mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 23:15:18 +00:00
Code Issues Releases Wiki Activity

Add test for rpz zone load fail

Browse Source
This commit is contained in:
Matthijs Mekking
2019-02-08 17:13:52 +01:00
committed by Matthijs Mekking
parent 6756280242
commit ce5476acf0
7 changed files with 99 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/rpz/clean.sh
View File

@@ -30,6 +30,7 @@ fi
rm -f ns*/*.key ns*/*.private rm -f ns*/*.key ns*/*.private
rm -f ns2/tld2s.db ns2/bl.tld2.db rm -f ns2/tld2s.db ns2/bl.tld2.db
rm -f ns3/bl*.db ns*/empty.db rm -f ns3/bl*.db ns*/empty.db
rm -f ns3/manual-update-rpz.db
rm -f ns5/example.db ns5/bl.db rm -f ns5/example.db ns5/bl.db
rm -f */policy2.db rm -f */policy2.db
rm -f */*.jnl rm -f */*.jnl

16
bin/tests/system/rpz/ns3/broken.db.in Normal file
View File

@@ -0,0 +1,16 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
; RPZ test
; This basic file is copied to several zone files before being used.
; Its contents are also changed with nsupdate
; broken zone
foobar

20
bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in Normal file
View File

@@ -0,0 +1,20 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
; RPZ test
; This basic file is copied to several zone files before being used.
; Its contents are also changed with nsupdate
$TTL 300
@ SOA bl-reload. hostmaster.ns.bl-reload. ( 2 3600 1200 604800 60 )
NS ns.tld3.
walled.tld2.bl-reload. 300 A 10.0.0.2

20
bin/tests/system/rpz/ns3/manual-update-rpz.db.in Normal file
View File

@@ -0,0 +1,20 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
; RPZ test
; This basic file is copied to several zone files before being used.
; Its contents are also changed with nsupdate
$TTL 300
@ SOA manual-update-rpz. hostmaster.ns.manual-rpz-update. ( 1 3600 1200 604800 60 )
NS ns.tld3.
walled.tld2.manual-update-rpz. 300 A 10.0.0.1

7
bin/tests/system/rpz/ns3/named.conf.in
View File

@@ -44,6 +44,7 @@ options {
zone "bl-drop" policy drop; zone "bl-drop" policy drop;
zone "bl-tcp-only" policy tcp-only; zone "bl-tcp-only" policy tcp-only;
zone "bl.tld2"; zone "bl.tld2";
zone "manual-update-rpz";
} }
min-ns-dots 0 min-ns-dots 0
qname-wait-recurse yes qname-wait-recurse yes
@@ -102,3 +103,9 @@ zone "bl.tld2." {type slave; file "bl.tld2.db"; masters {10.53.0.2;};
zone "crash1.tld2" {type master; file "crash1"; notify no;}; zone "crash1.tld2" {type master; file "crash1"; notify no;};
zone "crash2.tld3." {type master; file "crash2"; notify no;}; zone "crash2.tld3." {type master; file "crash2"; notify no;};
zone "manual-update-rpz." {
type master;
file "manual-update-rpz.db";
notify no;
};

3
bin/tests/system/rpz/setup.sh
View File

@@ -68,6 +68,8 @@ test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=
for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do
sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
done done
# bl zones are dynamically updated. Add one zone that is updated manually.
cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db
# $1=directory # $1=directory
# $2=domain name # $2=domain name
@@ -83,7 +85,6 @@ signzone () {
} }
signzone ns2 tld2s. base-tld2s.db tld2s.db signzone ns2 tld2s. base-tld2s.db tld2s.db
# Performance and a few other checks. # Performance and a few other checks.
cat <<EOF >ns5/rpz-switch cat <<EOF >ns5/rpz-switch
response-policy { response-policy {

32
bin/tests/system/rpz/tests.sh
View File

@@ -190,6 +190,9 @@ load_db () {
fi fi
} }
# restart name server
# $1 ns number
# $2 rebuild bl rpz zones if "rebuild-bl-rpz"
restart () { restart () {
# try to ensure that the server really has stopped # try to ensure that the server really has stopped
# and won't mess with ns$1/name.pid # and won't mess with ns$1/name.pid
@@ -205,11 +208,13 @@ restart () {
fi fi
fi fi
rm -f ns$1/*.jnl rm -f ns$1/*.jnl
if [ "$2" == "rebuild-bl-rpz" ]; then
if test -f ns$1/base.db; then if test -f ns$1/base.db; then
for NM in ns$1/bl*.db; do for NM in ns$1/bl*.db; do
cp -f ns$1/base.db $NM cp -f ns$1/base.db $NM
done done
fi fi
fi
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1
load_db load_db
dnsrps_loaded dnsrps_loaded
@@ -227,7 +232,7 @@ ckalive () {
HAVE_CORE=yes HAVE_CORE=yes
setret "$2" setret "$2"
# restart the server to avoid stalling waiting for it to stop # restart the server to avoid stalling waiting for it to stop
restart $CKALIVE_NS restart $CKALIVE_NS "rebuild-bl-rpz"
return 1 return 1
} }
@@ -681,7 +686,6 @@ EOF
end_group end_group
ckstats $ns3 bugs ns3 8 ckstats $ns3 bugs ns3 8
# superficial test for major performance bugs # superficial test for major performance bugs
QPERF=`sh qperf.sh` QPERF=`sh qperf.sh`
if test -n "$QPERF"; then if test -n "$QPERF"; then
@@ -757,7 +761,7 @@ EOF
# restart the main test RPZ server to see if that creates a core file # restart the main test RPZ server to see if that creates a core file
if test -z "$HAVE_CORE"; then if test -z "$HAVE_CORE"; then
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3 $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
restart 3 restart 3 "rebuild-bl-rpz"
HAVE_CORE=`find ns* -name '*core*' -print` HAVE_CORE=`find ns* -name '*core*' -print`
test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?" test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
fi fi
@@ -772,6 +776,28 @@ EOF
fi fi
done done
# restart the main test RPZ server with a bad zone.
t=`expr $t + 1`
echo_i "checking that ns3 with broken rpz does not crash (${t})"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
cp ns3/broken.db.in ns3/bl.db
restart 3 # do not rebuild rpz zones
nocrash a3-1.tld2 -tA
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
restart 3 "rebuild-bl-rpz"
# reload a RPZ zone that is now deliberately broken.
t=`expr $t + 1`
echo_i "checking rpz failed update will keep previous rpz rules (${t})"
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
cp ns3/broken.db.in ns3/manual-update-rpz.db
rndc_reload ns3 $ns3 manual-update-rpz
sleep 1
# ensure previous RPZ rules still apply.
$DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})" echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
$DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t