Reformat shell scripts with shfmt
All changes in this commit were automated using the command: shfmt -w -i 2 -ci -bn . $(find . -name "*.sh.in") By default, only *.sh and files without extension are checked, so *.sh.in files have to be added additionally. (See mvdan/sh#944)
This commit is contained in:
Tom Krizek
@@ -61,15 +61,15 @@ DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnss
|
||||
status=0
|
||||
n=0
|
||||
|
||||
nextpart ns2/named.run > /dev/null
|
||||
nextpart ns2/named.run >/dev/null
|
||||
|
||||
# Test 1 - default, query allowed
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: default - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -80,9 +80,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: explicit any - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -93,11 +93,11 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: none - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
nextpart ns2/named.run | grep 'recursion not enabled for view' > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
nextpart ns2/named.run | grep 'recursion not enabled for view' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -106,10 +106,10 @@ DIGNOEDNS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +no
|
||||
|
||||
echo_i "test $n: none - query refused (no edns)"
|
||||
ret=0
|
||||
$DIG $DIGNOEDNS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null && ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGNOEDNS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null && ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -120,9 +120,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: address allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -133,10 +133,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: address not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -147,10 +147,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: address disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -161,9 +161,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: acl allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -174,14 +174,13 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: acl not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
|
||||
# Test 9 - acl disallowed, query refused
|
||||
n=$((n + 1))
|
||||
copy_setports ns2/named09.conf.in ns2/named.conf
|
||||
@@ -189,10 +188,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: acl disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -203,9 +202,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -216,10 +215,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -230,10 +229,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -247,9 +246,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views default - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -260,9 +259,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views explicit any - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -273,10 +272,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views none - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -287,9 +286,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views address allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -300,10 +299,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views address not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -314,10 +313,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views address disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -328,9 +327,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views acl allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -341,10 +340,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views acl not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -355,10 +354,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views acl disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -369,9 +368,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -382,10 +381,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -396,10 +395,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -410,9 +409,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views over options, views allow - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -423,10 +422,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views over options, views disallow - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -441,9 +440,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: zone default - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -451,9 +450,9 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone explicit any - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.any.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -461,10 +460,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone none - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.none.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -472,9 +471,9 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone address allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.addrallow.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -482,10 +481,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone address not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.addrnotallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -493,10 +492,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone address disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.addrdisallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -504,9 +503,9 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone acl allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.aclallow.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -514,10 +513,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone acl not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.aclnotallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -525,10 +524,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone acl disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.acldisallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -536,9 +535,9 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keyallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -546,10 +545,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.keyallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -557,10 +556,10 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keydisallow.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -571,9 +570,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views over options, views allow - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -584,10 +583,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: views over options, views disallow - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -598,9 +597,9 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: zones over views, views allow - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -611,10 +610,10 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: zones over views, views disallow - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -625,13 +624,13 @@ rndc_reload ns2 10.53.0.2
|
||||
|
||||
echo_i "test $n: zones over views, allow-query-on"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.1.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.1.$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n > /dev/null || ret=1
|
||||
grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.1.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.1.$n >/dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.1.$n >/dev/null || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n >/dev/null || ret=1
|
||||
grep '^a.aclnotallow.example' dig.out.ns2.2.$n >/dev/null && ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -639,13 +638,13 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: default allow-recursion configuration"
|
||||
ret=0
|
||||
nextpart ns3/named.run > /dev/null
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a > dig.out.ns3.1.$n
|
||||
grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a > dig.out.ns3.2.$n
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
|
||||
nextpart ns3/named.run >/dev/null
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a >dig.out.ns3.1.$n
|
||||
grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a >dig.out.ns3.2.$n
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion did not match' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -653,12 +652,12 @@ status=$((status + ret))
|
||||
n=$((n + 1))
|
||||
echo_i "test $n: default allow-query-cache configuration"
|
||||
ret=0
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n
|
||||
grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . > dig.out.ns3.2.$n
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . >dig.out.ns3.1.$n
|
||||
grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . >dig.out.ns3.2.$n
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion did not match' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -670,14 +669,14 @@ rndc_reload ns3 10.53.0.3
|
||||
echo_i "test $n: block recursion-on, allow query-cache-on"
|
||||
ret=0
|
||||
# this should query the cache, and an answer should already be there
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
# this should require recursion and therefore can't get an answer
|
||||
$DIG -p ${PORT} @10.53.0.3 b.normal.example a > dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 b.normal.example a >dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'ANSWER: 0' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -689,22 +688,22 @@ rndc_reload ns3 10.53.0.3
|
||||
echo_i "test $n: inheritance of allow-query-cache-on"
|
||||
ret=0
|
||||
# this should query the cache, an answer should already be there
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
# this should be refused due to allow-recursion-on/allow-query-cache-on
|
||||
$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
# this should require recursion and should be allowed
|
||||
$DIG -p ${PORT} @10.53.0.3 c.normal.example a > dig.out.ns3.3.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 c.normal.example a >dig.out.ns3.3.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1
|
||||
# this should require recursion and be refused
|
||||
$DIG -p ${PORT} @10.53.1.2 d.normal.example a > dig.out.ns3.4.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.1.2 d.normal.example a >dig.out.ns3.4.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
@@ -716,22 +715,22 @@ rndc_reload ns3 10.53.0.3
|
||||
echo_i "test $n: inheritance of allow-recursion-on"
|
||||
ret=0
|
||||
# this should query the cache, an answer should already be there
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
|
||||
# this should be refused due to allow-recursion-on/allow-query-cache-on
|
||||
$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n >/dev/null || ret=1
|
||||
# this should require recursion and should be allowed
|
||||
$DIG -p ${PORT} @10.53.0.3 e.normal.example a > dig.out.ns3.3.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.0.3 e.normal.example a >dig.out.ns3.3.$n
|
||||
grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1
|
||||
# this should require recursion and be refused
|
||||
$DIG -p ${PORT} @10.53.1.2 f.normal.example a > dig.out.ns3.4.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1
|
||||
$DIG -p ${PORT} @10.53.1.2 f.normal.example a >dig.out.ns3.4.$n
|
||||
grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n >/dev/null || ret=1
|
||||
nextpart ns3/named.run | grep 'allow-recursion-on did not match' >/dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
|
||||
Reference in New Issue
Block a user