mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Merge branch '312-fix-rpz-system-test' into 'master'

Browse Source 
Fix rpz system test

Closes #312

See merge request isc-projects/bind9!340
This commit is contained in:
Michał Kępień 2018-06-26 06:52:03 -04:00
commit ddc9a8be97
8 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
4978. [test] Fix error handling and resolver configuration in the
"rpz" system test. [GL #312]
4977. [func] When starting up, log the same details that 4977. [func] When starting up, log the same details that
would be reported by 'named -V'. [GL #247] would be reported by 'named -V'. [GL #247]

2
bin/tests/system/rpz/ns2/named.conf.in
View File

@ -20,6 +20,8 @@ options {
listen-on-v6 { none; }; listen-on-v6 { none; };
notify no; notify no;
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
}; };
key rndc_key { key rndc_key {

2
bin/tests/system/rpz/ns3/named.conf.in
View File

@ -26,6 +26,8 @@ options {
listen-on-v6 { none; }; listen-on-v6 { none; };
notify yes; notify yes;
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
response-policy { response-policy {
zone "bl" max-policy-ttl 100; zone "bl" max-policy-ttl 100;

2
bin/tests/system/rpz/ns4/named.conf.in
View File

@ -20,6 +20,8 @@ options {
listen-on-v6 { none; }; listen-on-v6 { none; };
notify no; notify no;
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
}; };
include "../trusted.conf"; include "../trusted.conf";

2
bin/tests/system/rpz/ns5/named.conf.in
View File

@ -28,6 +28,8 @@ options {
notify-delay 0; notify-delay 0;
notify yes; notify yes;
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
# turn rpz on or off # turn rpz on or off
include "rpz-switch"; include "rpz-switch";

2
bin/tests/system/rpz/ns6/named.conf.in
View File

@ -22,6 +22,8 @@ options {
forward only; forward only;
forwarders { 10.53.0.3; }; forwarders { 10.53.0.3; };
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
response-policy { response-policy {
zone "policy1" min-update-interval 0; zone "policy1" min-update-interval 0;

2
bin/tests/system/rpz/ns7/named.conf.in
View File

@ -20,6 +20,8 @@ options {
listen-on { 10.53.0.7; }; listen-on { 10.53.0.7; };
listen-on-v6 { none; }; listen-on-v6 { none; };
minimal-responses no; minimal-responses no;
recursion yes;
dnssec-validation yes;
response-policy { response-policy {
zone "policy2"; zone "policy2";

14
bin/tests/system/rpz/tests.sh
View File

@ -578,11 +578,11 @@ EOF
addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME
addr 127.0.0.2 a3-1.subsub.sub3.tld2 addr 127.0.0.2 a3-1.subsub.sub3.tld2
nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash
if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then if [ "$mode" = dnsrps ]; then
addr 12.12.12.12 as-ns.tld5. # 13 qname-as-ns addr 12.12.12.12 as-ns.tld5. # 13 qname-as-ns
fi fi
end_group end_group
if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then if [ "$mode" = dnsrps ]; then
ckstats $ns3 test3 ns3 8 ckstats $ns3 test3 ns3 8
else else
ckstats $ns3 test3 ns3 7 ckstats $ns3 test3 ns3 7
@ -594,7 +594,7 @@ EOF
nochange a3-2.tld2. # 2 exempt rewrite by name nochange a3-2.tld2. # 2 exempt rewrite by name
nochange a0-1.tld2. # 3 exempt rewrite by address block nochange a0-1.tld2. # 3 exempt rewrite by address block
nochange a3-1.tld4 # 4 different NS IP address nochange a3-1.tld4 # 4 different NS IP address
if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then if [ "$mode" = dnsrps ]; then
addr 12.12.12.12 as-ns.tld5. # 5 ip-as-ns addr 12.12.12.12 as-ns.tld5. # 5 ip-as-ns
fi fi
end_group end_group
@ -607,7 +607,7 @@ EOF
a3-1.tld2. x IN TXT "NSIP walled garden" a3-1.tld2. x IN TXT "NSIP walled garden"
EOF EOF
end_group end_group
if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then if [ "$mode" = dnsrps ]; then
ckstats $ns3 test4 ns3 5 ckstats $ns3 test4 ns3 5
else else
ckstats $ns3 test4 ns3 4 ckstats $ns3 test4 ns3 4
@ -712,7 +712,7 @@ EOF
echo_i "performance not checked; queryperf not available" echo_i "performance not checked; queryperf not available"
fi fi
if [ "$DNSRPS_TEST_MODE" = dnsrps ]; then if [ "$mode" = dnsrps ]; then
echo_i "checking that dnsrpzd is automatically restarted" echo_i "checking that dnsrpzd is automatically restarted"
OLD_PID=`cat dnsrpzd.pid` OLD_PID=`cat dnsrpzd.pid`
$KILL "$OLD_PID" $KILL "$OLD_PID"
@ -784,7 +784,7 @@ EOF
# dnsrps does not allow NS RRs in policy zones, so this check # dnsrps does not allow NS RRs in policy zones, so this check
# with dnsrps results in no rewriting. # with dnsrps results in no rewriting.
if [ "$DNSRPS_TEST_MODE" = native ]; then if [ "$mode" = native ]; then
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking rpz with delegation fails correctly (${t})" echo_i "checking rpz with delegation fails correctly (${t})"
$DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t $DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t
@ -792,7 +792,7 @@ EOF
fi fi
[ $status -ne 0 ] && pf=fail || pf=pass [ $status -ne 0 ] && pf=fail || pf=pass
case $DNSRPS_TEST_MODE in case $mode in
native) native)
native=$status native=$status
echo_i "status (native RPZ sub-test): $status ($pf)";; echo_i "status (native RPZ sub-test): $status ($pf)";;