number all resolver tests
This commit is contained in:
Mark Andrews
@@ -26,7 +26,7 @@ rm -f ns6/dsset-ds.example.net*
|
||||
rm -f ns6/dsset-example.net* ns6/example.net.db.signed.jnl
|
||||
rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
|
||||
rm -f ns7/server.db ns7/server.db.jnl ns7/named.conf
|
||||
rm -f resolve.out
|
||||
rm -f resolve.out.*.test*
|
||||
rm -f .digrc
|
||||
rm -f ns*/named.lock
|
||||
rm -f ns5/trusted.conf
|
||||
|
||||
@@ -12,201 +12,228 @@ SYSTEMTESTTOP=..
|
||||
status=0
|
||||
n=0
|
||||
|
||||
echo "I:checking non-cachable NXDOMAIN response handling"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking non-cachable NXDOMAIN response handling ($n)"
|
||||
ret=0
|
||||
$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NXDOMAIN" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking non-cachable NXDOMAIN response handling using dns_client"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking non-cachable NXDOMAIN response handling using dns_client ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out || ret=1
|
||||
grep "resolution failed: ncache nxdomain" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
|
||||
grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking that local bound address can be set (Can't query from a denied address)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking that local bound address can be set (Can't query from a denied address) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out || ret=1
|
||||
grep "resolution failed: SERVFAIL" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out.ns1.test${n} || ret=1
|
||||
grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking that local bound address can be set (Can query from an allowed address)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking that local bound address can be set (Can query from an allowed address) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1
|
||||
grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
|
||||
grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking non-cachable NODATA response handling"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking non-cachable NODATA response handling ($n)"
|
||||
ret=0
|
||||
$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking non-cachable NODATA response handling using dns_client"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking non-cachable NODATA response handling using dns_client ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out || ret=1
|
||||
grep "resolution failed: ncache nxrrset" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
|
||||
grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking handling of bogus referrals"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking handling of bogus referrals ($n)"
|
||||
# If the server has the "INSIST(!external)" bug, this query will kill it.
|
||||
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
|
||||
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking handling of bogus referrals using dns_client"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking handling of bogus referrals using dns_client ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out || ret=1
|
||||
grep "resolution failed: SERVFAIL" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
|
||||
grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:check handling of cname + other data / 1"
|
||||
$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
|
||||
n=`expr $n + 1`
|
||||
echo "I:check handling of cname + other data / 1 ($n)"
|
||||
$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
|
||||
|
||||
echo "I:check handling of cname + other data / 2"
|
||||
$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
|
||||
n=`expr $n + 1`
|
||||
echo "I:check handling of cname + other data / 2 ($n)"
|
||||
$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
|
||||
|
||||
echo "I:check that server is still running"
|
||||
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that server is still running ($n)"
|
||||
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
|
||||
|
||||
echo "I:checking answer IPv4 address filtering (deny)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv4 address filtering (deny) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: SERVFAIL" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking answer IPv6 address filtering (deny)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv6 address filtering (deny) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out || ret=1
|
||||
grep "status: SERVFAIL" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking answer IPv4 address filtering (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv4 address filtering (accept) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking answer IPv4 address filtering using dns_client (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv4 address filtering using dns_client (accept) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1
|
||||
grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
|
||||
grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking answer IPv6 address filtering (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv6 address filtering (accept) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking answer IPv6 address filtering using dns_client (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking answer IPv6 address filtering using dns_client (accept) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out || ret=1
|
||||
grep "www.example.org..*.2001:db8:beef::1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
|
||||
grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking CNAME target filtering (deny)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking CNAME target filtering (deny) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: SERVFAIL" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking CNAME target filtering (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking CNAME target filtering (accept) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking CNAME target filtering using dns_client (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking CNAME target filtering using dns_client (accept) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out || ret=1
|
||||
grep "goodcname.example.net..*.goodcname.example.org." resolve.out > /dev/null || ret=1
|
||||
grep "goodcname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
|
||||
grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking CNAME target filtering (accept due to subdomain)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking CNAME target filtering (accept due to subdomain) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking CNAME target filtering using dns_client (accept due to subdomain)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out || ret=1
|
||||
grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
|
||||
grep "ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
|
||||
grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking DNAME target filtering (deny)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking DNAME target filtering (deny) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: SERVFAIL" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking DNAME target filtering (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking DNAME target filtering (accept) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking DNAME target filtering using dns_client (accept)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking DNAME target filtering using dns_client (accept) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out || ret=1
|
||||
grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out > /dev/null || ret=1
|
||||
grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
|
||||
grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
|
||||
echo "I:checking DNAME target filtering (accept due to subdomain)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking DNAME target filtering (accept due to subdomain) ($n)"
|
||||
ret=0
|
||||
$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out || ret=1
|
||||
grep "status: NOERROR" dig.out > /dev/null || ret=1
|
||||
$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
if [ -x ${RESOLVE} ] ; then
|
||||
echo "I:checking DNAME target filtering using dns_client (accept due to subdomain)"
|
||||
n=`expr $n + 1`
|
||||
echo "I:checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
|
||||
ret=0
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out || ret=1
|
||||
grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
|
||||
grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
|
||||
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
|
||||
grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
fi
|
||||
@@ -387,7 +414,7 @@ if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
|
||||
n=`expr $n + 1`
|
||||
echo "I:check for improved error message with SOA mismatch ($n)"
|
||||
ret=0
|
||||
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
|
||||
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
|
||||
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
Reference in New Issue
Block a user