Home | History | Annotate | Line # | Download | only in auth 
      1 #!/bin/sh
      2 
      3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      4 #
      5 # SPDX-License-Identifier: MPL-2.0
      6 #
      7 # This Source Code Form is subject to the terms of the Mozilla Public
      8 # License, v. 2.0.  If a copy of the MPL was not distributed with this
      9 # file, you can obtain one at https://mozilla.org/MPL/2.0/.
     10 #
     11 # See the COPYRIGHT file distributed with this work for additional
     12 # information regarding copyright ownership.
     13 
     14 set -e
     15 
     16 . ../conf.sh
     17 
     18 DIGOPTS="+tcp -p ${PORT}"
     19 
     20 status=0
     21 n=0
     22 
     23 n=$((n + 1))
     24 echo_i "wait for zones to finish transferring to ns2 ($n)"
     25 for i in 1 2 3 4 5 6 7 8 9 10; do
     26   ret=0
     27   for zone in example.com example.net; do
     28     $DIG $DIGOPTS @10.53.0.2 soa $zone >dig.out.test$n || ret=1
     29     grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
     30   done
     31   [ $ret -eq 0 ] && break
     32   sleep 1
     33 done
     34 [ $ret -eq 0 ] || echo_i "failed"
     35 status=$((status + ret))
     36 
     37 #
     38 # If recursion is unrequested or unavailable, then cross-zone CNAME records
     39 # should not be followed. If both requested and available, they should be.
     40 #
     41 n=$((n + 1))
     42 echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)"
     43 ret=0
     44 $DIG $DIGOPTS +norec @10.53.0.1 www.example.com >dig.out.test$n || ret=1
     45 grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
     46 grep "flags: qr aa;" dig.out.test$n >/dev/null || ret=1
     47 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
     48 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
     49 [ $ret -eq 0 ] || echo_i "failed"
     50 status=$((status + ret))
     51 
     52 n=$((n + 1))
     53 echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)"
     54 ret=0
     55 $DIG $DIGOPTS +rec @10.53.0.1 www.example.com >dig.out.test$n || ret=1
     56 grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
     57 grep "flags: qr aa rd;" dig.out.test$n >/dev/null || ret=1
     58 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
     59 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
     60 [ $ret -eq 0 ] || echo_i "failed"
     61 status=$((status + ret))
     62 
     63 n=$((n + 1))
     64 echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)"
     65 ret=0
     66 $DIG $DIGOPTS +norec @10.53.0.2 www.example.com >dig.out.test$n || ret=1
     67 grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
     68 grep "flags: qr aa ra;" dig.out.test$n >/dev/null || ret=1
     69 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
     70 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
     71 [ $ret -eq 0 ] || echo_i "failed"
     72 status=$((status + ret))
     73 
     74 n=$((n + 1))
     75 echo_i "check that cross-zone CNAME records return target data (rd=1/ra=1) ($n)"
     76 ret=0
     77 $DIG $DIGOPTS @10.53.0.2 www.example.com >dig.out.test$n || ret=1
     78 grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
     79 grep "flags: qr aa rd ra;" dig.out.test$n >/dev/null || ret=1
     80 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
     81 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null || ret=1
     82 [ $ret -eq 0 ] || echo_i "failed"
     83 status=$((status + ret))
     84 
     85 #
     86 # In-zone CNAME records should always be followed regardless of RD and RA.
     87 #
     88 n=$((n + 1))
     89 echo_i "check that in-zone CNAME records return target data (rd=0/ra=0) ($n)"
     90 ret=0
     91 $DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com >dig.out.test$n || ret=1
     92 grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
     93 grep "flags: qr aa;" dig.out.test$n >/dev/null || ret=1
     94 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
     95 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
     96 [ $ret -eq 0 ] || echo_i "failed"
     97 status=$((status + ret))
     98 
     99 n=$((n + 1))
    100 echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)"
    101 ret=0
    102 $DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com >dig.out.test$n || ret=1
    103 grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
    104 grep "flags: qr aa rd;" dig.out.test$n >/dev/null || ret=1
    105 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
    106 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
    107 [ $ret -eq 0 ] || echo_i "failed"
    108 status=$((status + ret))
    109 
    110 n=$((n + 1))
    111 echo_i "check that in-zone CNAME records return target data (rd=0/ra=1) ($n)"
    112 ret=0
    113 $DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com >dig.out.test$n || ret=1
    114 grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
    115 grep "flags: qr aa ra;" dig.out.test$n >/dev/null || ret=1
    116 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
    117 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
    118 [ $ret -eq 0 ] || echo_i "failed"
    119 status=$((status + ret))
    120 
    121 n=$((n + 1))
    122 echo_i "check that in-zone CNAME records return target data (rd=1/ra=1) ($n)"
    123 ret=0
    124 $DIG $DIGOPTS @10.53.0.2 inzone.example.com >dig.out.test$n || ret=1
    125 grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
    126 grep "flags: qr aa rd ra;" dig.out.test$n >/dev/null || ret=1
    127 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
    128 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
    129 [ $ret -eq 0 ] || echo_i "failed"
    130 status=$((status + ret))
    131 
    132 n=$((n + 1))
    133 echo_i "check that in-zone CNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
    134 ret=0
    135 $DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com >dig.out.test$n || ret=1
    136 grep 'ANSWER: 1,' dig.out.test$n >/dev/null || ret=1
    137 grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
    138 grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null || ret=1
    139 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
    140 [ $ret -eq 0 ] || echo_i "failed"
    141 status=$((status + ret))
    142 
    143 n=$((n + 1))
    144 echo_i "check that in-zone CNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
    145 ret=0
    146 $DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com >dig.out.test$n || ret=1
    147 grep 'ANSWER: 1,' dig.out.test$n >/dev/null || ret=1
    148 grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
    149 grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null || ret=1
    150 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
    151 [ $ret -eq 0 ] || echo_i "failed"
    152 status=$((status + ret))
    153 
    154 n=$((n + 1))
    155 echo_i "check that in-zone DNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
    156 ret=0
    157 $DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com >dig.out.test$n || ret=1
    158 grep 'ANSWER: 2,' dig.out.test$n >/dev/null || ret=1
    159 grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
    160 grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n >/dev/null || ret=1
    161 grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n >/dev/null || ret=1
    162 grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null && ret=1
    163 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
    164 [ $ret -eq 0 ] || echo_i "failed"
    165 status=$((status + ret))
    166 
    167 n=$((n + 1))
    168 echo_i "check that in-zone DNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
    169 ret=0
    170 $DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com >dig.out.test$n || ret=1
    171 grep 'ANSWER: 2,' dig.out.test$n >/dev/null || ret=1
    172 grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
    173 grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n >/dev/null || ret=1
    174 grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n >/dev/null || ret=1
    175 grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null && ret=1
    176 grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
    177 [ $ret -eq 0 ] || echo_i "failed"
    178 status=$((status + ret))
    179 
    180 n=$((n + 1))
    181 echo_i "check that CHAOS addresses are compared correctly ($n)"
    182 ret=0
    183 $DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos >dig.out.test$n || ret=1
    184 lines=$(wc -l <dig.out.test$n)
    185 [ ${lines:-0} -eq 2 ] || ret=1
    186 [ $ret -eq 0 ] || echo_i "failed"
    187 status=$((status + ret))
    188 
    189 n=$((n + 1))
    190 echo_i "check delegation response to ANY query ($n)"
    191 ret=0
    192 $DIG $DIGOPTS @10.53.0.1 foo.child.example.net any >dig.out.test$n || ret=1
    193 grep "ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2" dig.out.test$n >/dev/null || ret=1
    194 grep 'child\.example\.net\..300.IN.NS.ns\.child\.example\.net\.$' dig.out.test$n >/dev/null || ret=1
    195 grep 'ns\.child\.example\.net\..300.IN.A.10\.53\.0\.1$' dig.out.test$n >/dev/null || ret=1
    196 [ $ret -eq 0 ] || echo_i "failed"
    197 status=$((status + ret))
    198 
    199 echo_i "exit status: $status"
    200 [ $status -eq 0 ] || exit 1
    201