tests.sh revision 1.1.1.3.2.2
1 # Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 # 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 # 7 # See the COPYRIGHT file distributed with this work for additional 8 # information regarding copyright ownership. 9 10 SYSTEMTESTTOP=.. 11 . $SYSTEMTESTTOP/conf.sh 12 13 status=0 14 n=0 15 16 n=`expr $n + 1` 17 echo_i "checking that named-checkconf handles a known good config ($n)" 18 ret=0 19 $CHECKCONF good.conf > /dev/null 2>&1 || ret=1 20 if [ $ret != 0 ]; then echo_i "failed"; fi 21 status=`expr $status + $ret` 22 23 n=`expr $n + 1` 24 echo_i "checking that named-checkconf prints a known good config ($n)" 25 ret=0 26 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in 27 [ -s good.conf.in ] || ret=1 28 $CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 29 cmp good.conf.in good.conf.out || ret=1 30 if [ $ret != 0 ]; then echo_i "failed"; fi 31 status=`expr $status + $ret` 32 33 n=`expr $n + 1` 34 echo_i "checking that named-checkconf -x removes secrets ($n)" 35 ret=0 36 # ensure there is a secret and that it is not the check string. 37 grep 'secret "' good.conf.in > /dev/null || ret=1 38 grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1 39 $CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 40 grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 41 if [ $ret != 0 ]; then echo_i "failed"; fi 42 status=`expr $status + $ret` 43 44 for bad in bad-*.conf 45 do 46 n=`expr $n + 1` 47 echo_i "checking that named-checkconf detects error in $bad ($n)" 48 ret=0 49 $CHECKCONF $bad > checkconf.out 2>&1 50 if [ $? != 1 ]; then ret=1; fi 51 grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1 52 case $bad in 53 bad-update-policy[123].conf) 54 pat="identity and name fields are not the same" 55 grep "$pat" checkconf.out > /dev/null || ret=1 56 ;; 57 bad-update-policy[4589].conf|bad-update-policy1[01].conf) 58 pat="name field not set to placeholder value" 59 grep "$pat" checkconf.out > /dev/null || ret=1 60 ;; 61 bad-update-policy[67].conf|bad-update-policy1[2345].conf) 62 pat="missing name field type '.*' found" 63 grep "$pat" checkconf.out > /dev/null || ret=1 64 ;; 65 esac 66 if [ $ret != 0 ]; then echo_i "failed"; fi 67 status=`expr $status + $ret` 68 done 69 70 for good in good-*.conf 71 do 72 n=`expr $n + 1` 73 echo_i "checking that named-checkconf detects no error in $good ($n)" 74 ret=0 75 $CHECKCONF $good > /dev/null 2>&1 76 if [ $? != 0 ]; then echo_i "failed"; ret=1; fi 77 status=`expr $status + $ret` 78 done 79 80 n=`expr $n + 1` 81 echo_i "checking that ancient options report a fatal error ($n)" 82 ret=0 83 $CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1 84 grep "no longer exists" ancient.out > /dev/null || ret=1 85 if [ $ret != 0 ]; then echo_i "failed"; fi 86 status=`expr $status + $ret` 87 88 n=`expr $n + 1` 89 echo_i "checking that named-checkconf -z catches missing hint file ($n)" 90 ret=0 91 $CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1 92 grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1 93 if [ $ret != 0 ]; then echo_i "failed"; fi 94 status=`expr $status + $ret` 95 96 n=`expr $n + 1` 97 echo_i "checking that named-checkconf catches range errors ($n)" 98 ret=0 99 $CHECKCONF range.conf > /dev/null 2>&1 && ret=1 100 if [ $ret != 0 ]; then echo_i "failed"; fi 101 status=`expr $status + $ret` 102 103 n=`expr $n + 1` 104 echo_i "checking that named-checkconf warns of notify inconsistencies ($n)" 105 ret=0 106 warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l` 107 [ $warnings -eq 3 ] || ret=1 108 if [ $ret != 0 ]; then echo_i "failed"; fi 109 status=`expr $status + $ret` 110 111 n=`expr $n + 1` 112 echo_i "checking named-checkconf dnssec warnings ($n)" 113 ret=0 114 $CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 115 $CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1 116 $CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1 117 $CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 118 # this one should have no warnings 119 $CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1 120 if [ $ret != 0 ]; then echo_i "failed"; fi 121 status=`expr $status + $ret` 122 123 n=`expr $n + 1` 124 echo_i "range checking fields that do not allow zero ($n)" 125 ret=0 126 for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do 127 cat > badzero.conf << EOF 128 options { 129 $field 0; 130 }; 131 EOF 132 $CHECKCONF badzero.conf > /dev/null 2>&1 133 [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; } 134 cat > badzero.conf << EOF 135 view dummy { 136 $field 0; 137 }; 138 EOF 139 $CHECKCONF badzero.conf > /dev/null 2>&1 140 [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; } 141 cat > badzero.conf << EOF 142 options { 143 $field 0; 144 }; 145 view dummy { 146 }; 147 EOF 148 $CHECKCONF badzero.conf > /dev/null 2>&1 149 [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; } 150 cat > badzero.conf << EOF 151 zone dummy { 152 type slave; 153 masters { 0.0.0.0; }; 154 $field 0; 155 }; 156 EOF 157 $CHECKCONF badzero.conf > /dev/null 2>&1 158 [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; } 159 done 160 if [ $ret != 0 ]; then echo_i "failed"; fi 161 status=`expr $status + $ret` 162 163 n=`expr $n + 1` 164 echo_i "checking options allowed in inline-signing slaves ($n)" 165 ret=0 166 l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l` 167 [ $l -eq 1 ] || ret=1 168 l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l` 169 [ $l -eq 1 ] || ret=1 170 l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l` 171 [ $l -eq 1 ] || ret=1 172 if [ $ret != 0 ]; then echo_i "failed"; fi 173 status=`expr $status + $ret` 174 175 n=`expr $n + 1` 176 echo_i "check file + inline-signing for slave zones ($n)" 177 l=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l` 178 [ $l -eq 0 ] || ret=1 179 l=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l` 180 [ $l -eq 0 ] || ret=1 181 l=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l` 182 [ $l -eq 1 ] || ret=1 183 if [ $ret != 0 ]; then echo_i "failed"; fi 184 status=`expr $status + $ret` 185 186 n=`expr $n + 1` 187 echo_i "checking named-checkconf DLZ warnings ($n)" 188 ret=0 189 $CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1 190 if [ $ret != 0 ]; then echo_i "failed"; fi 191 status=`expr $status + $ret` 192 193 n=`expr $n + 1` 194 echo_i "checking for missing key directory warning ($n)" 195 ret=0 196 rm -rf test.keydir 197 l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l` 198 [ $l -eq 1 ] || ret=1 199 touch test.keydir 200 l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l` 201 [ $l -eq 1 ] || ret=1 202 rm -f test.keydir 203 mkdir test.keydir 204 l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l` 205 [ $l -eq 0 ] || ret=1 206 rm -rf test.keydir 207 if [ $ret != 0 ]; then echo_i "failed"; fi 208 209 n=`expr $n + 1` 210 echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)" 211 ret=0 212 $CHECKCONF -z max-ttl.conf > check.out 2>&1 213 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 214 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 215 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 216 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 217 status=`expr $status + $ret` 218 219 n=`expr $n + 1` 220 echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)" 221 ret=0 222 $CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1 223 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 224 status=`expr $status + $ret` 225 226 n=`expr $n + 1` 227 echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)" 228 ret=0 229 $CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1 230 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 231 status=`expr $status + $ret` 232 233 n=`expr $n + 1` 234 echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)" 235 ret=0 236 $CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1 237 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 238 status=`expr $status + $ret` 239 240 n=`expr $n + 1` 241 echo_i "checking that named-checkconf -z fails on view with ANY class ($n)" 242 ret=0 243 $CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1 244 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 245 status=`expr $status + $ret` 246 247 n=`expr $n + 1` 248 echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)" 249 ret=0 250 $CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1 251 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 252 status=`expr $status + $ret` 253 254 n=`expr $n + 1` 255 echo_i "checking that named-checkconf -z passes on view with IN class ($n)" 256 ret=0 257 $CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1 258 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 259 status=`expr $status + $ret` 260 261 n=`expr $n + 1` 262 echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)" 263 ret=0 264 $CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1 265 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 266 status=`expr $status + $ret` 267 268 n=`expr $n + 1` 269 echo_i "check that check-names fails as configured ($n)" 270 ret=0 271 $CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1 272 grep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1 273 grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 274 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 275 status=`expr $status + $ret` 276 277 n=`expr $n + 1` 278 echo_i "check that check-mx fails as configured ($n)" 279 ret=0 280 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 281 grep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1 282 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 283 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 284 status=`expr $status + $ret` 285 286 n=`expr $n + 1` 287 echo_i "check that check-dup-records fails as configured ($n)" 288 ret=0 289 $CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1 290 grep "has semantically identical records" checkconf.out$n > /dev/null || ret=1 291 grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 292 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 293 status=`expr $status + $ret` 294 295 n=`expr $n + 1` 296 echo_i "check that check-mx fails as configured ($n)" 297 ret=0 298 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 299 grep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1 300 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 301 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 302 status=`expr $status + $ret` 303 304 n=`expr $n + 1` 305 echo_i "check that check-mx-cname fails as configured ($n)" 306 ret=0 307 $CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 308 grep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1 309 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 310 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 311 status=`expr $status + $ret` 312 313 n=`expr $n + 1` 314 echo_i "check that check-srv-cname fails as configured ($n)" 315 ret=0 316 $CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 317 grep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1 318 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 319 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 320 status=`expr $status + $ret` 321 322 n=`expr $n + 1` 323 echo_i "check that named-checkconf -p properly print a port range ($n)" 324 ret=0 325 $CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1 326 grep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1 327 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 328 status=`expr $status + $ret` 329 330 n=`expr $n + 1` 331 echo_i "check that named-checkconf -z handles in-view ($n)" 332 ret=0 333 $CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1 334 grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1 335 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 336 status=`expr $status + $ret` 337 338 n=`expr $n + 1` 339 echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)" 340 ret=0 341 $CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1 342 grep "max-cache-size 60%;" checkconf.out$n > /dev/null || ret=1 343 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 344 status=`expr $status + $ret` 345 346 n=`expr $n + 1` 347 echo_i "check that named-checkconf -l print out the zone list ($n)" 348 ret=0 349 $CHECKCONF -l good.conf | 350 grep -v "is not implemented" | 351 grep -v "no longer exists" | 352 grep -v "is obsolete" > checkconf.out$n || ret=1 353 diff good.zonelist checkconf.out$n > diff.out$n || ret=1 354 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 355 status=`expr $status + $ret` 356 357 n=`expr $n + 1` 358 echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" 359 ret=0 360 $CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 361 grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1 362 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 363 status=`expr $status + $ret` 364 365 n=`expr $n + 1` 366 echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" 367 ret=0 368 $CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 369 grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1 370 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 371 status=`expr $status + $ret` 372 373 n=`expr $n + 1` 374 echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)" 375 ret=0 376 $CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 377 [ -s checkconf.out$n ] && ret=1 378 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 379 status=`expr $status + $ret` 380 381 n=`expr $n + 1` 382 echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" 383 ret=0 384 $CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1 385 [ -s checkconf.out$n ] || ret=1 386 grep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1 387 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 388 status=`expr $status + $ret` 389 390 echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)" 391 ret=0 392 $CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1 393 [ -s checkconf.out$n ] && ret=1 394 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 395 status=`expr $status + $ret` 396 397 echo_i "check that the 2017 ICANN ROOT KSK alone does not warning ($n)" 398 ret=0 399 $CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1 400 [ -s checkconf.out$n ] && ret=1 401 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 402 status=`expr $status + $ret` 403 404 echo_i "check that the dlv.isc.org KSK generates a warning ($n)" 405 ret=0 406 $CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1 407 [ -s checkconf.out$n ] || ret=1 408 grep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1 409 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 410 status=`expr $status + $ret` 411 412 echo_i "check that 'geoip-use-ecs no' generates a warning ($n)" 413 ret=0 414 $CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1 415 [ -s checkconf.out$n ] || ret=1 416 grep "'geoip-use-ecs' is obsolete" checkconf.out$n > /dev/null || ret=1 417 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi 418 status=`expr $status + $ret` 419 420 echo_i "exit status: $status" 421 [ $status -eq 0 ] || exit 1 422
Indexes created Sun Mar 01 05:31:48 UTC 2026