mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 14:35:26 +00:00
- print the number of each test
- add a missing simple negative response test - check the status of the ad bit on responses - test queries with the cd bit set - remove duplicated arguments to dig
This commit is contained in:
Brian Wellington
@@ -15,7 +15,7 @@
|
||||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
||||
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: tests.sh,v 1.23 2000/07/27 09:39:21 tale Exp $
|
||||
# $Id: tests.sh,v 1.24 2000/07/27 23:22:35 bwelling Exp $
|
||||
|
||||
#
|
||||
# Perform tests
|
||||
@@ -32,7 +32,8 @@ rm -f dig.out.*
|
||||
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocmd -p 5300"
|
||||
|
||||
# Check the example. domain
|
||||
echo "I:checking that zone transfer worked"
|
||||
|
||||
echo "I:checking that zone transfer worked ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
|
||||
@@ -41,53 +42,66 @@ n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking positive validation"
|
||||
echo "I:checking positive validation ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking negative validation ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check the insecure.example domain
|
||||
|
||||
echo "I:checking 1-server insecurity proof"
|
||||
echo "I:checking 1-server insecurity proof ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
|
||||
$DIG $DIGOPTS a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check the secure.example domain
|
||||
|
||||
echo "I:checking multi-stage positive validation"
|
||||
echo "I:checking multi-stage positive validation ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check the bogus domain
|
||||
|
||||
echo "I:checking negative validation"
|
||||
echo "I:checking failed validation ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.bogus.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
|
||||
grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
grep "SERVFAIL" dig.out.ns4.test$n > /dev/null > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Try validating a key with a bad trusted key.
|
||||
# Try validating with a bad trusted key.
|
||||
# This should fail.
|
||||
|
||||
echo "I:checking that validation fails with a misconfigured trusted key"
|
||||
echo "I:checking that validation fails with a misconfigured trusted key ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS example. key @10.53.0.5 -p 5300 > dig.out.ns5.test$n || ret=1
|
||||
$DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
@@ -95,33 +109,35 @@ status=`expr $status + $ret`
|
||||
|
||||
# Check the insecure.secure.example domain (insecurity proof)
|
||||
|
||||
echo "I:checking 2-server insecurity proof"
|
||||
echo "I:checking 2-server insecurity proof ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
|
||||
|| ret=1
|
||||
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
|
||||
|| ret=1
|
||||
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.2 a \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.4 a \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check a negative response in insecure.secure.example
|
||||
|
||||
echo "I:checking 2-server insecurity proof with a negative answer"
|
||||
echo "I:checking 2-server insecurity proof with a negative answer ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
|
||||
|| ret=1
|
||||
$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
|
||||
|| ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check that the query for a security root is successful and has ad set
|
||||
|
||||
echo "I:checking security root query"
|
||||
echo "I:checking security root query ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1
|
||||
grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
@@ -130,5 +146,75 @@ n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Check that the setting the cd bit works
|
||||
|
||||
echo "I:checking cd bit on a positive answer ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth example. soa @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth +cdflag example. soa @10.53.0.5 \
|
||||
> dig.out.ns5.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking cd bit on a negative answer ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS q.example. soa @10.53.0.4 > dig.out.ns4.test$n || ret=1
|
||||
$DIG $DIGOPTS +cdflag q.example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking cd bit on a query that should fail ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.bogus.example. soa @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$DIG $DIGOPTS +cdflag a.bogus.example. soa @10.53.0.5 \
|
||||
> dig.out.ns5.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking cd bit on an insecurity proof ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth a.insecure.example. soa @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$DIG $DIGOPTS +noauth +cdflag a.insecure.example. soa @10.53.0.5 \
|
||||
> dig.out.ns5.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking cd bit on a negative insecurity proof ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS q.insecure.example. soa @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
$DIG $DIGOPTS +cdflag q.insecure.example. soa @10.53.0.5 \
|
||||
> dig.out.ns5.test$n || ret=1
|
||||
$PERL ../digcomp.pl dig.out.ns4.test$n dig.out.ns5.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
|
||||
Reference in New Issue
Block a user