mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-14 14:42:22 -04:00
Merge branch '3674-nsupdate--t-timeout-does-not-work-9.18' into 'bind-9.18'
[9.18] Resolve "nsupdate -t timeout does not work" See merge request isc-projects/bind9!7779
This commit is contained in:
Arаm Sаrgsyаn
commit
3d341d090b
6 changed files with 210 additions and 109 deletions
3
CHANGES
3
CHANGES
|
|
@ -2,6 +2,9 @@
|
|||
determining if revoked keys needs to be removed from
|
||||
the trust anchors. [GL #3981]
|
||||
|
||||
6141. [bug] Fix several issues in nsupdate timeout handling and
|
||||
update the -t option's documentation. [GL #3674]
|
||||
|
||||
6138. [doc] Fix the DF-flag documentation on the outgoing
|
||||
UDP packets. [GL #3710]
|
||||
|
||||
|
|
|
|||
|
|
@ -96,12 +96,11 @@
|
|||
|
||||
#include "../dig/readline.h"
|
||||
|
||||
#define MAXCMD (128 * 1024)
|
||||
#define MAXWIRE (64 * 1024)
|
||||
#define INITTEXT (2 * 1024)
|
||||
#define MAXTEXT (128 * 1024)
|
||||
#define FIND_TIMEOUT 5
|
||||
#define TTL_MAX 2147483647U /* Maximum signed 32 bit integer. */
|
||||
#define MAXCMD (128 * 1024)
|
||||
#define MAXWIRE (64 * 1024)
|
||||
#define INITTEXT (2 * 1024)
|
||||
#define MAXTEXT (128 * 1024)
|
||||
#define TTL_MAX 2147483647U /* Maximum signed 32 bit integer. */
|
||||
|
||||
#define DNSDEFAULTPORT 53
|
||||
|
||||
|
|
@ -1177,9 +1176,6 @@ parse_args(int argc, char **argv) {
|
|||
isc_commandline_argument);
|
||||
exit(1);
|
||||
}
|
||||
if (udp_timeout == 0) {
|
||||
udp_timeout = UINT_MAX;
|
||||
}
|
||||
break;
|
||||
case 'r':
|
||||
result = isc_parse_uint32(&udp_retries,
|
||||
|
|
@ -2614,9 +2610,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
|
|||
}
|
||||
|
||||
result = dns_request_create(requestmgr, soaquery, srcaddr, addr,
|
||||
0, NULL, FIND_TIMEOUT * 20,
|
||||
FIND_TIMEOUT, 3, global_task,
|
||||
recvsoa, reqinfo, &request);
|
||||
0, NULL, timeout, udp_timeout,
|
||||
udp_retries, global_task, recvsoa,
|
||||
reqinfo, &request);
|
||||
check_result(result, "dns_request_create");
|
||||
requests++;
|
||||
return;
|
||||
|
|
@ -2841,9 +2837,9 @@ sendrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
|
|||
}
|
||||
|
||||
result = dns_request_create(requestmgr, msg, srcaddr, destaddr, 0,
|
||||
default_servers ? NULL : tsigkey,
|
||||
FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
|
||||
global_task, recvsoa, reqinfo, request);
|
||||
default_servers ? NULL : tsigkey, timeout,
|
||||
udp_timeout, udp_retries, global_task,
|
||||
recvsoa, reqinfo, request);
|
||||
check_result(result, "dns_request_create");
|
||||
requests++;
|
||||
}
|
||||
|
|
@ -3043,7 +3039,7 @@ send_gssrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
|
|||
}
|
||||
|
||||
result = dns_request_create(requestmgr, msg, srcaddr, destaddr, options,
|
||||
tsigkey, FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
|
||||
tsigkey, timeout, udp_timeout, udp_retries,
|
||||
global_task, recvgss, reqinfo, request);
|
||||
check_result(result, "dns_request_create");
|
||||
if (debugging) {
|
||||
|
|
@ -3398,6 +3394,8 @@ getinput(isc_task_t *task, isc_event_t *event) {
|
|||
int
|
||||
main(int argc, char **argv) {
|
||||
isc_result_t result;
|
||||
uint32_t timeoutms;
|
||||
|
||||
style = &dns_master_style_debug;
|
||||
|
||||
input = stdin;
|
||||
|
|
@ -3424,6 +3422,10 @@ main(int argc, char **argv) {
|
|||
|
||||
setup_system();
|
||||
|
||||
/* Set the network manager timeouts in milliseconds. */
|
||||
timeoutms = timeout * 1000;
|
||||
isc_nm_settimeouts(netmgr, timeoutms, timeoutms, timeoutms, timeoutms);
|
||||
|
||||
result = isc_app_onrun(gmctx, global_task, getinput, NULL);
|
||||
check_result(result, "isc_app_onrun");
|
||||
|
||||
|
|
|
|||
|
|
@ -141,7 +141,11 @@ Options
|
|||
.. option:: -t timeout
|
||||
|
||||
This option sets the maximum time an update request can take before it is aborted. The
|
||||
default is 300 seconds. If zero, the timeout is disabled.
|
||||
default is 300 seconds. If zero, the timeout is disabled for TCP mode. For UDP mode,
|
||||
the option :option:`-u` takes precedence over this option, unless the option :option:`-u`
|
||||
is set to zero, in which case the interval is computed from the :option:`-t` timeout interval
|
||||
and the number of UDP retries. For UDP mode, the timeout can not be disabled, and will
|
||||
be rounded up to 1 second in case if both :option:`-t` and :option:`-u` are set to zero.
|
||||
|
||||
.. option:: -T
|
||||
|
||||
|
|
|
|||
|
|
@ -31,6 +31,8 @@ if (!$localport) { $localport = 5300; }
|
|||
|
||||
my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr",
|
||||
LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!";
|
||||
my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr",
|
||||
LocalPort => $localport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!";
|
||||
|
||||
print "listening on $server_addr:$localport.\n";
|
||||
|
||||
|
|
@ -49,6 +51,7 @@ for (;;) {
|
|||
|
||||
$rin = '';
|
||||
vec($rin, fileno($udpsock), 1) = 1;
|
||||
vec($rin, fileno($tcpsock), 1) = 1;
|
||||
|
||||
select($rout = $rin, undef, undef, undef);
|
||||
|
||||
|
|
@ -56,5 +59,7 @@ for (;;) {
|
|||
printf "UDP request\n";
|
||||
my $buf;
|
||||
$udpsock->recv($buf, 512);
|
||||
} elsif (vec($rout, fileno($tcpsock), 1)) {
|
||||
printf "TCP request\n";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -738,7 +738,7 @@ grep "TXT.*everywhere" dig.out.2.test$n > /dev/null || ret=1
|
|||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check 'grant' in deny name + grant subdomain ($n)"
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
key hmac-sha256:subkey 1234abcd8765
|
||||
server 10.53.0.9 ${PORT}
|
||||
zone denyname.example
|
||||
|
|
@ -752,7 +752,7 @@ grep "added" dig.out.ns9.test$n > /dev/null || ret=1
|
|||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check 'deny' in deny name + grant subdomain ($n)"
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
key hmac-sha256:subkey 1234abcd8765
|
||||
server 10.53.0.9 ${PORT}
|
||||
zone denyname.example
|
||||
|
|
@ -1033,7 +1033,7 @@ grep "bad name" nsupdate.out4-$n > /dev/null && ret=1
|
|||
n=$((n + 1))
|
||||
echo_i "check adding of delegating NS records processing ($n)"
|
||||
ret=0
|
||||
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone delegation.test.
|
||||
update add child.delegation.test. 3600 NS foo.example.net.
|
||||
|
|
@ -1048,7 +1048,7 @@ grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
|
|||
n=$((n + 1))
|
||||
echo_i "check deleting of delegating NS records processing ($n)"
|
||||
ret=0
|
||||
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone delegation.test.
|
||||
update del child.delegation.test. 3600 NS foo.example.net.
|
||||
|
|
@ -1062,13 +1062,13 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
|
|||
n=$((n + 1))
|
||||
echo_i "check that adding too many records is blocked ($n)"
|
||||
ret=0
|
||||
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone too-big.test.
|
||||
update add r1.too-big.test 3600 IN TXT r1.too-big.test
|
||||
send
|
||||
EOF
|
||||
grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: SERVFAIL" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
|
||||
grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
|
||||
|
|
@ -1076,15 +1076,97 @@ grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null ||
|
|||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check whether valid addresses are used for primary failover ($n)"
|
||||
$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
echo_i "check whether valid addresses are used for primary failover (UDP with defaults) ($n)"
|
||||
t1=$($PERL -e 'print time()')
|
||||
$NSUPDATE <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.4 ${PORT}
|
||||
zone unreachable.
|
||||
update add unreachable. 600 A 192.0.2.1
|
||||
send
|
||||
END
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1
|
||||
t2=`$PERL -e 'print time()'`
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
||||
elapsed=$((t2 - t1))
|
||||
# Check that default timeout value is respected, there should be 4 tries with 3 seconds each.
|
||||
test $elapsed -lt 12 && ret=1
|
||||
test $elapsed -gt 15 && ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout) ($n)"
|
||||
t1=$($PERL -e 'print time()')
|
||||
$NSUPDATE -u 4 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.4 ${PORT}
|
||||
zone unreachable.
|
||||
update add unreachable. 600 A 192.0.2.1
|
||||
send
|
||||
END
|
||||
t2=`$PERL -e 'print time()'`
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
||||
elapsed=$((t2 - t1))
|
||||
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
|
||||
test $elapsed -lt 8 && ret=1
|
||||
test $elapsed -gt 12 && ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check whether valid addresses are used for primary failover (UDP with -t timeout) ($n)"
|
||||
t1=$($PERL -e 'print time()')
|
||||
$NSUPDATE -u 0 -t 8 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.4 ${PORT}
|
||||
zone unreachable.
|
||||
update add unreachable. 600 A 192.0.2.1
|
||||
send
|
||||
END
|
||||
t2=`$PERL -e 'print time()'`
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
||||
elapsed=$((t2 - t1))
|
||||
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
|
||||
test $elapsed -lt 8 && ret=1
|
||||
test $elapsed -gt 12 && ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout -t timeout) ($n)"
|
||||
t1=$($PERL -e 'print time()')
|
||||
$NSUPDATE -u 4 -t 30 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.4 ${PORT}
|
||||
zone unreachable.
|
||||
update add unreachable. 600 A 192.0.2.1
|
||||
send
|
||||
END
|
||||
t2=`$PERL -e 'print time()'`
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
||||
elapsed=$((t2 - t1))
|
||||
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each, as -u takes precedence over -t.
|
||||
test $elapsed -lt 8 && ret=1
|
||||
test $elapsed -gt 12 && ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check whether valid addresses are used for primary failover (TCP with -t timeout) ($n)"
|
||||
t1=$($PERL -e 'print time()')
|
||||
$NSUPDATE -t 8 -v <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.4 ${PORT}
|
||||
zone unreachable.
|
||||
update add unreachable. 600 A 192.0.2.1
|
||||
send
|
||||
END
|
||||
t2=`$PERL -e 'print time()'`
|
||||
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
||||
elapsed=$((t2 - t1))
|
||||
# Check that given timeout value is respected, there should be 1 try with 8 seconds.
|
||||
test $elapsed -lt 8 && ret=1
|
||||
test $elapsed -gt 12 && ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
|
|
@ -1148,39 +1230,39 @@ grep "syntax error" nsupdate.out > /dev/null && ret=1
|
|||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check nsupdate -4 -6 ($n)"
|
||||
$NSUPDATE -4 -6 <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -4 -6 <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone delegation.test.
|
||||
update del child.delegation.test. 3600 NS foo.example.net.
|
||||
update del child.delegation.test. 3600 NS bar.example.net.
|
||||
send
|
||||
END
|
||||
grep "only one of -4 and -6 allowed" nsupdate.out-$n > /dev/null 2>&1 || ret=1
|
||||
grep "only one of -4 and -6 allowed" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check nsupdate -4 with an IPv6 server address ($n)"
|
||||
$NSUPDATE -4 <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -4 <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server fd92:7065:b8e:ffff::2 ${PORT}
|
||||
zone delegation.test.
|
||||
update del child.delegation.test. 3600 NS foo.example.net.
|
||||
update del child.delegation.test. 3600 NS bar.example.net.
|
||||
send
|
||||
END
|
||||
grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1
|
||||
grep "address family not supported" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that TKEY in a update is rejected ($n)"
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
|
||||
send
|
||||
END
|
||||
grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
|
||||
grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
|
||||
grep "UPDATE, status: NOERROR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
grep "UPDATE, status: FORMERR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
|
|
@ -1250,7 +1332,7 @@ grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
|
|||
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run > /dev/null
|
||||
# specify zone to override the default of adding to parent zone
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone example
|
||||
update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
|
||||
|
|
@ -1269,7 +1351,7 @@ echo_i "check that CDS with mismatched algorithm to DNSSEC multisigner zone is n
|
|||
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone multisigner.test
|
||||
update add multisigner.test 3600 IN CDS 14364 14 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
|
||||
|
|
@ -1289,7 +1371,7 @@ $DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test
|
|||
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
|
||||
nextpart ns3/named.run > /dev/null
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone multisigner.test
|
||||
update add multisigner.test 3600 IN CDNSKEY 257 3 14 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
|
||||
|
|
@ -1308,7 +1390,7 @@ echo_i "check that CDS to DNSSEC multisigner zone is allowed ($n)"
|
|||
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone multisigner.test
|
||||
update add multisigner.test 3600 IN CDS 14364 13 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
|
||||
|
|
@ -1323,7 +1405,7 @@ echo_i "check that CDNSKEY to DNSSEC multisigner zone is allowed ($n)"
|
|||
$DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone multisigner.test
|
||||
update add multisigner.test 3600 IN CDNSKEY 257 3 13 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
|
||||
|
|
@ -1335,12 +1417,12 @@ retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1
|
|||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"
|
||||
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
|
||||
server 10.53.0.3 ${PORT}
|
||||
zone example
|
||||
update add example 0 in NSEC3PARAM 1 0 151 -
|
||||
END
|
||||
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
|
||||
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
|
|
@ -1351,13 +1433,13 @@ echo_i "check nsupdate retries with another server on REFUSED response ($n)"
|
|||
# that's what we're testing for. (failure is still expected, however,
|
||||
# because the address lookup for the primary doesn't use the overridden
|
||||
# resolv.conf file).
|
||||
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
zone example
|
||||
update add a 3600 IN A 1.2.3.4
|
||||
send
|
||||
EOF
|
||||
grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1
|
||||
grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1
|
||||
grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1
|
||||
grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
n=$((n + 1))
|
||||
|
|
@ -1396,7 +1478,7 @@ else
|
|||
echo_i "check krb5-self match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1414,7 +1496,7 @@ EOF
|
|||
echo_i "check krb5-self no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1422,7 +1504,7 @@ EOF
|
|||
update add foo.example.com 3600 IN A 10.53.0.7
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1432,7 +1514,7 @@ EOF
|
|||
echo_i "check krb5-subdomain match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1450,7 +1532,7 @@ EOF
|
|||
echo_i "check krb5-subdomain no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1458,7 +1540,7 @@ EOF
|
|||
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1468,7 +1550,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs match PTR ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1486,7 +1568,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs no-match PTR ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1494,7 +1576,7 @@ EOF
|
|||
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 5.3.2.1.in-addr.arpa PTR > dig.out.ns7.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1504,7 +1586,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs match SRV ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1522,7 +1604,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs no listed types match (SRV & TXT) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1542,7 +1624,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs no-match RDATA (SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1550,7 +1632,7 @@ EOF
|
|||
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com SRV > dig.out.ns7.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1560,7 +1642,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs no-match TYPE (TXT) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1568,7 +1650,7 @@ EOF
|
|||
update add _yyy.self-srv.example.com 3600 IN TXT a-txt-record
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com TXT > dig.out.ns7.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1581,7 +1663,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1598,7 +1680,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1606,7 +1688,7 @@ EOF
|
|||
update delete many.ptr.self-ptr.in-addr.arpa PTR
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
|
||||
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
|
||||
|
|
@ -1620,7 +1702,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1637,7 +1719,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1645,7 +1727,7 @@ EOF
|
|||
update delete many.any.self-ptr.in-addr.arpa
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
|
||||
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
|
||||
|
|
@ -1659,7 +1741,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1676,7 +1758,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1684,7 +1766,7 @@ EOF
|
|||
update delete many.srv.self-srv.example.com SRV
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 many.srv.self-srv.example.com SRV > dig.out.ns7.test$n
|
||||
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
|
||||
|
|
@ -1698,7 +1780,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1715,7 +1797,7 @@ EOF
|
|||
echo_i "check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.7 ${PORT}
|
||||
|
|
@ -1723,7 +1805,7 @@ EOF
|
|||
update delete many.any.self-srv.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-srv.example.com SRV > dig.out.ns7.test$n
|
||||
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
|
||||
|
|
@ -1734,7 +1816,7 @@ EOF
|
|||
echo_i "check krb5-selfsub match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.8 ${PORT}
|
||||
|
|
@ -1752,7 +1834,7 @@ EOF
|
|||
echo_i "check krb5-selfsub no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.8 ${PORT}
|
||||
|
|
@ -1760,7 +1842,7 @@ EOF
|
|||
update add foo.example.com 3600 IN A 10.53.0.8
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1770,7 +1852,7 @@ EOF
|
|||
echo_i "check ms-self match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.9 ${PORT}
|
||||
|
|
@ -1788,7 +1870,7 @@ EOF
|
|||
echo_i "check ms-self no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.9 ${PORT}
|
||||
|
|
@ -1796,7 +1878,7 @@ EOF
|
|||
update add foo.example.com 3600 IN A 10.53.0.9
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1806,7 +1888,7 @@ EOF
|
|||
echo_i "check ms-subdomain match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.9 ${PORT}
|
||||
|
|
@ -1824,7 +1906,7 @@ EOF
|
|||
echo_i "check ms-subdomain no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.9 ${PORT}
|
||||
|
|
@ -1832,7 +1914,7 @@ EOF
|
|||
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1842,7 +1924,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs match (PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1860,7 +1942,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs no-match (PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1868,7 +1950,7 @@ EOF
|
|||
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 5.3.2.1.in-addr.arpa PTR > dig.out.ns10.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1878,7 +1960,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs match (SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1896,7 +1978,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs no-match (SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1904,7 +1986,7 @@ EOF
|
|||
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 _yyy.self-srv.example.com SRV > dig.out.ns10.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
@ -1917,7 +1999,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1934,7 +2016,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1942,7 +2024,7 @@ EOF
|
|||
update delete many.srv.self-srv.example.com SRV
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 many.srv.self-srv.example.com SRV > dig.out.ns10.test$n
|
||||
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
|
||||
|
|
@ -1956,7 +2038,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1973,7 +2055,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -1981,7 +2063,7 @@ EOF
|
|||
update delete many.ptr.self-ptr.in-addr.arpa PTR
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
|
||||
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
|
||||
|
|
@ -1995,7 +2077,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2012,7 +2094,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2020,7 +2102,7 @@ EOF
|
|||
update delete many.any.self-ptr.in-addr.arpa
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
|
||||
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
|
||||
|
|
@ -2034,7 +2116,7 @@ EOF
|
|||
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2051,7 +2133,7 @@ EOF
|
|||
echo_i "check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2059,7 +2141,7 @@ EOF
|
|||
update delete many.any.self-srv.example.com
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-srv.example.com SRV > dig.out.ns10.test$n
|
||||
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
|
||||
|
|
@ -2070,7 +2152,7 @@ EOF
|
|||
echo_i "check ms-selfsub match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
|
||||
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2088,7 +2170,7 @@ EOF
|
|||
echo_i "check ms-selfsub no-match ($n)"
|
||||
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
||||
export KRB5CCNAME
|
||||
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
|
||||
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
|
||||
gsstsig
|
||||
realm EXAMPLE.COM
|
||||
server 10.53.0.10 ${PORT}
|
||||
|
|
@ -2096,7 +2178,7 @@ EOF
|
|||
update add foo.example.com 3600 IN A 10.53.0.10
|
||||
send
|
||||
EOF
|
||||
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n
|
||||
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
|
|
|||
|
|
@ -488,6 +488,8 @@ dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf,
|
|||
REQUIRE(action != NULL);
|
||||
REQUIRE(requestp != NULL && *requestp == NULL);
|
||||
REQUIRE(timeout > 0);
|
||||
REQUIRE(udpretries != UINT_MAX);
|
||||
|
||||
if (srcaddr != NULL) {
|
||||
REQUIRE(isc_sockaddr_pf(srcaddr) == isc_sockaddr_pf(destaddr));
|
||||
}
|
||||
|
|
@ -510,7 +512,7 @@ dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf,
|
|||
return (result);
|
||||
}
|
||||
|
||||
request->udpcount = udpretries;
|
||||
request->udpcount = udpretries + 1;
|
||||
|
||||
request->event = (dns_requestevent_t *)isc_event_allocate(
|
||||
mctx, task, DNS_EVENT_REQUESTDONE, action, arg,
|
||||
|
|
@ -531,7 +533,7 @@ dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf,
|
|||
request->timeout = timeout * 1000;
|
||||
} else {
|
||||
if (udptimeout == 0) {
|
||||
udptimeout = timeout / (udpretries + 1);
|
||||
udptimeout = timeout / request->udpcount;
|
||||
}
|
||||
if (udptimeout == 0) {
|
||||
udptimeout = 1;
|
||||
|
|
@ -642,6 +644,7 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
|
|||
REQUIRE(action != NULL);
|
||||
REQUIRE(requestp != NULL && *requestp == NULL);
|
||||
REQUIRE(timeout > 0);
|
||||
REQUIRE(udpretries != UINT_MAX);
|
||||
|
||||
mctx = requestmgr->mctx;
|
||||
|
||||
|
|
@ -667,7 +670,7 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
|
|||
return (result);
|
||||
}
|
||||
|
||||
request->udpcount = udpretries;
|
||||
request->udpcount = udpretries + 1;
|
||||
|
||||
request->event = (dns_requestevent_t *)isc_event_allocate(
|
||||
mctx, task, DNS_EVENT_REQUESTDONE, action, arg,
|
||||
|
|
@ -690,8 +693,8 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
|
|||
tcp = true;
|
||||
request->timeout = timeout * 1000;
|
||||
} else {
|
||||
if (udptimeout == 0 && udpretries != 0) {
|
||||
udptimeout = timeout / (udpretries + 1);
|
||||
if (udptimeout == 0) {
|
||||
udptimeout = timeout / request->udpcount;
|
||||
}
|
||||
if (udptimeout == 0) {
|
||||
udptimeout = 1;
|
||||
|
|
@ -1054,9 +1057,13 @@ req_response(isc_result_t result, isc_region_t *region, void *arg) {
|
|||
req_log(ISC_LOG_DEBUG(3), "req_response: request %p: %s", request,
|
||||
isc_result_totext(result));
|
||||
|
||||
REQUIRE(VALID_REQUEST(request));
|
||||
|
||||
if (result == ISC_R_TIMEDOUT) {
|
||||
LOCK(&request->requestmgr->locks[request->hash]);
|
||||
if (request->udpcount != 0) {
|
||||
if (request->udpcount > 1 &&
|
||||
(request->flags & DNS_REQUEST_F_TCP) == 0)
|
||||
{
|
||||
request->udpcount -= 1;
|
||||
dns_dispatch_resume(request->dispentry,
|
||||
request->timeout);
|
||||
|
|
@ -1071,8 +1078,6 @@ req_response(isc_result_t result, isc_region_t *region, void *arg) {
|
|||
goto done;
|
||||
}
|
||||
|
||||
REQUIRE(VALID_REQUEST(request));
|
||||
|
||||
LOCK(&request->requestmgr->locks[request->hash]);
|
||||
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue