eca6408 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 5/9] Use helper functions for checking resolution Extract repeated dig and grep calls into two helper shell functions, resolution_succeeds() and resolution_fails(), in order to reduce code duplication in the "legacy" system test, emphasize the similarity between all the resolution checks in that test, and make the conditions for success and failure uniform for all resolution checks in that test. --- bin/tests/system/legacy/tests.sh | 58 ++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 5a7da20963..8a286cc4f4 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -14,6 +14,33 @@ SYSTEMTESTTOP=.. DIGOPTS="-p ${PORT} +tries=3 +time=5" +# Check whether the SOA record for the name provided in $1 can be resolved by +# ns1. Return 0 if resolution succeeds as expected; return 1 otherwise. +resolution_succeeds() { + _ret=0 + $DIG $DIGOPTS +tcp @10.53.0.1 ${1} SOA > dig.out.test$n || _ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null || _ret=1 + return $_ret +} + +# Check whether the SOA record for the name provided in $1 can be resolved by +# ns1. Return 0 if resolution fails as expected; return 1 otherwise. Note that +# both a SERVFAIL response and timing out mean resolution failed, so the exit +# code of dig does not influence the result (the exit code for a SERVFAIL +# response is 0 while the exit code for not getting a response at all is not 0). +resolution_fails() { + _servfail=0 + _timeout=0 + $DIG $DIGOPTS +tcp @10.53.0.1 ${1} SOA > dig.out.test$n + grep "status: SERVFAIL" dig.out.test$n > /dev/null && _servfail=1 + grep "connection timed out" dig.out.test$n > /dev/null && _timeout=1 + if [ $_servfail -eq 1 ] || [ $_timeout -eq 1 ]; then + return 0 + else + return 1 + fi +} + status=0 n=0 @@ -30,8 +57,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to formerr edns server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 ednsformerr soa > dig.out.test$n || ret=1 -grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +resolution_succeeds ednsformerr. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -48,8 +74,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to notimp edns server fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 ednsnotimp soa > dig.out.test$n -grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 +resolution_fails ednsnotimp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -66,8 +91,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to refused edns server fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 ednsrefused soa > dig.out.test$n -grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 +resolution_fails ednsrefused. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -90,8 +114,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to drop edns server fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 dropedns soa > dig.out.test$n -grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 +resolution_fails dropedns. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -111,8 +134,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to drop edns + no tcp server fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 dropedns-notcp soa > dig.out.test$n -grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 +resolution_fails dropedns-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -128,8 +150,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to plain dns server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 plain soa > dig.out.test$n || ret=1 -grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +resolution_succeeds plain. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -147,8 +168,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 plain-notcp soa > dig.out.test$n || ret=1 -grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +resolution_succeeds plain-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` @@ -170,8 +190,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to edns 512 server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 edns512 soa > dig.out.test$n || ret=1 -grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +resolution_succeeds edns512. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -193,8 +212,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to edns 512 + no tcp server fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n || ret=1 -grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 +resolution_fails edns512-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -205,9 +223,7 @@ $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} legacy ns1 n=`expr $n + 1` echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n -grep "status: SERVFAIL" dig.out.test$n > /dev/null || - grep "connection timed out;" dig.out.test$n > /dev/null || ret=1 +resolution_fails edns512-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` From 4dea5cb7992215a4a594a5e0b954d6ec96fc995a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 6/9] Do not ignore dig exit codes Make sure the "legacy" system test fails if any exit code returned by dig does not match the expected one. --- bin/tests/system/legacy/tests.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 8a286cc4f4..4091865759 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -98,7 +98,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking drop edns server setup ($n)" ret=0 -$DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n +$DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns @10.53.0.2 dropedns soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 @@ -106,7 +106,7 @@ grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 $DIG $DIGOPTS +noedns +tcp @10.53.0.2 dropedns soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 -$DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -121,9 +121,9 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking drop edns + no tcp server setup ($n)" ret=0 -$DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n +$DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +noedns +tcp @10.53.0.3 dropedns-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +noedns +tcp @10.53.0.3 dropedns-notcp soa > dig.out.2.test$n && ret=1 grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 @@ -179,9 +179,9 @@ $DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 soa > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 soa > dig.out.3.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa > dig.out.4.test$n || ret=1 grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -199,11 +199,11 @@ echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n && ret=1 grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa > dig.out.3.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa > dig.out.4.test$n || ret=1 grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi From 56ed1275c6735d0e2c6d9fa7e2aae3a76db5244d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 7/9] Add more EDNS checks for dig output files In the "legacy" system test, in order to make server setup checks more consistent with each other, add further checks for either presence or absence of the EDNS OPT pseudo-RR in the responses returned by the tested named instances. --- bin/tests/system/legacy/tests.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 4091865759..412770bbc2 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -49,8 +49,10 @@ echo_i "checking formerr edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.8 ednsformerr soa > dig.out.1.test$n || ret=1 grep "status: FORMERR" dig.out.1.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 $DIG $DIGOPTS +noedns @10.53.0.8 ednsformerr soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -66,8 +68,10 @@ echo_i "checking notimp edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.9 ednsnotimp soa > dig.out.1.test$n || ret=1 grep "status: NOTIMP" dig.out.1.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 $DIG $DIGOPTS +noedns @10.53.0.9 ednsnotimp soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -83,8 +87,10 @@ echo_i "checking refused edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.10 ednsrefused soa > dig.out.1.test$n || ret=1 grep "status: REFUSED" dig.out.1.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 $DIG $DIGOPTS +noedns @10.53.0.10 ednsrefused soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -177,12 +183,15 @@ echo_i "checking edns 512 server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 soa > dig.out.3.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa > dig.out.4.test$n || ret=1 grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -199,12 +208,14 @@ echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n && ret=1 grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa > dig.out.3.test$n && ret=1 grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa > dig.out.4.test$n || ret=1 grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` From bb939a03ff2ebb14a0def772e4905988d4f5adf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 8/9] Make "plain" server setup checks more similar Send a test TCP query to the "plain" server during its setup check to improve its consistency with the setup check for the "plain + no TCP" server. --- bin/tests/system/legacy/tests.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 412770bbc2..f96055bb1b 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -150,6 +150,9 @@ ret=0 $DIG $DIGOPTS +edns @10.53.0.4 plain soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS +edns +tcp @10.53.0.4 plain soa > dig.out.2.test$n +grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 +grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` From 47b850348cbc2961bc44eb31c05cd620e5fc35f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH 9/9] Optimize dig parameters to decrease test run time Performing server setup checks using "+tries=3 +time=5" is redundant as a single query is arguably good enough for determining whether a given named instance was set up properly. Only use multiple queries with a long timeout for resolution checks in the "legacy" system test, in order to significantly reduce its run time (on a contemporary machine, from about 1m45s to 0m40s). --- bin/tests/system/legacy/tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index f96055bb1b..6d1e807511 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -12,13 +12,13 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="-p ${PORT} +tries=3 +time=5" +DIGOPTS="-p ${PORT} +tries=1 +time=2" # Check whether the SOA record for the name provided in $1 can be resolved by # ns1. Return 0 if resolution succeeds as expected; return 1 otherwise. resolution_succeeds() { _ret=0 - $DIG $DIGOPTS +tcp @10.53.0.1 ${1} SOA > dig.out.test$n || _ret=1 + $DIG $DIGOPTS +tcp +tries=3 +time=5 @10.53.0.1 ${1} SOA > dig.out.test$n || _ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || _ret=1 return $_ret } @@ -31,7 +31,7 @@ resolution_succeeds() { resolution_fails() { _servfail=0 _timeout=0 - $DIG $DIGOPTS +tcp @10.53.0.1 ${1} SOA > dig.out.test$n + $DIG $DIGOPTS +tcp +tries=3 +time=5 @10.53.0.1 ${1} SOA > dig.out.test$n grep "status: SERVFAIL" dig.out.test$n > /dev/null && _servfail=1 grep "connection timed out" dig.out.test$n > /dev/null && _timeout=1 if [ $_servfail -eq 1 ] || [ $_timeout -eq 1 ]; then