diff --git a/bin/tests/system/digcomp.pl b/bin/tests/system/digcomp.pl new file mode 100644 index 0000000000..844f25ca21 --- /dev/null +++ b/bin/tests/system/digcomp.pl @@ -0,0 +1,93 @@ +#!/usr/bin/perl +# +# Copyright (C) 1999, 2000 Internet Software Consortium. +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS +# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE +# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL +# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR +# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS +# SOFTWARE. + +# Compare two files, each with the output from dig, for differences. +# Ignore "unimportant" differences, like ordering of NS lines, TTL's, +# etc... + +$file1 = $ARGV[0]; +$file2 = $ARGV[1]; + +$count = 0; +$firstname = ""; +$status = 0; + +open(FILE1, $file1) || die("$! $file1"); +while () { + chomp; + next if (/^;/); + if (/^(\S+)\s+\S+\s+(\S+)\s+(\S+)\s+(.+)$/) { + $name = $1; + $class = $2; + $type = $3; + $value = $4; + if ($type eq "SOA") { + $firstname = $name if ($firstname eq ""); + if ($name eq $firstname) { + $name = "$name$count"; + $count++; + } + } + if ($entry{"$name ; $class.$type ; $value"} ne "") { + $line = $entry{"$name ; $class.$type ; $value"}; + print ("Duplicate entry:\n> $_\n< $line\n"); + } else { + $entry{"$name ; $class.$type ; $value"} = $_; + } + } +} +close (FILE1); + +$printed = 0; + +open(FILE2, $file2) || die("$! $file2"); +while () { + chomp; + next if (/^;/); + if (/^(\S+)\s+\S+\s+(\S+)\s+(\S+)\s+(.+)$/) { + $name = $1; + $class = $2; + $type = $3; + $value = $4; + if (($name eq $firstname) && ($type eq "SOA")) { + $count--; + $name = "$name$count"; + } + if ($entry{"$name ; $class.$type ; $value"} ne "") { + $entry{"$name ; $class.$type ; $value"} = ""; + } else { + print ("Only in $file2 (missing from $file1):\n") if ($printed == 0); + print ("> $_\n"); + $printed++; + $status = 1; + } + } +} +close (FILE2); + +$printed = 0; + +foreach $key (keys(%entry)) { + if ($entry{$key} ne "") { + print ("Only in $file1 (missing from $file2):\n") if ($printed == 0); + print ("< $entry{$key}\n"); + $status = 1; + $printed++; + } +} + +exit($status); diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh new file mode 100644 index 0000000000..7e3f43352d --- /dev/null +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +zone=. +infile=root.db.in +zonefile=root.db + +keyname=`$KEYGEN -a RSA -b 768 -n zone $zone` + +(cd ../ns2 && sh sign.sh ) + +cp ../ns2/example.keyset . + +echo $KEYSIGNER example.keyset $keyname +$KEYSIGNER example.keyset $keyname + +cat example.signedkey >> ../ns2/example.db.signed + +echo $KEYSETTOOL $keyname +$KEYSETTOOL $keyname + +cat $infile $keyname.key > $zonefile + +echo $SIGNER -o $zone $zonefile +$SIGNER -o $zone $zonefile + +# Configure the resolving server with a trusted key. + +cat $keyname.key | perl -n -e ' +my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; +my $key = join("", @rest); +print < trusted.conf +cp trusted.conf ../ns2/trusted.conf +cp trusted.conf ../ns3/trusted.conf +cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/dnssec/ns3/bogus.example.db.in b/bin/tests/system/dnssec/ns3/bogus.example.db.in new file mode 100644 index 0000000000..88e71ad2ff --- /dev/null +++ b/bin/tests/system/dnssec/ns3/bogus.example.db.in @@ -0,0 +1,15 @@ +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf index 3a00d45d0f..3a5e48df03 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -13,7 +13,7 @@ zone "." { zone "example" { type slave; file "example.bk"; -} +}; zone "secure.example" { type master; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh new file mode 100644 index 0000000000..e306b6c14b --- /dev/null +++ b/bin/tests/system/dnssec/tests.sh @@ -0,0 +1,53 @@ +#!/bin/sh +# +# Perform tests +# + +if [ -f dig.out.ns2 ]; then + rm -f dig.out.ns2 +fi +if [ -f dig.out.ns3 ]; then + rm -f dig.out.ns3 +fi +if [ -f dig.out.ns4 ]; then + rm -f dig.out.ns4 +fi + +# Make sure all of the servers are up +status=0; +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd . \ + @10.53.0.2 soa > dig.out.ns2 +status=`expr $status + $?` +grep ";" dig.out.ns2 + +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd . \ + @10.53.0.3 soa > dig.out.ns3 +status=`expr $status + $?` +grep ";" dig.out.ns3 + +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd . \ + @10.53.0.4 soa > dig.out.ns4 +status=`expr $status + $?` +grep ";" dig.out.ns4 + +perl ../digcomp.pl dig.out.ns2 dig.out.ns3 +perl ../digcomp.pl dig.out.ns2 dig.out.ns4 + +# Check the example. domain +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + a.example. @10.53.0.2 a > dig.out.ns2 +status=`expr $status + $?` +grep ";" dig.out.ns2 + +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + a.example. @10.53.0.3 a > dig.out.ns3 +status=`expr $status + $?` +grep ";" dig.out.ns3 + +../../../dig/dig +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \ + a.example. @10.53.0.4 a > dig.out.ns4 +status=`expr $status + $?` +grep ";" dig.out.ns4 + +perl ../digcomp.pl dig.out.ns2 dig.out.ns3 +perl ../digcomp.pl dig.out.ns2 dig.out.ns4