Home | History | Annotate | Line # | Download | only in checkzone 
      1 #!/bin/sh
      2 
      3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
      4 #
      5 # SPDX-License-Identifier: MPL-2.0
      6 #
      7 # This Source Code Form is subject to the terms of the Mozilla Public
      8 # License, v. 2.0.  If a copy of the MPL was not distributed with this
      9 # file, you can obtain one at https://mozilla.org/MPL/2.0/.
     10 #
     11 # See the COPYRIGHT file distributed with this work for additional
     12 # information regarding copyright ownership.
     13 
     14 set -e
     15 
     16 . ../conf.sh
     17 
     18 status=0
     19 n=1
     20 
     21 for db in zones/good*.db; do
     22   echo_i "checking $db ($n)"
     23   ret=0
     24   case $db in
     25     zones/good-gc-msdcs.db | zones/good-spf-exception.db)
     26       $CHECKZONE -k fail -i local example $db >test.out.$n 2>&1 || ret=1
     27       ;;
     28     zones/good-dns-sd-reverse.db)
     29       $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db >test.out.$n 2>&1 || ret=1
     30       ;;
     31     *)
     32       $CHECKZONE -i local example $db >test.out.$n 2>&1 || ret=1
     33       ;;
     34   esac
     35   n=$((n + 1))
     36   if [ $ret != 0 ]; then echo_i "failed"; fi
     37   status=$((status + ret))
     38 done
     39 
     40 for db in zones/bad*.db; do
     41   echo_i "checking $db ($n)"
     42   ret=0 v=0
     43   case $db in
     44     zones/bad-dns-sd-reverse.db | zones/bad-svcb-servername.db)
     45       $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db >test.out.$n 2>&1 || v=$?
     46       ;;
     47     bad-cname-and*.db)
     48       $CHECKZONE -i local example $db >test.out.$n 2>&1 || v=$?
     49       grep "CNAME and other data" test.out.$n >/dev/null || ret=1
     50       ;;
     51     *)
     52       $CHECKZONE -i local example $db >test.out.$n 2>&1 || v=$?
     53       ;;
     54   esac
     55   test $v = 1 || ret=1
     56   n=$((n + 1))
     57   if [ $ret != 0 ]; then echo_i "failed"; fi
     58   status=$((status + ret))
     59 done
     60 
     61 echo_i "checking with journal file ($n)"
     62 ret=0
     63 $CHECKZONE -D -o test.orig.db test zones/test1.db >/dev/null 2>&1 || ret=1
     64 $CHECKZONE -D -o test.changed.db test zones/test2.db >/dev/null 2>&1 || ret=1
     65 $MAKEJOURNAL test test.orig.db test.changed.db test.orig.db.jnl 2>&1 || ret=1
     66 jlines=$($JOURNALPRINT test.orig.db.jnl | wc -l)
     67 [ $jlines = 3 ] || ret=1
     68 $CHECKZONE -D -j -o test.out1.db test test.orig.db >/dev/null 2>&1 || ret=1
     69 cmp -s test.changed.db test.out1.db || ret=1
     70 mv -f test.orig.db.jnl test.journal
     71 $CHECKZONE -D -J test.journal -o test.out2.db test test.orig.db >/dev/null 2>&1 || ret=1
     72 cmp -s test.changed.db test.out2.db || ret=1
     73 n=$((n + 1))
     74 if [ $ret != 0 ]; then echo_i "failed"; fi
     75 status=$((status + ret))
     76 
     77 echo_i "checking with spf warnings ($n)"
     78 ret=0
     79 $CHECKZONE example zones/spf.db >test.out1.$n 2>&1 || ret=1
     80 $CHECKZONE -T ignore example zones/spf.db >test.out2.$n 2>&1 || ret=1
     81 grep "'x.example' found type SPF" test.out1.$n >/dev/null && ret=1
     82 grep "'y.example' found type SPF" test.out1.$n >/dev/null || ret=1
     83 grep "'example' found type SPF" test.out1.$n >/dev/null && ret=1
     84 grep "'x.example' found type SPF" test.out2.$n >/dev/null && ret=1
     85 grep "'y.example' found type SPF" test.out2.$n >/dev/null && ret=1
     86 grep "'example' found type SPF" test.out2.$n >/dev/null && ret=1
     87 n=$((n + 1))
     88 if [ $ret != 0 ]; then echo_i "failed"; fi
     89 status=$((status + ret))
     90 
     91 echo_i "checking with max ttl (text) ($n)"
     92 ret=0
     93 $CHECKZONE -i local -l 300 example zones/good1.db >test.out1.$n 2>&1 && ret=1
     94 $CHECKZONE -i local -l 600 example zones/good1.db >test.out2.$n 2>&1 || ret=1
     95 n=$((n + 1))
     96 if [ $ret != 0 ]; then echo_i "failed"; fi
     97 status=$((status + ret))
     98 
     99 echo_i "checking with max ttl (raw) ($n)"
    100 ret=0
    101 $CHECKZONE -f raw -l 300 example good1.db.raw >test.out1.$n 2>&1 && ret=1
    102 $CHECKZONE -f raw -l 600 example good1.db.raw >test.out2.$n 2>&1 || ret=1
    103 n=$((n + 1))
    104 if [ $ret != 0 ]; then echo_i "failed"; fi
    105 status=$((status + ret))
    106 
    107 echo_i "checking for no 'inherited owner' warning on '\$INCLUDE file' with no new \$ORIGIN ($n)"
    108 ret=0
    109 $CHECKZONE example zones/nowarn.inherited.owner.db >test.out1.$n 2>&1 || ret=1
    110 grep "inherited.owner" test.out1.$n >/dev/null && ret=1
    111 n=$((n + 1))
    112 if [ $ret != 0 ]; then echo_i "failed"; fi
    113 status=$((status + ret))
    114 
    115 echo_i "checking for 'inherited owner' warning on '\$ORIGIN + \$INCLUDE file' ($n)"
    116 ret=0
    117 $CHECKZONE example zones/warn.inherit.origin.db >test.out1.$n 2>&1 || ret=1
    118 grep "inherited.owner" test.out1.$n >/dev/null || ret=1
    119 n=$((n + 1))
    120 if [ $ret != 0 ]; then echo_i "failed"; fi
    121 status=$((status + ret))
    122 
    123 echo_i "checking for 'inherited owner' warning on '\$INCLUDE file origin' ($n)"
    124 ret=0
    125 $CHECKZONE example zones/warn.inherited.owner.db >test.out1.$n 2>&1 || ret=1
    126 grep "inherited.owner" test.out1.$n >/dev/null || ret=1
    127 n=$((n + 1))
    128 if [ $ret != 0 ]; then echo_i "failed"; fi
    129 status=$((status + ret))
    130 
    131 echo_i "checking that raw zone with bad class is handled ($n)"
    132 ret=0
    133 $CHECKZONE -f raw example zones/bad-badclass.raw >test.out.$n 2>&1 && ret=1
    134 grep "failed: bad class" test.out.$n >/dev/null || ret=1
    135 n=$((n + 1))
    136 if [ $ret != 0 ]; then echo_i "failed"; fi
    137 status=$((status + ret))
    138 
    139 echo_i "checking that expirations that loop using serial arithmetic are handled ($n)"
    140 ret=0
    141 q=-q
    142 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    143 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    144 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    145 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    146 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    147 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    148 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    149 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    150 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    151 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    152 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    153 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    154 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    155 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    156 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    157 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    158 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    159 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    160 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    161 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    162 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    163 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db >test.out.$n 2>&1 || ret=1
    164 n=$((n + 1))
    165 if [ $ret != 0 ]; then echo_i "failed"; fi
    166 status=$((status + ret))
    167 
    168 echo_i "checking that nameserver below DNAME is reported even with occulted address record present ($n)"
    169 ret=0
    170 $CHECKZONE example.com zones/ns-address-below-dname.db >test.out.$n 2>&1 && ret=1
    171 grep "is below a DNAME" test.out.$n >/dev/null || ret=1
    172 n=$((n + 1))
    173 if [ $ret != 0 ]; then echo_i "failed"; fi
    174 status=$((status + ret))
    175 
    176 echo_i "checking that delegating nameserver below DNAME is reported even with occulted address record present ($n)"
    177 ret=0
    178 $CHECKZONE example.com zones/delegating-ns-address-below-dname.db >test.out.$n 2>&1 || ret=1
    179 grep "is below a DNAME" test.out.$n >/dev/null || ret=1
    180 n=$((n + 1))
    181 if [ $ret != 0 ]; then echo_i "failed"; fi
    182 status=$((status + ret))
    183 
    184 n=$((n + 1))
    185 echo_i "checking that named-compilezone works when reading input from stdin ($n)"
    186 ret=0
    187 # Step 1: take raw input from stdin and convert it to text/relative format.
    188 # Last argument "-" is optional, but it says more explicitly that we're reading from stdin.
    189 cat zones/zone1.db | ./named-compilezone -f text -F text -s relative \
    190   -o zones/zone1_stdin.txt zone1.com - >/dev/null || ret=1
    191 status=$((status + ret))
    192 
    193 ret=0
    194 # Step 2: take raw input from file and convert it to text format.
    195 ./named-compilezone -f text -F text -s relative -o zones/zone1_file.txt \
    196   zone1.com zones/zone1.db >/dev/null || ret=1
    197 status=$((status + ret))
    198 
    199 ret=0
    200 # Step 3: Ensure that output conversion from stdin is the same as the output conversion from a file.
    201 diff zones/zone1_file.txt zones/zone1_stdin.txt >/dev/null 2>&1 || ret=1
    202 if [ $ret != 0 ]; then echo_i "failed"; fi
    203 status=$((status + ret))
    204 
    205 n=$((n + 1))
    206 ret=0
    207 echo_i "checking integer overflow is prevented in \$GENERATE ($n)"
    208 $CHECKZONE -D example.com zones/generate-overflow.db >test.out.$n 2>&1 || ret=1
    209 lines=$(grep -c CNAME test.out.$n)
    210 [ "$lines" -eq 1 ] || ret=1
    211 if [ $ret != 0 ]; then echo_i "failed"; fi
    212 status=$((status + ret))
    213 
    214 echo_i "Checking for RSASHA1 deprecated warning ($n)"
    215 ret=0
    216 $CHECKZONE example zones/warn.deprecated.rsasha1.db >test.out.$n || ret=1
    217 grep "deprecated DNSKEY algorithm found: 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
    218 grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1
    219 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    220 n=$((n + 1))
    221 if [ $ret != 0 ]; then echo_i "failed"; fi
    222 status=$((status + ret))
    223 
    224 echo_i "Checking for NSECRSASHA1 deprected warning ($n)"
    225 ret=0
    226 $CHECKZONE example zones/warn.deprecated.nsec3rsasha1.db >test.out.$n || ret=1
    227 grep "deprecated DNSKEY algorithm found: 7 (NSEC3RSASHA1)" test.out.$n >/dev/null || ret=1
    228 grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1
    229 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    230 n=$((n + 1))
    231 if [ $ret != 0 ]; then echo_i "failed"; fi
    232 status=$((status + ret))
    233 
    234 echo_i "Checking for SHA1 CDS digest warning ($n)"
    235 ret=0
    236 $CHECKZONE example zones/warn.deprecated.cds-sha1.db >test.out.$n || ret=1
    237 grep "zone example/IN: deprecated CDS digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1
    238 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    239 n=$((n + 1))
    240 if [ $ret != 0 ]; then echo_i "failed"; fi
    241 status=$((status + ret))
    242 
    243 echo_i "Checking for SHA1 DS digest warning ($n)"
    244 ret=0
    245 $CHECKZONE example zones/warn.deprecated.digest-sha1.db >test.out.$n || ret=1
    246 grep "zone example/IN: child.example/DS deprecated digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1
    247 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    248 n=$((n + 1))
    249 if [ $ret != 0 ]; then echo_i "failed"; fi
    250 status=$((status + ret))
    251 
    252 echo_i "Checking for RSASHA1 DS algorithm warning ($n)"
    253 ret=0
    254 $CHECKZONE example zones/warn.deprecated.ds-alg.db >test.out.$n || ret=1
    255 grep "zone example/IN: child.example/DS deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
    256 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    257 n=$((n + 1))
    258 if [ $ret != 0 ]; then echo_i "failed"; fi
    259 status=$((status + ret))
    260 
    261 echo_i "Checking for RSASHA1 KEY algorithm warning ($n)"
    262 ret=0
    263 $CHECKZONE example zones/warn.deprecated.key-alg.db >test.out.$n || ret=1
    264 grep "zone example/IN: example/KEY deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
    265 grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
    266 n=$((n + 1))
    267 if [ $ret != 0 ]; then echo_i "failed"; fi
    268 status=$((status + ret))
    269 
    270 echo_i "exit status: $status"
    271 [ $status -eq 0 ] || exit 1
    272