diff --git a/bin/tests/system/rpz/clean.sh b/bin/tests/system/rpz/clean.sh index cf38807b6a..e0bdf5a74c 100644 --- a/bin/tests/system/rpz/clean.sh +++ b/bin/tests/system/rpz/clean.sh @@ -30,6 +30,7 @@ fi rm -f ns*/*.key ns*/*.private rm -f ns2/tld2s.db ns2/bl.tld2.db rm -f ns3/bl*.db ns*/empty.db +rm -f ns3/manual-update-rpz.db rm -f ns5/example.db ns5/bl.db rm -f */policy2.db rm -f */*.jnl diff --git a/bin/tests/system/rpz/ns3/broken.db.in b/bin/tests/system/rpz/ns3/broken.db.in new file mode 100644 index 0000000000..671ed38a7f --- /dev/null +++ b/bin/tests/system/rpz/ns3/broken.db.in @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +; RPZ test +; This basic file is copied to several zone files before being used. +; Its contents are also changed with nsupdate + + +; broken zone +foobar diff --git a/bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in b/bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in new file mode 100644 index 0000000000..5c82651802 --- /dev/null +++ b/bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +; RPZ test +; This basic file is copied to several zone files before being used. +; Its contents are also changed with nsupdate + + +$TTL 300 +@ SOA bl-reload. hostmaster.ns.bl-reload. ( 2 3600 1200 604800 60 ) + NS ns.tld3. + +walled.tld2.bl-reload. 300 A 10.0.0.2 + diff --git a/bin/tests/system/rpz/ns3/manual-update-rpz.db.in b/bin/tests/system/rpz/ns3/manual-update-rpz.db.in new file mode 100644 index 0000000000..81fa1f0754 --- /dev/null +++ b/bin/tests/system/rpz/ns3/manual-update-rpz.db.in @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +; RPZ test +; This basic file is copied to several zone files before being used. +; Its contents are also changed with nsupdate + + +$TTL 300 +@ SOA manual-update-rpz. hostmaster.ns.manual-rpz-update. ( 1 3600 1200 604800 60 ) + NS ns.tld3. + +walled.tld2.manual-update-rpz. 300 A 10.0.0.1 + diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in index 851a055bc9..bd1a7103c3 100644 --- a/bin/tests/system/rpz/ns3/named.conf.in +++ b/bin/tests/system/rpz/ns3/named.conf.in @@ -44,6 +44,7 @@ options { zone "bl-drop" policy drop; zone "bl-tcp-only" policy tcp-only; zone "bl.tld2"; + zone "manual-update-rpz"; } min-ns-dots 0 qname-wait-recurse yes @@ -102,3 +103,9 @@ zone "bl.tld2." {type slave; file "bl.tld2.db"; masters {10.53.0.2;}; zone "crash1.tld2" {type master; file "crash1"; notify no;}; zone "crash2.tld3." {type master; file "crash2"; notify no;}; + +zone "manual-update-rpz." { + type master; + file "manual-update-rpz.db"; + notify no; +}; diff --git a/bin/tests/system/rpz/setup.sh b/bin/tests/system/rpz/setup.sh index c9313699c0..0a6665c1fd 100644 --- a/bin/tests/system/rpz/setup.sh +++ b/bin/tests/system/rpz/setup.sh @@ -68,6 +68,8 @@ test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS= for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db done +# bl zones are dynamically updated. Add one zone that is updated manually. +cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db # $1=directory # $2=domain name @@ -83,7 +85,6 @@ signzone () { } signzone ns2 tld2s. base-tld2s.db tld2s.db - # Performance and a few other checks. cat <ns5/rpz-switch response-policy { diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 5671cde796..b6ba574360 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -190,6 +190,9 @@ load_db () { fi } +# restart name server +# $1 ns number +# $2 rebuild bl rpz zones if "rebuild-bl-rpz" restart () { # try to ensure that the server really has stopped # and won't mess with ns$1/name.pid @@ -205,10 +208,12 @@ restart () { fi fi rm -f ns$1/*.jnl - if test -f ns$1/base.db; then - for NM in ns$1/bl*.db; do - cp -f ns$1/base.db $NM - done + if [ "$2" == "rebuild-bl-rpz" ]; then + if test -f ns$1/base.db; then + for NM in ns$1/bl*.db; do + cp -f ns$1/base.db $NM + done + fi fi $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1 load_db @@ -227,7 +232,7 @@ ckalive () { HAVE_CORE=yes setret "$2" # restart the server to avoid stalling waiting for it to stop - restart $CKALIVE_NS + restart $CKALIVE_NS "rebuild-bl-rpz" return 1 } @@ -681,7 +686,6 @@ EOF end_group ckstats $ns3 bugs ns3 8 - # superficial test for major performance bugs QPERF=`sh qperf.sh` if test -n "$QPERF"; then @@ -757,7 +761,7 @@ EOF # restart the main test RPZ server to see if that creates a core file if test -z "$HAVE_CORE"; then $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3 - restart 3 + restart 3 "rebuild-bl-rpz" HAVE_CORE=`find ns* -name '*core*' -print` test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?" fi @@ -772,6 +776,28 @@ EOF fi done + # restart the main test RPZ server with a bad zone. + t=`expr $t + 1` + echo_i "checking that ns3 with broken rpz does not crash (${t})" + $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3 + cp ns3/broken.db.in ns3/bl.db + restart 3 # do not rebuild rpz zones + nocrash a3-1.tld2 -tA + $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3 + restart 3 "rebuild-bl-rpz" + + # reload a RPZ zone that is now deliberately broken. + t=`expr $t + 1` + echo_i "checking rpz failed update will keep previous rpz rules (${t})" + $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before + grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed" + cp ns3/broken.db.in ns3/manual-update-rpz.db + rndc_reload ns3 $ns3 manual-update-rpz + sleep 1 + # ensure previous RPZ rules still apply. + $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after + grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed" + t=`expr $t + 1` echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})" $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t