ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Add more tests for adding many RR types to the database

Browse Source 
More reclimit tests that test various scenarios adding combinations of
priority and non-priority RR types into the database.
This commit is contained in:
Ondřej Surý
2024-06-17 11:40:40 +02:00
parent 7f99d7e565
commit 8979166d35
7 changed files with 2788 additions and 2558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/masterformat/tests.sh
View File

@@ -361,7 +361,6 @@ n=$((n + 1))
status=$((status + ret))
# Update zone with nsupdate.
n=$((n + 1))
echo_i "add new type to zone and check that it fails ($n)"
ret=0
(

2
bin/tests/system/reclimit/clean.sh
View File

@@ -20,3 +20,5 @@ rm -f ns?/named.run
rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
rm -f ns*/signed.db*
rm -f ns*/*.db.signed

5009
bin/tests/system/reclimit/ns1/big.db
View File

File diff suppressed because it is too large Load Diff

5
bin/tests/system/reclimit/ns1/named.conf.in
View File

@@ -32,3 +32,8 @@ zone "big." {
type primary;
file "big.db";
};
zone "signed." {
type primary;
file "signed.db.signed";
};

5
bin/tests/system/reclimit/ns1/root.db
View File

@@ -20,5 +20,8 @@ direct.example.net. 60 IN A 10.53.0.2
example.com. 60 IN NS direct.example.com.
direct.example.com. 60 IN A 10.53.0.4
big. in NS ns.big.
big. IN NS ns.big.
ns.big. 60 IN A 10.53.0.1
signed. IN NS ns.signed.
ns.signed. 60 IN A 10.53.0.1

5
bin/tests/system/reclimit/setup.sh
View File

@@ -15,3 +15,8 @@
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns3/named1.conf.in ns3/named.conf
sed -e s/big[.]/signed./g <ns1/big.db >ns1/signed.db
$KEYGEN -K ns1 -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK signed >/dev/null 2>&1
$KEYGEN -K ns1 -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" signed >/dev/null 2>&1
$SIGNER -K ns1 -S -f ns1/signed.db.signed -o signed ns1/signed.db >/dev/null

319
bin/tests/system/reclimit/tests.sh
View File

@@ -15,7 +15,9 @@ set -e
. ../conf.sh
DIGOPTS="-p ${PORT}"
dig_with_opts() {
$DIG -p "${PORT}" +retries=0 "$@"
}
status=0
n=0
@@ -26,6 +28,10 @@ ns3_reset() {
$RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush | sed 's/^/I:ns3 /'
}
ns3_flush() {
$RNDC -c ../_common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush | sed 's/^/I:ns3 /'
}
ns3_sends_aaaa_queries() {
if grep "started AAAA fetch" ns3/named.run >/dev/null; then
return 0
@@ -66,12 +72,12 @@ echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "1000" >ans2/ans.limit
echo "1000" >ans4/ans.limit
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect1.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.4 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect1.example.org >dig.out.1.test$n || ret=1
grep "status: SERVFAIL" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 27 14
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -82,12 +88,12 @@ ret=0
echo "12" >ans2/ans.limit
echo "12" >ans4/ans.limit
ns3_reset ns3/named1.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect2.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.4 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect2.example.org >dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 50 26
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -99,12 +105,12 @@ echo_i "attempt excessive-depth lookup ($n)"
ret=0
echo "12" >ans2/ans.limit
ns3_reset ns3/named2.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect3.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.4 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect3.example.org >dig.out.1.test$n || ret=1
grep "status: SERVFAIL" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 13 7
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -115,12 +121,12 @@ ret=0
echo "5" >ans2/ans.limit
echo "5" >ans4/ans.limit
ns3_reset ns3/named2.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect4.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.4 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect4.example.org >dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
check_query_count dig.out.2.test$n dig.out.4.test$n 22 12
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -133,14 +139,14 @@ ret=0
echo "13" >ans2/ans.limit
echo "13" >ans4/ans.limit
ns3_reset ns3/named3.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.4 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect5.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.4 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect5.example.org >dig.out.1.test$n || ret=1
if ns3_sends_aaaa_queries; then
grep "status: SERVFAIL" dig.out.1.test$n >/dev/null || ret=1
fi
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.4 count txt >dig.out.4.test$n || ret=1
eval count=$(cat dig.out.2.test$n)
[ $count -le 50 ] || {
ret=1
@@ -154,10 +160,10 @@ echo_i "attempt permissible lookup ($n)"
ret=0
echo "12" >ans2/ans.limit
ns3_reset ns3/named3.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect6.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect6.example.org >dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
eval count=$(cat dig.out.2.test$n)
[ $count -le 50 ] || {
ret=1
@@ -173,12 +179,12 @@ echo_i "attempt excessive-queries lookup ($n)"
ret=0
echo "11" >ans2/ans.limit
ns3_reset ns3/named4.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect7.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect7.example.org >dig.out.1.test$n || ret=1
if ns3_sends_aaaa_queries; then
grep "status: SERVFAIL" dig.out.1.test$n >/dev/null || ret=1
fi
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
eval count=$(cat dig.out.2.test$n)
[ $count -le 40 ] || {
ret=1
@@ -192,10 +198,10 @@ echo_i "attempt permissible lookup ($n)"
ret=0
echo "9" >ans2/ans.limit
ns3_reset ns3/named4.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS @10.53.0.3 indirect8.example.org >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts @10.53.0.3 indirect8.example.org >dig.out.1.test$n || ret=1
grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
eval count=$(cat dig.out.2.test$n)
[ $count -le 40 ] || {
ret=1
@@ -208,12 +214,12 @@ n=$((n + 1))
echo_i "attempting NS explosion ($n)"
ret=0
ns3_reset ns3/named4.conf.in
$DIG $DIGOPTS @10.53.0.2 reset >/dev/null || ret=1
$DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net >dig.out.1.test$n || ret=1
$DIG $DIGOPTS +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
dig_with_opts @10.53.0.2 reset >/dev/null || ret=1
dig_with_opts +short @10.53.0.3 ns1.1.example.net >dig.out.1.test$n || ret=1
dig_with_opts +short @10.53.0.2 count txt >dig.out.2.test$n || ret=1
eval count=$(cat dig.out.2.test$n)
[ $count -lt 50 ] || ret=1
$DIG $DIGOPTS +short @10.53.0.7 count txt >dig.out.3.test$n || ret=1
dig_with_opts +short @10.53.0.7 count txt >dig.out.3.test$n || ret=1
eval count=$(cat dig.out.3.test$n)
[ $count -lt 50 ] || {
ret=1
@@ -225,46 +231,253 @@ status=$((status + ret))
n=$((n + 1))
echo_i "checking RRset that exceeds max-records-per-type ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 biganswer.big >dig.out.1.test$n || ret=1
dig_with_opts @10.53.0.3 biganswer.big >dig.out.1.test$n || ret=1
grep 'status: SERVFAIL' dig.out.1.test$n >/dev/null || ret=1
ns3_reset ns3/named5.conf.in
$DIG $DIGOPTS @10.53.0.3 biganswer.big >dig.out.2.test$n || ret=1
dig_with_opts @10.53.0.3 biganswer.big >dig.out.2.test$n || ret=1
grep 'status: NOERROR' dig.out.2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
check_manytypes() (
i=$1
type=$2
expected=$3
name=$2
type=$3
expected=$4
exname=$5
extype=$6
ttl=$7
neq_ttl=$8
$DIG $DIGOPTS @10.53.0.3 IN $type manytypes.big >dig.out.$i.$type.test$n || exit 1
grep 'status: '"${expected}"'' dig.out.$i.$type.test$n >/dev/null || exit 1
if ! dig_with_opts @10.53.0.3 IN "$type" "$name" >"dig.out.$i.$type.test$n"; then
exit 1
fi
if ! grep 'status: '"${expected}"'' "dig.out.$i.$type.test$n" >/dev/null; then
exit 1
fi
if [ -n "$ttl" ] && ! grep -q "^$exname.[[:space:]]*${ttl}[[:space:]]*IN[[:space:]]*$extype" "dig.out.$i.$type.test$n"; then
exit 1
fi
if [ -n "${neq_ttl}" ] && grep -q "^$exname.[[:space:]]*${neq_ttl}[[:space:]]*IN[[:space:]]*$type" "dig.out.$i.$type.test$n"; then
exit 1
fi
exit 0
)
n=$((n + 1))
echo_i "checking name that exceeds max-types-per-name ($n)"
ret=0
echo_i "checking that priority names under the max-types-per-name limit get cached ($n)"
# Limited to 10 types - these should be fine
# Query for NXDOMAIN for items on our priority list - these should get cached
for rrtype in AAAA MX NS; do
check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 60 || ret=1
done
# Wait at least 1 second
for rrtype in AAAA MX NS; do
check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
ns3_flush
n=$((n + 1))
ret=0
echo_i "checking that NXDOMAIN names under the max-types-per-name limit get cached ($n)"
# Query for 10 NXDOMAIN types
for ntype in $(seq 65270 65279); do
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR big SOA 60 || ret=1
done
# Wait at least 1 second
sleep 1
# Query for 10 NXDOMAIN types again - these should be cached
for ntype in $(seq 65270 65279); do
check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR big SOA "" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
n=$((n + 1))
ret=0
echo_i "checking that existing names under the max-types-per-name limit get cached ($n)"
# Limited to 10 types - these should be cached and the previous record should be evicted
for ntype in $(seq 65280 65289); do
check_manytypes 1 "TYPE${ntype}" NOERROR || ret=1
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1
done
# Everything on top of that should SERVFAIL
for ntype in $(seq 65290 65534); do
check_manytypes 1 "TYPE${ntype}" SERVFAIL || ret=1
# Wait at least one second
sleep 1
# Limited to 10 types - these should be cached
for ntype in $(seq 65280 65289); do
check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
n=$((n + 1))
ret=0
echo_i "checking that NXDOMAIN names over the max-types-per-name limit don't get cached ($n)"
# Query for 10 NXDOMAIN types
for ntype in $(seq 65270 65279); do
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR big SOA 0 || ret=1
done
# Wait at least 1 second
sleep 1
# Query for 10 NXDOMAIN types again - these should not be cached
for ntype in $(seq 65270 65279); do
check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR big SOA 0 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
n=$((n + 1))
ret=0
echo_i "checking that priority NXDOMAIN names over the max-types-per-name limit get cached ($n)"
# Query for NXDOMAIN for items on our priority list - these should get cached
for rrtype in AAAA MX NS; do
check_manytypes 1 manytypes.big "${rrtype}" NOERROR big SOA 60 || ret=1
done
# Wait at least 1 second
for rrtype in AAAA MX NS; do
check_manytypes 2 manytypes.big "${rrtype}" NOERROR big SOA "" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
n=$((n + 1))
ret=0
echo_i "checking that priority name over the max-types-per-name get cached ($n)"
# Query for an item on our priority list - it should get cached
check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 60 || ret=1
# Wait at least 1 second
sleep 1
# Query the same name again - it should be in the cache
check_manytypes 2 manytypes.big "A" NOERROR big manytypes.A "" 60 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
ns3_flush
n=$((n + 1))
ret=0
echo_i "checking that priority name over the max-types-per-name don't get evicted ($n)"
# Query for an item on our priority list - it should get cached
check_manytypes 1 manytypes.big "A" NOERROR manytypes.big A 60 || ret=1
# Query for 10 more types - this should not evict A record
for ntype in $(seq 65280 65289); do
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big || ret=1
done
# Wait at least 1 second
sleep 1
# Query the same name again - it should be in the cache
check_manytypes 2 manytypes.big "A" NOERROR manytypes.big A "" 60 || ret=1
# This one was first in the list and should have been evicted
check_manytypes 2 manytypes.big "TYPE65280" NOERROR manytypes.big TYPE65280 60 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
ns3_flush
n=$((n + 1))
ret=0
echo_i "checking that non-priority types cause eviction ($n)"
# Everything on top of that will cause the cache eviction
for ntype in $(seq 65280 65299); do
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1
done
# Wait at least one second
sleep 1
# These should have TTL != 60 now
for ntype in $(seq 65290 65299); do
check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1
done
# These should have been evicted
for ntype in $(seq 65280 65289); do
check_manytypes 3 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1
done
# These should have been evicted by the previous block
for ntype in $(seq 65290 65299); do
check_manytypes 4 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
ns3_flush
n=$((n + 1))
ret=0
echo_i "checking that signed names under the max-types-per-name limit get cached ($n)"
# Go through the 10 items, this should result in 20 items (type + rrsig(type))
for ntype in $(seq 65280 65289); do
check_manytypes 1 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1
done
# Wait at least one second
sleep 1
# These should have TTL != 60 now
for ntype in $(seq 65285 65289); do
check_manytypes 2 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" "" 60 || ret=1
done
# These should have been evicted
for ntype in $(seq 65280 65284); do
check_manytypes 3 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1
done
# These should have been evicted by the previous block
for ntype in $(seq 65285 65289); do
check_manytypes 4 manytypes.signed "TYPE${ntype}" NOERROR manytypes.signed "TYPE${ntype}" 60 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
if [ $status -ne 0 ]; then exit 1; fi
n=$((n + 1))
ret=0
echo_i "checking that lifting the limit will allow everything to get cached ($n)"
# Lift the limit
ns3_reset ns3/named6.conf.in
for ntype in $(seq 65280 65534); do
check_manytypes 2 "TYPE${ntype}" NOERROR || ret=1
check_manytypes 1 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" 60 || ret=1
done
# Wait at least one second
sleep 1
for ntype in $(seq 65280 65534); do
check_manytypes 2 manytypes.big "TYPE${ntype}" NOERROR manytypes.big "TYPE${ntype}" "" 60 || ret=1
done
if [ $ret != 0 ]; then echo_i "failed"; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "exit status: $status"