1 #!/bin/sh 2 3 # Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4 # 5 # SPDX-License-Identifier: MPL-2.0 6 # 7 # This Source Code Form is subject to the terms of the Mozilla Public 8 # License, v. 2.0. If a copy of the MPL was not distributed with this 9 # file, you can obtain one at https://mozilla.org/MPL/2.0/. 10 # 11 # See the COPYRIGHT file distributed with this work for additional 12 # information regarding copyright ownership. 13 14 set -e 15 16 . ../conf.sh 17 18 DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 19 DIGOPTS="" 20 DIGCMD="$DIG $DIGOPTS -p ${PORT}" 21 RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../_common/rndc.conf -s" 22 23 status=0 24 n=0 25 26 n=$((n + 1)) 27 echo_i "preparing ($n)" 28 ret=0 29 $NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1 30 server 10.53.0.2 31 zone nil. 32 update add text1.nil. 600 IN TXT "addition 1" 33 send 34 zone other. 35 update add text1.other. 600 IN TXT "addition 1" 36 send 37 END 38 [ -s ns2/nil.db.jnl ] || { 39 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 40 ret=1 41 } 42 [ -s ns2/other.db.jnl ] || { 43 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 44 ret=1 45 } 46 if [ $ret != 0 ]; then echo_i "failed"; fi 47 status=$((status + ret)) 48 49 echo_i "rndc freeze" 50 $RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i 51 52 n=$((n + 1)) 53 echo_i "checking zone was dumped ($n)" 54 ret=0 55 for i in 1 2 3 4 5 6 7 8 9 10; do 56 grep "addition 1" ns2/nil.db >/dev/null && break 57 sleep 1 58 done 59 grep "addition 1" ns2/nil.db >/dev/null 2>&1 || ret=1 60 if [ $ret != 0 ]; then echo_i "failed"; fi 61 status=$((status + ret)) 62 63 n=$((n + 1)) 64 echo_i "checking journal file is still present ($n)" 65 ret=0 66 [ -s ns2/nil.db.jnl ] || { 67 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 68 ret=1 69 } 70 if [ $ret != 0 ]; then echo_i "failed"; fi 71 status=$((status + ret)) 72 73 n=$((n + 1)) 74 echo_i "checking zone not writable ($n)" 75 ret=0 76 $NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END && ret=1 77 server 10.53.0.2 78 zone nil. 79 update add text2.nil. 600 IN TXT "addition 2" 80 send 81 END 82 83 $DIGCMD @10.53.0.2 text2.nil. TXT >dig.out.1.test$n || ret=1 84 grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1 85 if [ $ret != 0 ]; then echo_i "failed"; fi 86 status=$((status + ret)) 87 88 echo_i "rndc thaw" 89 $RNDCCMD 10.53.0.2 thaw | sed 's/^/ns2 /' | cat_i 90 91 wait_for_log 3 "zone_postload: zone nil/IN: done" ns2/named.run 92 93 n=$((n + 1)) 94 echo_i "checking zone now writable ($n)" 95 ret=0 96 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 97 server 10.53.0.2 98 zone nil. 99 update add text3.nil. 600 IN TXT "addition 3" 100 send 101 END 102 $DIGCMD @10.53.0.2 text3.nil. TXT >dig.out.1.test$n || ret=1 103 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 104 if [ $ret != 0 ]; then echo_i "failed"; fi 105 status=$((status + ret)) 106 107 echo_i "rndc sync" 108 ret=0 109 $RNDCCMD 10.53.0.2 sync nil | sed 's/^/ns2 /' | cat_i 110 111 n=$((n + 1)) 112 echo_i "checking zone was dumped ($n)" 113 ret=0 114 for i in 1 2 3 4 5 6 7 8 9 10; do 115 grep "addition 3" ns2/nil.db >/dev/null && break 116 sleep 1 117 done 118 grep "addition 3" ns2/nil.db >/dev/null 2>&1 || ret=1 119 if [ $ret != 0 ]; then echo_i "failed"; fi 120 status=$((status + ret)) 121 122 n=$((n + 1)) 123 echo_i "checking journal file is still present ($n)" 124 ret=0 125 [ -s ns2/nil.db.jnl ] || { 126 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 127 ret=1 128 } 129 if [ $ret != 0 ]; then echo_i "failed"; fi 130 status=$((status + ret)) 131 132 n=$((n + 1)) 133 echo_i "checking zone is still writable ($n)" 134 ret=0 135 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 136 server 10.53.0.2 137 zone nil. 138 update add text4.nil. 600 IN TXT "addition 4" 139 send 140 END 141 142 $DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1 143 grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 144 if [ $ret != 0 ]; then echo_i "failed"; fi 145 status=$((status + ret)) 146 147 echo_i "rndc sync -clean" 148 ret=0 149 $RNDCCMD 10.53.0.2 sync -clean nil | sed 's/^/ns2 /' | cat_i 150 151 n=$((n + 1)) 152 echo_i "checking zone was dumped ($n)" 153 ret=0 154 for i in 1 2 3 4 5 6 7 8 9 10; do 155 grep "addition 4" ns2/nil.db >/dev/null && break 156 sleep 1 157 done 158 grep "addition 4" ns2/nil.db >/dev/null 2>&1 || ret=1 159 if [ $ret != 0 ]; then echo_i "failed"; fi 160 status=$((status + ret)) 161 162 n=$((n + 1)) 163 echo_i "checking journal file is deleted ($n)" 164 ret=0 165 [ -s ns2/nil.db.jnl ] && { 166 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 167 ret=1 168 } 169 if [ $ret != 0 ]; then echo_i "failed"; fi 170 status=$((status + ret)) 171 172 n=$((n + 1)) 173 echo_i "checking zone is still writable ($n)" 174 ret=0 175 $NSUPDATE -p ${PORT} -k ns2/session.key >/dev/null 2>&1 <<END || ret=1 176 server 10.53.0.2 177 zone nil. 178 update add text5.nil. 600 IN TXT "addition 5" 179 send 180 END 181 182 $DIGCMD @10.53.0.2 text4.nil. TXT >dig.out.1.test$n || ret=1 183 grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 184 if [ $ret != 0 ]; then echo_i "failed"; fi 185 status=$((status + ret)) 186 187 n=$((n + 1)) 188 echo_i "checking other journal files not removed ($n)" 189 ret=0 190 [ -s ns2/other.db.jnl ] || { 191 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 192 ret=1 193 } 194 if [ $ret != 0 ]; then echo_i "failed"; fi 195 status=$((status + ret)) 196 197 echo_i "cleaning all zones ($n)" 198 $RNDCCMD 10.53.0.2 sync -clean | sed 's/^/ns2 /' | cat_i 199 200 n=$((n + 1)) 201 echo_i "checking all journals removed ($n)" 202 ret=0 203 [ -s ns2/nil.db.jnl ] && { 204 echo_i "'test -s ns2/nil.db.jnl' succeeded when it shouldn't have" 205 ret=1 206 } 207 [ -s ns2/other.db.jnl ] && { 208 echo_i "'test -s ns2/other.db.jnl' succeeded when it shouldn't have" 209 ret=1 210 } 211 if [ $ret != 0 ]; then echo_i "failed"; fi 212 status=$((status + ret)) 213 214 n=$((n + 1)) 215 echo_i "checking that freezing static zones is not allowed ($n)" 216 ret=0 217 $RNDCCMD 10.53.0.2 freeze static >rndc.out.1.test$n 2>&1 && ret=1 218 grep 'not dynamic' rndc.out.1.test$n >/dev/null || ret=1 219 if [ $ret != 0 ]; then echo_i "failed"; fi 220 status=$((status + ret)) 221 222 n=$((n + 1)) 223 echo_i "checking that journal is removed when serial is changed before thaw ($n)" 224 ret=0 225 sleep 1 226 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 227 server 10.53.0.2 228 zone other. 229 update add text6.other. 600 IN TXT "addition 6" 230 send 231 END 232 [ -s ns2/other.db.jnl ] || { 233 echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have" 234 ret=1 235 } 236 $RNDCCMD 10.53.0.2 freeze other 2>&1 | sed 's/^/ns2 /' | cat_i 237 for i in 1 2 3 4 5 6 7 8 9 10; do 238 grep "addition 6" ns2/other.db >/dev/null && break 239 sleep 1 240 done 241 serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db) 242 newserial=$((serial + 1)) 243 sed s/$serial/$newserial/ ns2/other.db >ns2/other.db.new 244 echo 'frozen TXT "frozen addition"' >>ns2/other.db.new 245 mv -f ns2/other.db.new ns2/other.db 246 $RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i 247 sleep 1 248 [ -f ns2/other.db.jnl ] && { 249 echo_i "'test -f ns2/other.db.jnl' succeeded when it shouldn't have" 250 ret=1 251 } 252 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1 253 server 10.53.0.2 254 zone other. 255 update add text7.other. 600 IN TXT "addition 7" 256 send 257 END 258 $DIGCMD @10.53.0.2 text6.other. TXT >dig.out.1.test$n || ret=1 259 grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 260 $DIGCMD @10.53.0.2 text7.other. TXT >dig.out.2.test$n || ret=1 261 grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 262 $DIGCMD @10.53.0.2 frozen.other. TXT >dig.out.3.test$n || ret=1 263 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 264 if [ $ret != 0 ]; then echo_i "failed"; fi 265 status=$((status + ret)) 266 267 n=$((n + 1)) 268 echo_i "checking that journal is kept when ixfr-from-differences is in use ($n)" 269 ret=0 270 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.1.test$n 2>&1 <<END || ret=1 271 server 10.53.0.2 272 zone nil. 273 update add text6.nil. 600 IN TXT "addition 6" 274 send 275 END 276 [ -s ns2/nil.db.jnl ] || { 277 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 278 ret=1 279 } 280 $RNDCCMD 10.53.0.2 freeze nil 2>&1 | sed 's/^/ns2 /' | cat_i 281 for i in 1 2 3 4 5 6 7 8 9 10; do 282 grep "addition 6" ns2/nil.db >/dev/null && break 283 sleep 1 284 done 285 serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db) 286 newserial=$((serial + 1)) 287 sed s/$serial/$newserial/ ns2/nil.db >ns2/nil.db.new 288 echo 'frozen TXT "frozen addition"' >>ns2/nil.db.new 289 mv -f ns2/nil.db.new ns2/nil.db 290 $RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i 291 sleep 1 292 [ -s ns2/nil.db.jnl ] || { 293 echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have" 294 ret=1 295 } 296 $NSUPDATE -p ${PORT} -k ns2/session.key >nsupdate.out.2.test$n 2>&1 <<END || ret=1 297 server 10.53.0.2 298 zone nil. 299 update add text7.nil. 600 IN TXT "addition 7" 300 send 301 END 302 $DIGCMD @10.53.0.2 text6.nil. TXT >dig.out.1.test$n || ret=1 303 grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 304 $DIGCMD @10.53.0.2 text7.nil. TXT >dig.out.2.test$n || ret=1 305 grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 306 $DIGCMD @10.53.0.2 frozen.nil. TXT >dig.out.3.test$n || ret=1 307 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 308 if [ $ret != 0 ]; then echo_i "failed"; fi 309 status=$((status + ret)) 310 311 # temp test 312 echo_i "dumping stats ($n)" 313 $RNDCCMD 10.53.0.2 stats 314 n=$((n + 1)) 315 echo_i "verifying adb records in named.stats ($n)" 316 grep "ADB stats" ns2/named.stats >/dev/null || ret=1 317 if [ $ret != 0 ]; then echo_i "failed"; fi 318 status=$((status + ret)) 319 320 n=$((n + 1)) 321 echo_i "test using second key ($n)" 322 ret=0 323 $RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status >/dev/null || ret=1 324 if [ $ret != 0 ]; then echo_i "failed"; fi 325 status=$((status + ret)) 326 327 n=$((n + 1)) 328 echo_i "test 'rndc dumpdb' with an unwritable dump-file ($n)" 329 ret=0 330 touch ns2/named_dump.db 331 chmod -w ns2/named_dump.db 332 rndc_dumpdb ns2 2>/dev/null && ret=1 333 grep -F "failed: permission denied" "rndc.out.test$n" >/dev/null || ret=1 334 if [ $ret != 0 ]; then echo_i "failed"; fi 335 status=$((status + ret)) 336 337 n=$((n + 1)) 338 echo_i "test 'rndc dumpdb' on a empty cache ($n)" 339 ret=0 340 rndc_dumpdb ns3 || ret=1 341 if [ $ret != 0 ]; then echo_i "failed"; fi 342 status=$((status + ret)) 343 344 n=$((n + 1)) 345 echo_i "test 'rndc reload' on a zone with include files ($n)" 346 ret=0 347 grep "incl/IN: skipping load" ns2/named.run >/dev/null && ret=1 348 loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) 349 [ "$loads" -eq 1 ] || ret=1 350 $RNDCCMD 10.53.0.2 reload >/dev/null || ret=1 351 for i in 1 2 3 4 5 6 7 8 9; do 352 tmp=0 353 grep "incl/IN: skipping load" ns2/named.run >/dev/null || tmp=1 354 [ $tmp -eq 0 ] && break 355 sleep 1 356 done 357 [ $tmp -eq 1 ] && ret=1 358 touch ns2/static.db 359 $RNDCCMD 10.53.0.2 reload >/dev/null || ret=1 360 for i in 1 2 3 4 5 6 7 8 9; do 361 tmp=0 362 loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) 363 [ "$loads" -eq 2 ] || tmp=1 364 [ $tmp -eq 0 ] && break 365 sleep 1 366 done 367 [ $tmp -eq 1 ] && ret=1 368 if [ $ret != 0 ]; then echo_i "failed"; fi 369 status=$((status + ret)) 370 371 n=$((n + 1)) 372 if $FEATURETEST --md5; then 373 echo_i "testing rndc with hmac-md5 ($n)" 374 ret=0 375 $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status >/dev/null 2>&1 || ret=1 376 for i in 2 3 4 5 6; do 377 $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 378 done 379 if [ $ret != 0 ]; then echo_i "failed"; fi 380 status=$((status + ret)) 381 else 382 echo_i "skipping rndc with hmac-md5 ($n)" 383 fi 384 385 n=$((n + 1)) 386 echo_i "testing rndc with hmac-sha1 ($n)" 387 ret=0 388 $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key2.conf status >/dev/null 2>&1 || ret=1 389 for i in 1 3 4 5 6; do 390 $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 391 done 392 if [ $ret != 0 ]; then echo_i "failed"; fi 393 status=$((status + ret)) 394 395 n=$((n + 1)) 396 echo_i "testing rndc with hmac-sha224 ($n)" 397 ret=0 398 $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key3.conf status >/dev/null 2>&1 || ret=1 399 for i in 1 2 4 5 6; do 400 $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 401 done 402 if [ $ret != 0 ]; then echo_i "failed"; fi 403 status=$((status + ret)) 404 405 n=$((n + 1)) 406 echo_i "testing rndc with hmac-sha256 ($n)" 407 ret=0 408 $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key4.conf status >/dev/null 2>&1 || ret=1 409 for i in 1 2 3 5 6; do 410 $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 411 done 412 if [ $ret != 0 ]; then echo_i "failed"; fi 413 status=$((status + ret)) 414 415 n=$((n + 1)) 416 echo_i "testing rndc with hmac-sha384 ($n)" 417 ret=0 418 $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key5.conf status >/dev/null 2>&1 || ret=1 419 for i in 1 2 3 4 6; do 420 $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key${i}.conf status >/dev/null 2>&1 && ret=1 421 done 422 if [ $ret != 0 ]; then echo_i "failed"; fi 423 status=$((status + ret)) 424 425 n=$((n + 1)) 426 echo_i "testing rndc with hmac-sha512 ($n)" 427 ret=0 428 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >/dev/null 2>&1 || ret=1 429 for i in 1 2 3 4 5; do 430 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key${i}.conf status >/dev/null 2>&1 2>&1 && ret=1 431 done 432 if [ $ret != 0 ]; then echo_i "failed"; fi 433 status=$((status + ret)) 434 435 n=$((n + 1)) 436 echo_i "testing single control channel with multiple algorithms ($n)" 437 ret=0 438 for i in 1 2 3 4 5 6; do 439 test $i = 1 && $FEATURETEST --have-fips-mode && continue 440 $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status >/dev/null 2>&1 || ret=1 441 done 442 if [ $ret != 0 ]; then echo_i "failed"; fi 443 status=$((status + ret)) 444 445 n=$((n + 1)) 446 echo_i "testing automatic zones are reported ($n)" 447 ret=0 448 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n || ret=1 449 grep "number of zones: 201 (200 automatic)" rndc.out.1.test$n >/dev/null || ret=1 450 if [ $ret != 0 ]; then echo_i "failed"; fi 451 status=$((status + ret)) 452 453 n=$((n + 1)) 454 echo_i "testing rndc with null command ($n)" 455 ret=0 456 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf null || ret=1 457 if [ $ret != 0 ]; then echo_i "failed"; fi 458 status=$((status + ret)) 459 460 n=$((n + 1)) 461 echo_i "testing rndc with unknown control channel command ($n)" 462 ret=0 463 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf obviouslynotacommand >/dev/null 2>&1 && ret=1 464 # rndc: 'obviouslynotacommand' failed: unknown command 465 if [ $ret != 0 ]; then echo_i "failed"; fi 466 status=$((status + ret)) 467 468 n=$((n + 1)) 469 echo_i "testing rndc with querylog command ($n)" 470 ret=0 471 # first enable it with querylog on option 472 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog on >/dev/null 2>&1 || ret=1 473 grep "query logging is now on" ns4/named.run >/dev/null || ret=1 474 # query for builtin and check if query was logged (without +subnet) 475 $DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo12345.bind +qr >dig.out.1.test$n 2>&1 || ret=1 476 grep "query: foo12345.bind CH TXT.*(.*)$" ns4/named.run >/dev/null || ret=1 477 # query for another builtin zone and check if query was logged (with +subnet=127.0.0.1) 478 $DIG +subnet=127.0.0.1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12346.bind +qr >dig.out.2.test$n 2>&1 || ret=1 479 grep "query: foo12346.bind CH TXT.*\[ECS 127\.0\.0\.1/32/0]" ns4/named.run >/dev/null || ret=1 480 # query for another builtin zone and check if query was logged (with +subnet=127.0.0.1/24) 481 $DIG +subnet=127.0.0.1/24 @10.53.0.4 -p ${PORT} -c ch -t txt foo12347.bind +qr >dig.out.3.test$n 2>&1 || ret=1 482 grep "query: foo12347.bind CH TXT.*\[ECS 127\.0\.0\.0/24/0]" ns4/named.run >/dev/null || ret=1 483 # query for another builtin zone and check if query was logged (with +subnet=::1) 484 $DIG +subnet=::1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12348.bind +qr >dig.out.4.test$n 2>&1 || ret=1 485 grep "query: foo12348.bind CH TXT.*\[ECS ::1/128/0]" ns4/named.run >/dev/null || ret=1 486 # toggle query logging and check again 487 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog >/dev/null 2>&1 || ret=1 488 grep "query logging is now off" ns4/named.run >/dev/null || ret=1 489 # query for another builtin zone and check if query was logged (without +subnet) 490 $DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo9876.bind +qr >dig.out.5.test$n 2>&1 || ret=1 491 grep "query: foo9876.bind CH TXT.*(.*)$" ns4/named.run >/dev/null && ret=1 492 if [ $ret != 0 ]; then echo_i "failed"; fi 493 status=$((status + ret)) 494 495 RNDCCMD4="$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf" 496 n=$((n + 1)) 497 echo_i "testing rndc nta time limits ($n)" 498 ret=0 499 $RNDCCMD4 nta -l 2h nta1.example >rndc.out.1.test$n 2>&1 500 grep "Negative trust anchor added" rndc.out.1.test$n >/dev/null || ret=1 501 $RNDCCMD4 nta -l 1d nta2.example >rndc.out.2.test$n 2>&1 502 grep "Negative trust anchor added" rndc.out.2.test$n >/dev/null || ret=1 503 $RNDCCMD4 nta -l 1w nta3.example >rndc.out.3.test$n 2>&1 504 grep "Negative trust anchor added" rndc.out.3.test$n >/dev/null || ret=1 505 $RNDCCMD4 nta -l 8d nta4.example >rndc.out.4.test$n 2>&1 && ret=1 506 grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n >/dev/null || ret=1 507 if [ $ret != 0 ]; then echo_i "failed"; fi 508 status=$((status + ret)) 509 510 n=$((n + 1)) 511 echo_i "testing rndc nta -class option ($n)" 512 ret=0 513 nextpart ns4/named.run >/dev/null 514 $RNDCCMD4 nta -c in nta1.example >rndc.out.1.test$n 2>&1 515 nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1 516 $RNDCCMD4 nta -c any nta1.example >rndc.out.2.test$n 2>&1 517 nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null || ret=1 518 $RNDCCMD4 nta -c ch nta1.example >rndc.out.3.test$n 2>&1 519 nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1 520 $RNDCCMD4 nta -c fake nta1.example >rndc.out.4.test$n 2>&1 && ret=1 521 nextpart ns4/named.run | grep "added NTA 'nta1.example'" >/dev/null && ret=1 522 grep 'unknown class' rndc.out.4.test$n >/dev/null || ret=1 523 if [ $ret != 0 ]; then echo_i "failed"; fi 524 status=$((status + ret)) 525 526 for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288; do 527 n=$((n + 1)) 528 echo_i "testing rndc buffer size limits (size=${i}) ($n)" 529 ret=0 530 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 >rndc.out.$i.test$n || ret=1 531 { 532 actual_size=$($GENCHECK rndc.out.$i.test$n) 533 rc=$? 534 } || true 535 if [ "$rc" = "0" ]; then 536 expected_size=$((i + 1)) 537 if [ $actual_size != $expected_size ]; then ret=1; fi 538 else 539 ret=1 540 fi 541 542 if [ $ret != 0 ]; then echo_i "failed"; fi 543 status=$((status + ret)) 544 done 545 546 n=$((n + 1)) 547 echo_i "testing rndc -r (show result) ($n)" 548 ret=0 549 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 >rndc.out.1.test$n || ret=1 550 grep "ISC_R_SUCCESS 0" rndc.out.1.test$n >/dev/null || ret=1 551 if [ $ret != 0 ]; then echo_i "failed"; fi 552 status=$((status + ret)) 553 554 n=$((n + 1)) 555 echo_i "testing rndc with a token containing a space ($n)" 556 ret=0 557 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r flush '"view with a space"' 2>&1 >rndc.out.1.test$n || ret=1 558 grep "not found" rndc.out.1.test$n >/dev/null && ret=1 559 if [ $ret != 0 ]; then echo_i "failed"; fi 560 status=$((status + ret)) 561 562 n=$((n + 1)) 563 echo_i "test 'rndc reconfig' with a broken config ($n)" 564 ret=0 565 nextpart ns4/named.run >/dev/null 566 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 567 wait_for_log 3 "running" ns4/named.run 568 mv ns4/named.conf ns4/named.conf.save 569 echo "error error error" >>ns4/named.conf 570 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >rndc.out.1.test$n 2>&1 && ret=1 571 grep "rndc: 'reconfig' failed: unexpected token" rndc.out.1.test$n >/dev/null || ret=1 572 if [ $ret != 0 ]; then echo_i "failed"; fi 573 status=$((status + ret)) 574 575 n=$((n + 1)) 576 echo_i "check rndc status reports failure ($n)" 577 ret=0 578 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1 579 grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null || ret=1 580 if [ $ret != 0 ]; then echo_i "failed"; fi 581 status=$((status + ret)) 582 583 n=$((n + 1)) 584 echo_i "restore working config ($n)" 585 ret=0 586 nextpart ns4/named.run >/dev/null 587 mv ns4/named.conf.save ns4/named.conf 588 sleep 1 589 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig >/dev/null || ret=1 590 wait_for_log 3 "running" ns4/named.run 591 if [ $ret != 0 ]; then echo_i "failed"; fi 592 status=$((status + ret)) 593 594 n=$((n + 1)) 595 echo_i "check 'rndc status' 'reload/reconfig failure' is cleared after successful reload/reconfig ($n)" 596 ret=0 597 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status >rndc.out.1.test$n 2>&1 || ret=1 598 grep "reload/reconfig failed" rndc.out.1.test$n >/dev/null && ret=1 599 if [ $ret != 0 ]; then echo_i "failed"; fi 600 status=$((status + ret)) 601 602 n=$((n + 1)) 603 echo_i "test read-only control channel access ($n)" 604 ret=0 605 $RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1 606 $RNDCCMD 10.53.0.5 nta -dump >rndc.out.2.test$n 2>&1 || ret=1 607 $RNDCCMD 10.53.0.5 reconfig >rndc.out.3.test$n 2>&1 && ret=1 608 if [ $ret != 0 ]; then echo_i "failed"; fi 609 status=$((status + ret)) 610 611 n=$((n + 1)) 612 echo_i "test rndc status shows running on ($n)" 613 ret=0 614 $RNDCCMD 10.53.0.5 status >rndc.out.1.test$n 2>&1 || ret=1 615 grep "^running on " rndc.out.1.test$n >/dev/null || ret=1 616 if [ $ret != 0 ]; then echo_i "failed"; fi 617 status=$((status + ret)) 618 619 n=$((n + 1)) 620 echo_i "test 'rndc reconfig' with loading of a large zone ($n)" 621 ret=0 622 nextpart ns6/named.run >/dev/null 623 cp ns6/named.conf ns6/named.conf.save 624 echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >>ns6/named.conf 625 echo_i "reloading config" 626 $RNDCCMD 10.53.0.6 reconfig >rndc.out.1.test$n 2>&1 || ret=1 627 if [ $ret != 0 ]; then echo_i "failed"; fi 628 status=$((status + ret)) 629 sleep 1 630 631 n=$((n + 1)) 632 echo_i "check if zone load was scheduled ($n)" 633 wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1 634 if [ $ret != 0 ]; then echo_i "failed"; fi 635 status=$((status + ret)) 636 637 n=$((n + 1)) 638 echo_i "check if query for the zone returns SERVFAIL ($n)" 639 $DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n || ret=1 640 grep "SERVFAIL" dig.out.1.test$n >/dev/null || ret=1 641 if [ $ret != 0 ]; then 642 echo_i "failed (ignored)" 643 ret=0 644 fi 645 status=$((status + ret)) 646 647 n=$((n + 1)) 648 echo_i "wait for the zones to be loaded ($n)" 649 wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1 650 if [ $ret != 0 ]; then echo_i "failed"; fi 651 status=$((status + ret)) 652 653 n=$((n + 1)) 654 echo_i "check if query for the zone returns NOERROR ($n)" 655 $DIG @10.53.0.6 -p ${PORT} -t soa huge.zone >dig.out.1.test$n || ret=1 656 grep "NOERROR" dig.out.1.test$n >/dev/null || ret=1 657 if [ $ret != 0 ]; then echo_i "failed"; fi 658 status=$((status + ret)) 659 660 n=$((n + 1)) 661 echo_i "verify that the full command is logged ($n)" 662 ret=0 663 $RNDCCMD 10.53.0.2 null with extra arguments >/dev/null 2>&1 664 grep "received control channel command 'null with extra arguments'" ns2/named.run >/dev/null || ret=1 665 if [ $ret != 0 ]; then echo_i "failed"; fi 666 status=$((status + ret)) 667 668 mv ns6/named.conf.save ns6/named.conf 669 sleep 1 670 $RNDCCMD 10.53.0.6 reconfig >/dev/null || ret=1 671 sleep 1 672 if [ $ret != 0 ]; then echo_i "failed"; fi 673 status=$((status + ret)) 674 675 n=$((n + 1)) 676 echo_i "check 'rndc \"\"' is handled ($n)" 677 ret=0 678 $RNDCCMD 10.53.0.2 "" >rndc.out.1.test$n 2>&1 && ret=1 679 grep "rndc: '' failed: failure" rndc.out.1.test$n >/dev/null 680 if [ $ret != 0 ]; then echo_i "failed"; fi 681 status=$((status + ret)) 682 683 n=$((n + 1)) 684 echo_i "check rndc -4 -6 ($n)" 685 ret=0 686 $RNDCCMD 10.53.0.2 -4 -6 status >rndc.out.1.test$n 2>&1 && ret=1 687 grep "only one of -4 and -6 allowed" rndc.out.1.test$n >/dev/null || ret=1 688 if [ $ret != 0 ]; then echo_i "failed"; fi 689 status=$((status + ret)) 690 691 n=$((n + 1)) 692 echo_i "check rndc -4 with an IPv6 server address ($n)" 693 ret=0 694 $RNDCCMD fd92:7065:b8e:ffff::2 -4 status >rndc.out.1.test$n 2>&1 && ret=1 695 grep "address family not supported" rndc.out.1.test$n >/dev/null || ret=1 696 if [ $ret != 0 ]; then echo_i "failed"; fi 697 status=$((status + ret)) 698 699 n=$((n + 1)) 700 echo_i "check rndc nta reports adding to multiple views ($n)" 701 ret=0 702 $RNDCCMD 10.53.0.3 nta test.com >rndc.out.test$n 2>&1 || ret=1 703 lines=$(cat rndc.out.test$n | wc -l) 704 [ ${lines:-0} -eq 2 ] || ret=1 705 if [ $ret != 0 ]; then echo_i "failed"; fi 706 status=$((status + ret)) 707 708 n=$((n + 1)) 709 echo_i "check 'rndc retransfer' of primary error message ($n)" 710 ret=0 711 $RNDCCMD 10.53.0.2 retransfer nil >rndc.out.test$n 2>&1 && ret=1 712 grep "rndc: 'retransfer' failed: failure" rndc.out.test$n >/dev/null || ret=1 713 grep "retransfer: inappropriate zone type: primary" rndc.out.test$n >/dev/null || ret=1 714 lines=$(cat rndc.out.test$n | wc -l) 715 [ ${lines:-0} -eq 2 ] || ret=1 716 if [ $ret != 0 ]; then echo_i "failed"; fi 717 status=$((status + ret)) 718 719 n=$((n + 1)) 720 echo_i "check 'rndc freeze' with in-view zones works ($n)" 721 ret=0 722 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze >rndc.out.test$n 2>&1 || ret=1 723 test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i 724 if [ $ret != 0 ]; then echo_i "failed"; fi 725 status=$((status + ret)) 726 727 n=$((n + 1)) 728 echo_i "checking non in-view zone instance is not writable ($n)" 729 ret=0 730 $NSUPDATE -p ${PORT} >/dev/null 2>&1 <<END && ret=1 731 server 10.53.0.4 732 zone example. 733 update add text2.example. 600 IN TXT "addition 3" 734 send 735 END 736 $DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1 737 grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1 738 if [ $ret != 0 ]; then echo_i "failed"; fi 739 status=$((status + ret)) 740 741 n=$((n + 1)) 742 echo_i "check 'rndc thaw' with in-view zones works ($n)" 743 ret=0 744 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw >rndc.out.test$n 2>&1 || ret=1 745 test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i 746 if [ $ret != 0 ]; then echo_i "failed"; fi 747 status=$((status + ret)) 748 749 n=$((n + 1)) 750 echo_i "checking non in-view zone instance is now writable ($n)" 751 ret=0 752 $NSUPDATE -p ${PORT} >nsupdate.out.test$n 2>&1 <<END || ret=1 753 server 10.53.0.4 754 zone example. 755 update add text2.example. 600 IN TXT "addition 3" 756 send 757 END 758 $DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT >dig.out.1.test$n || ret=1 759 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 760 if [ $ret != 0 ]; then echo_i "failed"; fi 761 status=$((status + ret)) 762 763 n=$((n + 1)) 764 echo_i "checking initial in-view zone file is loaded ($n)" 765 ret=0 766 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 767 $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1 768 grep 'include 1' dig.out.1.test$n >/dev/null || ret=1 769 TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 770 $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1 771 grep 'include 1' dig.out.2.test$n >/dev/null || ret=1 772 if [ $ret != 0 ]; then echo_i "failed"; fi 773 status=$((status + ret)) 774 775 echo_i "update in-view zone ($n)" 776 ret=0 777 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 778 $NSUPDATE -p ${PORT} -y "$TSIG" >/dev/null 2>&1 <<END || ret=1 779 server 10.53.0.7 780 zone test. 781 update add text2.test. 600 IN TXT "addition 1" 782 send 783 END 784 [ -s ns7/test.db.jnl ] || { 785 echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have" 786 ret=1 787 } 788 if [ $ret != 0 ]; then echo_i "failed"; fi 789 status=$((status + ret)) 790 791 echo_i "checking update ($n)" 792 ret=0 793 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 794 $DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT >dig.out.1.test$n || ret=1 795 grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1 796 if [ $ret != 0 ]; then echo_i "failed"; fi 797 status=$((status + ret)) 798 799 nextpart ns7/named.run >/dev/null 800 801 echo_i "rndc freeze" 802 $RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i 803 804 wait_for_log 3 "dump_done: zone test/IN/internal: enter" ns7/named.run 805 806 echo_i "edit zone files" 807 cp ns7/test.db.in ns7/test.db 808 cp ns7/include2.db.in ns7/include.db 809 810 echo_i "rndc thaw" 811 $RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i 812 813 wait_for_log 3 "zone_postload: zone test/IN/internal: done" ns7/named.run 814 815 echo_i "rndc reload" 816 $RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i 817 818 wait_for_log 3 "all zones loaded" ns7/named.run 819 820 n=$((n + 1)) 821 echo_i "checking zone file edits are loaded ($n)" 822 ret=0 823 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 824 $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.1.test$n || ret=1 825 grep 'include 2' dig.out.1.test$n >/dev/null || ret=1 826 TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" 827 $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT >dig.out.2.test$n || ret=1 828 grep 'include 2' dig.out.2.test$n >/dev/null || ret=1 829 if [ $ret != 0 ]; then echo_i "failed"; fi 830 status=$((status + ret)) 831 832 n=$((n + 1)) 833 echo_i "check rndc nta -dump reports NTAs in multiple views ($n)" 834 ret=0 835 $RNDCCMD 10.53.0.3 nta -dump >rndc.out.test$n 2>&1 || ret=1 836 lines=$(cat rndc.out.test$n | wc -l) 837 [ ${lines:-0} -eq 2 ] || ret=1 838 if [ $ret != 0 ]; then echo_i "failed"; fi 839 status=$((status + ret)) 840 841 echo_i "exit status: $status" 842 [ $status -eq 0 ] || exit 1 843
Indexes created Sat Feb 28 05:31:39 UTC 2026