1 #!/bin/sh 2 3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4 # 5 # SPDX-License-Identifier: MPL-2.0 6 # 7 # This Source Code Form is subject to the terms of the Mozilla Public 8 # License, v. 2.0. If a copy of the MPL was not distributed with this 9 # file, you can obtain one at https://mozilla.org/MPL/2.0/. 10 # 11 # See the COPYRIGHT file distributed with this work for additional 12 # information regarding copyright ownership. 13 14 set -e 15 16 . ../conf.sh 17 18 DIGOPTS="-p ${PORT} +tries=1 +time=2" 19 20 # Check whether the SOA record for the name provided in $1 can be resolved by 21 # ns1. Return 0 if resolution succeeds as expected; return 1 otherwise. 22 resolution_succeeds() { 23 _ret=0 24 $DIG $DIGOPTS +tcp +tries=3 +time=5 @10.53.0.1 ${1} SOA >dig.out.test$n || _ret=1 25 grep "status: NOERROR" dig.out.test$n >/dev/null || _ret=1 26 return $_ret 27 } 28 29 # Check whether the SOA record for the name provided in $1 can be resolved by 30 # ns1. Return 0 if resolution fails as expected; return 1 otherwise. Note that 31 # both a SERVFAIL response and timing out mean resolution failed, so the exit 32 # code of dig does not influence the result (the exit code for a SERVFAIL 33 # response is 0 while the exit code for not getting a response at all is not 0). 34 resolution_fails() { 35 _servfail=0 36 _timeout=0 37 $DIG $DIGOPTS +tcp +time=5 @10.53.0.1 ${1} TXT >dig.out.test$n || true 38 grep -F "status: SERVFAIL" dig.out.test$n >/dev/null && _servfail=1 39 grep -F "timed out" dig.out.test$n >/dev/null && _timeout=1 40 if [ $_servfail -eq 1 ] || [ $_timeout -eq 1 ]; then 41 return 0 42 else 43 return 1 44 fi 45 } 46 47 status=0 48 n=0 49 50 n=$((n + 1)) 51 echo_i "checking formerr edns server setup ($n)" 52 ret=0 53 $DIG $DIGOPTS +edns @10.53.0.8 ednsformerr soa >dig.out.1.test$n || ret=1 54 grep "status: FORMERR" dig.out.1.test$n >/dev/null || ret=1 55 grep "EDNS: version:" dig.out.1.test$n >/dev/null && ret=1 56 $DIG $DIGOPTS +noedns @10.53.0.8 ednsformerr soa >dig.out.2.test$n || ret=1 57 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 58 grep "EDNS: version:" dig.out.2.test$n >/dev/null && ret=1 59 if [ $ret != 0 ]; then echo_i "failed"; fi 60 status=$((status + ret)) 61 62 n=$((n + 1)) 63 echo_i "checking recursive lookup to formerr edns server succeeds ($n)" 64 ret=0 65 resolution_succeeds ednsformerr. || ret=1 66 if [ $ret != 0 ]; then echo_i "failed"; fi 67 status=$((status + ret)) 68 69 n=$((n + 1)) 70 echo_i "checking notimp edns server setup ($n)" 71 ret=0 72 $DIG $DIGOPTS +edns @10.53.0.9 ednsnotimp soa >dig.out.1.test$n || ret=1 73 grep "status: NOTIMP" dig.out.1.test$n >/dev/null || ret=1 74 grep "EDNS: version:" dig.out.1.test$n >/dev/null && ret=1 75 $DIG $DIGOPTS +noedns @10.53.0.9 ednsnotimp soa >dig.out.2.test$n || ret=1 76 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 77 grep "EDNS: version:" dig.out.2.test$n >/dev/null && ret=1 78 if [ $ret != 0 ]; then echo_i "failed"; fi 79 status=$((status + ret)) 80 81 n=$((n + 1)) 82 echo_i "checking recursive lookup to notimp edns server fails ($n)" 83 ret=0 84 resolution_fails ednsnotimp. || ret=1 85 if [ $ret != 0 ]; then echo_i "failed"; fi 86 status=$((status + ret)) 87 88 n=$((n + 1)) 89 echo_i "checking refused edns server setup ($n)" 90 ret=0 91 $DIG $DIGOPTS +edns @10.53.0.10 ednsrefused soa >dig.out.1.test$n || ret=1 92 grep "status: REFUSED" dig.out.1.test$n >/dev/null || ret=1 93 grep "EDNS: version:" dig.out.1.test$n >/dev/null && ret=1 94 $DIG $DIGOPTS +noedns @10.53.0.10 ednsrefused soa >dig.out.2.test$n || ret=1 95 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 96 grep "EDNS: version:" dig.out.2.test$n >/dev/null && ret=1 97 if [ $ret != 0 ]; then echo_i "failed"; fi 98 status=$((status + ret)) 99 100 n=$((n + 1)) 101 echo_i "checking recursive lookup to refused edns server fails ($n)" 102 ret=0 103 resolution_fails ednsrefused. || ret=1 104 if [ $ret != 0 ]; then echo_i "failed"; fi 105 status=$((status + ret)) 106 107 n=$((n + 1)) 108 echo_i "checking drop edns server setup ($n)" 109 ret=0 110 $DIG $DIGOPTS +edns @10.53.0.2 dropedns soa >dig.out.1.test$n && ret=1 111 grep "timed out" dig.out.1.test$n >/dev/null || ret=1 112 grep ";; no servers could be reached" dig.out.1.test$n >/dev/null || ret=1 113 $DIG $DIGOPTS +noedns @10.53.0.2 dropedns soa >dig.out.2.test$n || ret=1 114 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 115 grep "EDNS: version:" dig.out.2.test$n >/dev/null && ret=1 116 $DIG $DIGOPTS +noedns +tcp @10.53.0.2 dropedns soa >dig.out.3.test$n || ret=1 117 grep "status: NOERROR" dig.out.3.test$n >/dev/null || ret=1 118 grep "EDNS: version:" dig.out.3.test$n >/dev/null && ret=1 119 $DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa >dig.out.4.test$n && ret=1 120 grep "timed out" dig.out.4.test$n >/dev/null || ret=1 121 grep ";; no servers could be reached" dig.out.4.test$n >/dev/null || ret=1 122 if [ $ret != 0 ]; then echo_i "failed"; fi 123 status=$((status + ret)) 124 125 n=$((n + 1)) 126 echo_i "checking recursive lookup to drop edns server fails ($n)" 127 ret=0 128 resolution_fails dropedns. || ret=1 129 if [ $ret != 0 ]; then echo_i "failed"; fi 130 status=$((status + ret)) 131 132 n=$((n + 1)) 133 echo_i "checking drop edns + no tcp server setup ($n)" 134 ret=0 135 $DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa >dig.out.1.test$n && ret=1 136 grep "timed out" dig.out.1.test$n >/dev/null || ret=1 137 grep ";; no servers could be reached" dig.out.1.test$n >/dev/null || ret=1 138 $DIG $DIGOPTS +noedns +tcp @10.53.0.3 dropedns-notcp soa >dig.out.2.test$n && ret=1 139 grep "connection refused" dig.out.2.test$n >/dev/null || ret=1 140 $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa >dig.out.3.test$n || ret=1 141 grep "status: NOERROR" dig.out.3.test$n >/dev/null || ret=1 142 grep "EDNS: version:" dig.out.3.test$n >/dev/null && ret=1 143 if [ $ret != 0 ]; then echo_i "failed"; fi 144 status=$((status + ret)) 145 146 n=$((n + 1)) 147 echo_i "checking recursive lookup to drop edns + no tcp server fails ($n)" 148 ret=0 149 resolution_fails dropedns-notcp. || ret=1 150 if [ $ret != 0 ]; then echo_i "failed"; fi 151 status=$((status + ret)) 152 153 n=$((n + 1)) 154 echo_i "checking plain dns server setup ($n)" 155 ret=0 156 $DIG $DIGOPTS +edns @10.53.0.4 plain soa >dig.out.1.test$n || ret=1 157 grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1 158 grep "EDNS: version:" dig.out.1.test$n >/dev/null && ret=1 159 $DIG $DIGOPTS +edns +tcp @10.53.0.4 plain soa >dig.out.2.test$n || ret=1 160 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 161 grep "EDNS: version:" dig.out.2.test$n >/dev/null && ret=1 162 if [ $ret != 0 ]; then echo_i "failed"; fi 163 status=$((status + ret)) 164 165 n=$((n + 1)) 166 echo_i "checking recursive lookup to plain dns server succeeds ($n)" 167 ret=0 168 resolution_succeeds plain. || ret=1 169 if [ $ret != 0 ]; then echo_i "failed"; fi 170 status=$((status + ret)) 171 172 n=$((n + 1)) 173 echo_i "checking plain dns + no tcp server setup ($n)" 174 ret=0 175 $DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa >dig.out.1.test$n || ret=1 176 grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1 177 grep "EDNS: version:" dig.out.1.test$n >/dev/null && ret=1 178 $DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa >dig.out.2.test$n && ret=1 179 grep "connection refused" dig.out.2.test$n >/dev/null || ret=1 180 if [ $ret != 0 ]; then echo_i "failed"; fi 181 status=$((status + ret)) 182 183 n=$((n + 1)) 184 echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)" 185 ret=0 186 resolution_succeeds plain-notcp. || ret=1 187 if [ $ret != 0 ]; then echo_i "failed"; fi 188 status=$((status + ret)) 189 n=$((n + 1)) 190 191 echo_i "checking edns 512 server setup ($n)" 192 ret=0 193 $DIG $DIGOPTS +edns @10.53.0.6 edns512 txt >dig.out.1.test$n || ret=1 194 grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1 195 grep "EDNS: version:" dig.out.1.test$n >/dev/null || ret=1 196 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 txt >dig.out.2.test$n || ret=1 197 grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 198 grep "EDNS: version:" dig.out.2.test$n >/dev/null || ret=1 199 $DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 txt >dig.out.3.test$n && ret=1 200 grep "timed out" dig.out.3.test$n >/dev/null || ret=1 201 grep ";; no servers could be reached" dig.out.3.test$n >/dev/null || ret=1 202 $DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa >dig.out.4.test$n || ret=1 203 grep "status: NOERROR" dig.out.4.test$n >/dev/null || ret=1 204 grep "EDNS: version:" dig.out.4.test$n >/dev/null || ret=1 205 grep "flags:.* tc[ ;]" dig.out.4.test$n >/dev/null || ret=1 206 if [ $ret != 0 ]; then echo_i "failed"; fi 207 status=$((status + ret)) 208 209 n=$((n + 1)) 210 echo_i "checking recursive lookup to edns 512 server succeeds ($n)" 211 ret=0 212 retry_quiet 3 resolution_succeeds edns512. || ret=1 213 if [ $ret != 0 ]; then echo_i "failed"; fi 214 status=$((status + ret)) 215 216 n=$((n + 1)) 217 echo_i "checking edns 512 + no tcp server setup ($n)" 218 ret=0 219 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa >dig.out.1.test$n || ret=1 220 grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1 221 grep "EDNS: version:" dig.out.1.test$n >/dev/null || ret=1 222 $DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa >dig.out.2.test$n && ret=1 223 grep "connection refused" dig.out.2.test$n >/dev/null || ret=1 224 $DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa >dig.out.3.test$n && ret=1 225 grep "timed out" dig.out.3.test$n >/dev/null || ret=1 226 grep ";; no servers could be reached" dig.out.3.test$n >/dev/null || ret=1 227 $DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa >dig.out.4.test$n || ret=1 228 grep "status: NOERROR" dig.out.4.test$n >/dev/null || ret=1 229 grep "EDNS: version:" dig.out.4.test$n >/dev/null || ret=1 230 grep "flags:.* tc[ ;]" dig.out.4.test$n >/dev/null || ret=1 231 if [ $ret != 0 ]; then echo_i "failed"; fi 232 status=$((status + ret)) 233 234 n=$((n + 1)) 235 echo_i "checking recursive lookup to edns 512 + no tcp server fails ($n)" 236 ret=0 237 resolution_fails edns512-notcp. || ret=1 238 if [ $ret != 0 ]; then echo_i "failed"; fi 239 status=$((status + ret)) 240 241 n=$((n + 1)) 242 echo_i "checking recursive lookup to edns 512 + no tcp server does not cause query loops ($n)" 243 ret=0 244 sent=$(grep -c -F "sending packet to 10.53.0.7" ns1/named.run) 245 if [ $sent -ge 10 ]; then 246 echo_i "ns1 sent $sent queries to ns7, expected less than 10" 247 ret=1 248 fi 249 if [ $ret != 0 ]; then echo_i "failed"; fi 250 status=$((status + ret)) 251 252 stop_server --use-rndc --port ${CONTROLPORT} ns1 253 cp ns1/named2.conf ns1/named.conf 254 start_server --noclean --restart --port ${PORT} ns1 255 256 n=$((n + 1)) 257 echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" 258 # retry loop in case the server restart above causes transient failure 259 for try in 0 1 2 3 4 5 6 7 8 9; do 260 ret=0 261 resolution_fails edns512-notcp. || ret=1 262 [ "$ret" -eq 0 ] && break 263 sleep 1 264 done 265 if [ $ret != 0 ]; then echo_i "failed"; fi 266 status=$((status + ret)) 267 268 echo_i "exit status: $status" 269 [ $status -eq 0 ] || exit 1 270
Indexes created Sat Feb 28 05:31:39 UTC 2026