[rt39196] Added a new nameserver to test rrl "log-only yes".

Added test for RT #39197. Made the rrl test more
              tolerant of minor differences in results due to
              timing. Removed the failure override for the rrl
              test.

commit 01a15bc80ef4c20171ddfe9b5ceb2ebe008c8e0d
Author: Curtis Blackburn <ckb@isc.org>
Date:   Tue Dec 15 15:08:03 2015 -0800

    added a new nameserver to the rrl test

bin/tests/system/rrl/broken.conf

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.5;
+	notify-source 10.53.0.5;
+	transfer-source 10.53.0.5;
+	port 5300;
+	pid-file "named.pid";
+	statistics-file	"named.stats";
+	listen-on { 10.53.0.5; };
+	listen-on-v6 { none; };
+	notify no;
+
+	rate-limit {
+	    responses-per-second 2;
+	    all-per-second 50;
+	    slip 3;
+	    exempt-clients { 10.53.0.7; };
+	    log-only yes;
+
+	    min-table-size 0;
+	    max-table-size 0;
+	};
+
+	additional-from-cache no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+controls {
+	inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
+};
+

bin/tests/system/rrl/clean.sh

@@ -20,3 +20,4 @@ rm -f dig.out*
 rm -f  */named.memstats */named.run */named.stats */log-* */session.key
 rm -f ns3/bl*.db */*.jnl */*.core */*.pid
 rm -f ns*/named.lock
+rm -f broken.out

bin/tests/system/rrl/ns3/named.conf

@@ -41,6 +41,8 @@ options {
 	    qps-scale 10;
 	    window 1;
 	    max-table-size 1000;
+	    log-only no;
+	    min-table-size 0;
 	};
 
 };

bin/tests/system/rrl/ns4/hints

@@ -0,0 +1,18 @@
+; Copyright (C) 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+.	0	NS	ns1.
+ns1.	0	A	10.53.0.1

bin/tests/system/rrl/ns4/named.conf

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.4;
+	notify-source 10.53.0.4;
+	transfer-source 10.53.0.4;
+	port 5300;
+	session-keyfile "session.key";
+	pid-file "named.pid";
+	statistics-file	"named.stats";
+	listen-on { 10.53.0.4; };
+	listen-on-v6 { none; };
+	notify no;
+
+	rate-limit {
+	    responses-per-second 2;
+	    all-per-second 50;
+	    slip 3;
+	    exempt-clients { 10.53.0.7; };
+	    log-only yes;
+
+	    // small enough to force a table expansion
+	    min-table-size 75;
+	};
+
+	additional-from-cache no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+controls {
+	inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
+};
+
+/*
+ * These log settings have no effect unless "-g" is removed from ../../start.pl
+ */
+logging {
+	channel debug {
+	    file "log-debug";
+	    print-category yes; print-severity yes; severity debug 10;
+	};
+	channel queries {
+	    file "log-queries";
+	    print-category yes; print-severity yes; severity info;
+	};
+	category rate-limit { debug; queries; };
+	category queries { debug; queries; };
+};
+
+zone "." { type hint; file "hints"; };
+
+zone "tld4."{ type master; file "tld4.db"; };

bin/tests/system/rrl/ns4/tld4.db

@@ -0,0 +1,47 @@
+; Copyright (C) 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+
+
+; rate limit response from this zone
+
+$TTL	120
+@		SOA	tld4.  hostmaster.ns.tld4. ( 1 3600 1200 604800 60 )
+		NS	ns
+		NS	.
+ns		A	10.53.0.2
+
+; basic rate limiting
+a1		A	192.0.2.1
+
+; wildcards
+*.a2		A	192.0.2.2
+
+; a3 is in tld3
+
+; a4 does not exist to give NXDOMAIN
+
+; a5 for TCP requests
+a5		A	192.0.2.5
+
+; a6 for whitelisted clients
+a6		A	192.0.2.6
+
+; a7 for SERVFAIL
+
+; a8 for NODATA
+a8		A	192.0.2.8
+
+; a9 for all-per-second limit
+$GENERATE 101-180 all$.a9 A 192.0.2.8

bin/tests/system/rrl/tests.sh

@@ -23,6 +23,7 @@ SYSTEMTESTTOP=..
 ns1=10.53.0.1			    # root, defining the others
 ns2=10.53.0.2			    # test server
 ns3=10.53.0.3			    # secondary test server
+ns4=10.53.0.4			    # log-only test server
 ns7=10.53.0.7			    # whitelisted client
 
 USAGE="$0: [-x]"
@@ -70,7 +71,7 @@ HOME=/dev/null; export HOME
 digcmd () {
     OFILE=$1; shift
     DIG_DOM=$1; shift
-    ARGS="+nosearch +nocookie +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
+    ARGS="+nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 $* $DIG_DOM @$ns2"
     #echo I:dig $ARGS 1>&2
     START=`date +%y%m%d%H%M.%S`
     RESULT=`$DIG $ARGS 2>&1 | tee $OFILE=TEMP				\
@@ -87,7 +88,6 @@ digcmd () {
     touch -t $START "$OFILE=$RESULT"
 }
 
-
 #   $1=number of tests  $2=target domain  $3=dig options
 QNUM=1
 burst () {
@@ -96,13 +96,17 @@ burst () {
     CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'`
     for CNT in $CNTS
     do
-	eval BURST_DOM="$BURST_DOM_BASE"
-	FILE="dig.out-$BURST_DOM-$CNT"
-	digcmd $FILE $BURST_DOM $* &
+        eval BURST_DOM="$BURST_DOM_BASE"
+        FILE="dig.out-$BURST_DOM-$CNT"
+        digcmd $FILE $BURST_DOM $* &
     done
     QNUM=`expr $QNUM + $BURST_LIMIT`
 }
 
+# compare integers $1 and $2; ensure the difference is no more than $3
+range () {
+    $PERL -E 'if (abs(int($ARGV[0]) - int($ARGV[1])) > int($ARGV[2])) { exit(1) }' $1 $2 $3
+}
 
 #   $1=domain  $2=IP address  $3=# of IP addresses  $4=TC  $5=drop
 #	$6=NXDOMAIN  $7=SERVFAIL or other errors
@@ -117,26 +121,27 @@ ck_result() {
     NXDOMAIN=`ls dig.out-$1-*=NXDOMAIN  dig.out-$1-*=NXDOMAINTC	2>/dev/null \
 							| wc -l`
     SERVFAIL=`ls dig.out-$1-*=SERVFAIL			2>/dev/null | wc -l`
-    if test $ADDRS -ne "$3"; then
-	setret "I:"$ADDRS" instead of $3 '$2' responses for $1"
-	BAD=yes
-    fi
-    if test $TC -ne "$4"; then
-	setret "I:"$TC" instead of $4 truncation responses for $1"
-	BAD=yes
-    fi
-    if test $DROP -ne "$5"; then
-	setret "I:"$DROP" instead of $5 dropped responses for $1"
-	BAD=yes
-    fi
-    if test $NXDOMAIN -ne "$6"; then
-	setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1"
-	BAD=yes
-    fi
-    if test $SERVFAIL -ne "$7"; then
-	setret "I:"$SERVFAIL" instead of $7 error responses for $1"
-	BAD=yes
-    fi
+    
+    range $ADDRS "$3" 1 ||
+    setret "I:"$ADDRS" instead of $3 '$2' responses for $1" &&
+    BAD=yes
+    
+    range $TC "$4" 1 ||
+    setret "I:"$TC" instead of $4 truncation responses for $1" &&
+    BAD=yes
+    
+    range $DROP "$5" 1 ||
+    setret "I:"$DROP" instead of $5 dropped responses for $1" &&
+    BAD=yes
+    
+    range $NXDOMAIN "$6" 1 ||
+    setret "I:"$NXDOMAIN" instead of $6 NXDOMAIN responses for $1" &&
+    BAD=yes
+    
+    range $SERVFAIL "$7" 1 ||
+    setret "I:"$SERVFAIL" instead of $7 error responses for $1" &&
+    BAD=yes
+    
     if test -z "$BAD"; then
 	rm -f dig.out-$1-*
     fi
@@ -150,9 +155,9 @@ ckstats () {
     C=`sed -n -e "s/[	 ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p"  \
 	    ns2/named.stats | tail -1`
     C=`expr 0$C + 0`
-    if test "$C" -ne $EXPECTED; then
-	setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
-    fi
+    
+    range "$C" $EXPECTED 1 ||
+    setret "I:wrong $LABEL $TYPE statistics of $C instead of $EXPECTED"
 }
 
 
@@ -251,8 +256,34 @@ $RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s $ns2 stats
 ckstats final dropped 56
 ckstats final truncated 23
 
+#########
+sec_start
+
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+$DIG +nocookie +nosearch +time=1 +tries=1 +ignore -p 5300 @$ns4 A a7.tld4 > /dev/null 2>&1
+
+grep "would limit" ns4/named.run >/dev/null 2>&1 ||
+setret "I: \"would limit\" not found in log file."
+
+$NAMED -gc broken.conf > broken.out 2>&1 & 
+sleep 2
+grep "min-table-size 1" broken.out > /dev/null || setret "I: min-table-size 0 was not changed to 1"
+
+if [ -f named.pid ]; then
+    kill `cat named.pid`
+    setret "I: named should not have started, but did"
+fi
 
 echo "I:exit status: $ret"
-# exit $ret
-[ $ret -ne 0 ] && echo "I:test failure overridden"
-exit 0
+exit $ret
+#[ $ret -ne 0 ] && echo "I:test failure overridden"
+#exit 0