bind9/bin/tests/system/forward/tests.sh

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

DIGOPTS="-p ${PORT}"

root=10.53.0.1
hidden=10.53.0.2
f1=10.53.0.3
f2=10.53.0.4

status=0

echo_i "checking that a forward zone overrides global forwarders"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f1 > dig.out.f1 || ret=1
digcomp dig.out.hidden dig.out.f1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that a forward first zone no forwarders recurses"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
digcomp dig.out.root dig.out.f1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that a forward only zone no forwarders fails"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1
digcomp dig.out.root dig.out.f1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that global forwarders work"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$hidden > dig.out.hidden || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$f1 > dig.out.f1 || ret=1
digcomp dig.out.hidden dig.out.f1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that a forward zone works"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f2 > dig.out.f2 || ret=1
digcomp dig.out.hidden dig.out.f2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that forwarding doesn't spontaneously happen"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f2 > dig.out.f2 || ret=1
digcomp dig.out.root dig.out.f2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that a forward zone with no specified policy works"
ret=0
$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$hidden > dig.out.hidden || ret=1
$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$f2 > dig.out.f2 || ret=1
digcomp dig.out.hidden dig.out.f2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that a forward only doesn't recurse"
ret=0
$DIG $DIGOPTS txt.example5. txt @$f2 > dig.out.f2 || ret=1
grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking for negative caching of forwarder response"
# prime the cache, shutdown the forwarder then check that we can
# get the answer from the cache.  restart forwarder.
ret=0
$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
$PERL ../stop.pl . ns4 || ret=1
$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1
grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
$PERL ../start.pl --restart --noclean --port ${PORT} . ns4 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that forward only zone overrides empty zone"
ret=0
$DIG $DIGOPTS 1.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
grep "status: NOERROR" dig.out.f2 > /dev/null || ret=1
$DIG $DIGOPTS 2.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2
grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that DS lookups for grafting forward zones are isolated"
ret=0
$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q1
$DIG $DIGOPTS grafted DS @10.53.0.4 > dig.out.q2
$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q3
$DIG $DIGOPTS grafted AAAA @10.53.0.4 > dig.out.q4
grep "status: NOERROR" dig.out.q1 > /dev/null || ret=1
grep "status: NXDOMAIN" dig.out.q2 > /dev/null || ret=1
grep "status: NOERROR" dig.out.q3 > /dev/null || ret=1
grep "status: NOERROR" dig.out.q4 > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that rfc1918 inherited 'forward first;' zones are warned about"
ret=0
$CHECKCONF rfc1918-inherited.conf | grep "forward first;" >/dev/null || ret=1
$CHECKCONF rfc1918-notinherited.conf | grep "forward first;" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "checking that ULA inherited 'forward first;' zones are warned about"
ret=0
$CHECKCONF ula-inherited.conf | grep "forward first;" >/dev/null || ret=1
$CHECKCONF ula-notinherited.conf | grep "forward first;" >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`

echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
Update license headers to not include years in copyright in all applicable files 2018-02-23 03:53:12 -05:00			`# Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
reverse bad copyright update 2012-06-28 21:39:47 -04:00			`#`
4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 00:56:38 -04:00			`# This Source Code Form is subject to the terms of the Mozilla Public`
			`# License, v. 2.0. If a copy of the MPL was not distributed with this`
			`# file, You can obtain one at http://mozilla.org/MPL/2.0/.`
Update license headers to not include years in copyright in all applicable files 2018-02-23 03:53:12 -05:00			`#`
			`# See the COPYRIGHT file distributed with this work for additional`
			`# information regarding copyright ownership.`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00
			`SYSTEMTESTTOP=..`
			`. $SYSTEMTESTTOP/conf.sh`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`DIGOPTS="-p ${PORT}"`

Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`root=10.53.0.1`
			`hidden=10.53.0.2`
			`f1=10.53.0.3`
			`f2=10.53.0.4`

			`status=0`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward zone overrides global forwarders"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f1 > dig.out.f1 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.hidden dig.out.f1 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward first zone no forwarders recurses"`
Add one more test; make sure configuration files are legal. 2001-03-09 13:49:57 -05:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.root dig.out.f1 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Add one more test; make sure configuration files are legal. 2001-03-09 13:49:57 -05:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward only zone no forwarders fails"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.root dig.out.f1 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that global forwarders work"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$hidden > dig.out.hidden \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$f1 > dig.out.f1 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.hidden dig.out.f1 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward zone works"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f2 > dig.out.f2 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.hidden dig.out.f2 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that forwarding doesn't spontaneously happen"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f2 > dig.out.f2 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.root dig.out.f2 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward zone with no specified policy works"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$hidden > dig.out.hidden \|\| ret=1`
			`$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$f2 > dig.out.f2 \|\| ret=1`
clean up test output - removed a few remaing places where output wasn't being passed through echo_i or cat_i - added a "digcomp" function to conf.sh.in to send digcomp.pl output through cat_i and return the correct exit value - set SYSTESTDIR when calling echo_i from nsX directories, so that the test name will always be printed correctly - fixed a test name typo in conf.sh.in 2018-02-24 03:48:50 -05:00			`digcomp dig.out.hidden dig.out.f2 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that a forward only doesn't recurse"`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS txt.example5. txt @$f2 > dig.out.f2 \|\| ret=1`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			`grep "SERVFAIL" dig.out.f2 > /dev/null \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
Added a system test for selective forwarding. 2000-08-24 18:23:46 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking for negative caching of forwarder response"`
3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380] 2011-10-11 20:18:11 -04:00			`# prime the cache, shutdown the forwarder then check that we can`
			`# get the answer from the cache. restart forwarder.`
			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 \|\| ret=1`
3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380] 2011-10-11 20:18:11 -04:00			`grep "status: NXDOMAIN" dig.out.f2 > /dev/null \|\| ret=1`
			`$PERL ../stop.pl . ns4 \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 \|\| ret=1`
3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380] 2011-10-11 20:18:11 -04:00			`grep "status: NXDOMAIN" dig.out.f2 > /dev/null \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$PERL ../start.pl --restart --noclean --port ${PORT} . ns4 \|\| ret=1`
			`if [ $ret != 0 ]; then echo_i "failed"; fi`
3167. [bug] Negative answers from forwarders were not being correctly tagged making them appear to not be cached. [RT #25380] 2011-10-11 20:18:11 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that forward only zone overrides empty zone"`
3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583] 2013-08-15 23:54:23 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS 1.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2`
3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583] 2013-08-15 23:54:23 -04:00			`grep "status: NOERROR" dig.out.f2 > /dev/null \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS 2.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2`
3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583] 2013-08-15 23:54:23 -04:00			`grep "status: NXDOMAIN" dig.out.f2 > /dev/null \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
3636. [bug] Automatic empty zones now behave better with forward only "zones" beneath them. [RT #34583] 2013-08-15 23:54:23 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that DS lookups for grafting forward zones are isolated"`
3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467] 2014-10-17 22:09:09 -04:00			`ret=0`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q1`
			`$DIG $DIGOPTS grafted DS @10.53.0.4 > dig.out.q2`
			`$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q3`
			`$DIG $DIGOPTS grafted AAAA @10.53.0.4 > dig.out.q4`
3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467] 2014-10-17 22:09:09 -04:00			`grep "status: NOERROR" dig.out.q1 > /dev/null \|\| ret=1`
			`grep "status: NXDOMAIN" dig.out.q2 > /dev/null \|\| ret=1`
			`grep "status: NOERROR" dig.out.q3 > /dev/null \|\| ret=1`
			`grep "status: NOERROR" dig.out.q4 > /dev/null \|\| ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
3981. [bug] Cache DS/NXDOMAIN independently of other query types. [RT #37467] 2014-10-17 22:09:09 -04:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that rfc1918 inherited 'forward first;' zones are warned about"`
4329. [func] Warn about a common misconfiguration when forwarding RFC 1918 zones. [RT #41441] 2016-03-07 18:11:23 -05:00			`ret=0`
			`$CHECKCONF rfc1918-inherited.conf \| grep "forward first;" >/dev/null \|\| ret=1`
			`$CHECKCONF rfc1918-notinherited.conf \| grep "forward first;" >/dev/null && ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
4329. [func] Warn about a common misconfiguration when forwarding RFC 1918 zones. [RT #41441] 2016-03-07 18:11:23 -05:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "checking that ULA inherited 'forward first;' zones are warned about"`
4329. [func] Warn about a common misconfiguration when forwarding RFC 1918 zones. [RT #41441] 2016-03-07 18:11:23 -05:00			`ret=0`
			`$CHECKCONF ula-inherited.conf \| grep "forward first;" >/dev/null \|\| ret=1`
			`$CHECKCONF ula-notinherited.conf \| grep "forward first;" >/dev/null && ret=1`
parallelize most system tests 2018-02-20 18:43:27 -05:00			`if [ $ret != 0 ]; then echo_i "failed"; fi`
4329. [func] Warn about a common misconfiguration when forwarding RFC 1918 zones. [RT #41441] 2016-03-07 18:11:23 -05:00			status=`expr $status + $ret`

parallelize most system tests 2018-02-20 18:43:27 -05:00			`echo_i "exit status: $status"`
do not overflow exit status. [RT #42643] 2016-06-13 23:48:39 -04:00			`[ $status -eq 0 ] \|\| exit 1`