mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 07:35:26 +00:00
Code Issues Releases Wiki Activity

Merge branch '628-refactor-sfcache-test' into 'master'

Browse Source 
Refactor sfcache system test

See merge request isc-projects/bind9!1184
This commit is contained in:
Ondřej Surý
2018-12-11 03:43:14 -05:00
parent 211d83b0cd e1bf5624fb
commit e71bbde57d
8 changed files with 81 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
bin/tests/system/sfcache/clean.sh
View File

@@ -9,13 +9,15 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
rm -f */K*.key */K*.private */*.signed */*.db */dsset-* set -e
rm -f */managed.conf */trusted.conf
rm -f */named.memstats rm -f ./*/K*.key ./*/K*.private ./*/*.signed ./*/*.db ./*/dsset-*
rm -f */named.conf rm -f ./*/managed.conf ./*/trusted.conf
rm -f */named.run */named.run.prev rm -f ./*/named.memstats
rm -f dig.* rm -f ./*/named.conf
rm -f sfcache.* rm -f ./*/named.run ./*/named.run.prev
rm -f ns*/named.lock rm -f ./dig.*
rm -f ns5/named.run.part* rm -f ./sfcache.*
rm -f ns*/managed-keys.bind* rm -f ./ns*/named.lock
rm -f ./ns5/named.run.part*
rm -f ./ns*/managed-keys.bind*

16
bin/tests/system/sfcache/ns1/sign.sh
View File

@@ -9,8 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
SYSTEMTESTTOP=../.. # shellcheck source=conf.sh
. $SYSTEMTESTTOP/conf.sh . "$SYSTEMTESTTOP/conf.sh"
set -e
zone=. zone=.
infile=root.db.in infile=root.db.in
@@ -18,17 +20,17 @@ zonefile=root.db
(cd ../ns2 && $SHELL sign.sh ) (cd ../ns2 && $SHELL sign.sh )
cp ../ns2/dsset-example$TP . cp "../ns2/dsset-example$TP" .
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone` keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone)
cat $infile $keyname.key > $zonefile cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null $SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key. # Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf keyfile_to_trusted_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns2/trusted.conf
# ...or with a managed key. # ...or with a managed key.
keyfile_to_managed_keys $keyname > managed.conf keyfile_to_managed_keys "$keyname" > managed.conf

14
bin/tests/system/sfcache/ns2/sign.sh
View File

@@ -9,16 +9,18 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
SYSTEMTESTTOP=../.. # shellcheck source=conf.sh
. $SYSTEMTESTTOP/conf.sh . "$SYSTEMTESTTOP/conf.sh"
set -e
zone=example. zone=example.
infile=example.db.in infile=example.db.in
zonefile=example.db zonefile=example.db
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null "$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null

18
bin/tests/system/sfcache/prereq.sh → bin/tests/system/sfcache/ns5/sign.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh #!/bin/sh -e
# #
# Copyright (C) Internet Systems Consortium, Inc. ("ISC") # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
# #
@@ -9,13 +9,11 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
SYSTEMTESTTOP=.. # shellcheck source=conf.sh
. $SYSTEMTESTTOP/conf.sh . "$SYSTEMTESTTOP/conf.sh"
if $KEYGEN -q -a RSAMD5 -b 1024 -n zone foo > /dev/null 2>&1 set -e
then
rm -f Kfoo* keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
else
echo "I:This test requires that --with-openssl was used." >&2 keyfile_to_trusted_keys "$keyname" > trusted.conf
exit 255
fi

14
bin/tests/system/sfcache/ns5/trusted.conf.bad
View File

@@ -1,14 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
trusted-keys {
"." 256 3 1 "AQO6Cl+slAf+iuieDim9L3kujFHQD7s/IOj03ClMOpKYcTXtK4mRpuULVfvWxDi9Ew/gj0xLnnX7z9OJHIxLI+DSrAHd8Dm0XfBEAtVtJSn70GaPZgnLMw1rk5ap2DsEoWk=";
};

12
bin/tests/system/sfcache/setup.sh
View File

@@ -9,8 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
SYSTEMTESTTOP=.. # shellcheck source=conf.sh
. $SYSTEMTESTTOP/conf.sh . "$SYSTEMTESTTOP/conf.sh"
set -e
$SHELL clean.sh $SHELL clean.sh
@@ -18,7 +20,5 @@ copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns5/named.conf.in ns5/named.conf
cd ns1 && $SHELL sign.sh cd ns1 && $SHELL sign.sh && cd ..
cd ns5 && $SHELL sign.sh && cd ..
cd ../ns5 && cp -f trusted.conf.bad trusted.conf

65
bin/tests/system/sfcache/tests.sh
View File

@@ -9,94 +9,103 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
SYSTEMTESTTOP=.. # shellcheck source=conf.sh
. $SYSTEMTESTTOP/conf.sh . "$SYSTEMTESTTOP/conf.sh"
set -e
status=0 status=0
n=0 n=0
rm -f dig.out.* rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" dig_with_opts() {
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" "$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@"
}
rndc_with_opts() {
"$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@"
}
echo_i "checking DNSSEC SERVFAIL is cached ($n)" echo_i "checking DNSSEC SERVFAIL is cached ($n)"
ret=0 ret=0
$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break [ -s "sfcache.$n" ] && break
sleep 1 sleep 1
done done
grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1 grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)" echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0 ret=0
$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "checking that +cd bypasses cache check ($n)" echo_i "checking that +cd bypasses cache check ($n)"
ret=0 ret=0
$DIG $DIGOPTS +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "disabling server to force non-dnssec SERVFAIL" echo_i "disabling server to force non-dnssec SERVFAIL"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} sfcache ns2 "$PERL" "$SYSTEMTESTTOP/stop.pl" --use-rndc --port "${CONTROLPORT}" sfcache ns2
awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db
echo_i "checking SERVFAIL is cached ($n)" echo_i "checking SERVFAIL is cached ($n)"
ret=0 ret=0
$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /' rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break [ -s "sfcache.$n" ] && break
sleep 1 sleep 1
done done
grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1 grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)" echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0 ret=0
nextpart ns5/named.run > /dev/null nextpart ns5/named.run > /dev/null
$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1 grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "checking cache is bypassed with +cd query ($n)" echo_i "checking cache is bypassed with +cd query ($n)"
ret=0 ret=0
$DIG $DIGOPTS +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1 grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "checking cache is used for subsequent +cd query ($n)" echo_i "checking cache is used for subsequent +cd query ($n)"
ret=0 ret=0
$DIG $DIGOPTS +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 dig_with_opts +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1 grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1
n=`expr $n + 1` n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

3
util/copyrights
View File

@@ -1008,8 +1008,7 @@
./bin/tests/system/sfcache/clean.sh SH 2014,2015,2016,2017,2018 ./bin/tests/system/sfcache/clean.sh SH 2014,2015,2016,2017,2018
./bin/tests/system/sfcache/ns1/sign.sh SH 2014,2016,2017,2018 ./bin/tests/system/sfcache/ns1/sign.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/ns2/sign.sh SH 2014,2016,2018 ./bin/tests/system/sfcache/ns2/sign.sh SH 2014,2016,2018
./bin/tests/system/sfcache/ns5/trusted.conf.bad X 2014,2016,2018 ./bin/tests/system/sfcache/ns5/sign.sh SH 2018
./bin/tests/system/sfcache/prereq.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/setup.sh SH 2014,2016,2017,2018 ./bin/tests/system/sfcache/setup.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/tests.sh SH 2014,2016,2017,2018 ./bin/tests/system/sfcache/tests.sh SH 2014,2016,2017,2018
./bin/tests/system/smartsign/clean.sh SH 2010,2012,2014,2016,2018 ./bin/tests/system/smartsign/clean.sh SH 2010,2012,2014,2016,2018