From f43de9646088ac46685f801271e6e6ac1e7ce021 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 13 Mar 2023 19:43:04 -0700 Subject: [PATCH] update the rpz tests to use the dummyrpz library when testing the DNSRPS API, instead of linking to an installed librpz.so from fastrpz, we now link to the test library. code that ran dnsrpzd and checked the fastrpz license is now unnecessary and has been removed. two dnsrps-specific test cases in rpz (qname_as_ns and ip_as_ns) have been removed, because they were only supported by fastrpz and do not work in the test library. in rpzrecurse, nsip-wait-recurse and nsdname-wait-recurse are now only tested in native mode, due to those tests being specific to the native implementation. --- bin/tests/system/ckdnsrps.sh | 98 +--------- bin/tests/system/rpz/.gitignore | 1 - bin/tests/system/rpz/clean.sh | 5 +- bin/tests/system/rpz/dnsrps.c | 34 +--- .../rpz/{dnsrpzd.conf.in => dnsrps.zones.in} | 2 - bin/tests/system/rpz/dnsrpzd-license.conf | 23 --- bin/tests/system/rpz/ns5/named.conf.in | 2 +- bin/tests/system/rpz/ns6/named.conf.in | 4 +- bin/tests/system/rpz/ns7/named.conf.in | 4 +- bin/tests/system/rpz/ns9/named.conf.in | 2 +- bin/tests/system/rpz/ns9/rpz.db | 11 +- bin/tests/system/rpz/setup.sh | 18 +- bin/tests/system/rpz/tests.sh | 97 +++++----- bin/tests/system/rpzextra/ns1/named.conf.in | 20 +-- bin/tests/system/rpzrecurse/.gitignore | 1 - bin/tests/system/rpzrecurse/clean.sh | 3 +- .../rpzrecurse/ns2/named.conf.header.in | 2 +- bin/tests/system/rpzrecurse/setup.sh | 27 +-- bin/tests/system/rpzrecurse/tests.sh | 170 ++++++++++-------- 19 files changed, 192 insertions(+), 332 deletions(-) rename bin/tests/system/rpz/{dnsrpzd.conf.in => dnsrps.zones.in} (98%) delete mode 100644 bin/tests/system/rpz/dnsrpzd-license.conf diff --git a/bin/tests/system/ckdnsrps.sh b/bin/tests/system/ckdnsrps.sh index 846c95f100..b64b8c3f77 100644 --- a/bin/tests/system/ckdnsrps.sh +++ b/bin/tests/system/ckdnsrps.sh @@ -14,9 +14,9 @@ set -e # Say on stdout whether to test DNSRPS -# and create dnsrps.conf and dnsrps-secondary.conf -# Note that dnsrps.conf and dnsrps-secondary.conf are included in named.conf -# and differ from dnsrpz.conf which is used by dnsrpzd. +# and creates dnsrps.conf +# Note that dnsrps.conf is included in named.conf +# and differs from dnsrpz.conf which is used by dnsrpzd. . ../conf.sh @@ -26,15 +26,13 @@ DNSRPS_CMD=../rpz/dnsrps AS_NS= TEST_DNSRPS= MCONF=dnsrps.conf -SCONF=dnsrps-secondary.conf -USAGE="$0: [-xAD] [-M dnsrps.conf] [-S dnsrps-secondary.conf]" +USAGE="$0: [-xAD] [-M dnsrps.conf]" while getopts "xADM:S:" c; do case $c in x) set -x; DEBUG=-x;; A) AS_NS=yes;; D) TEST_DNSRPS=yes;; M) MCONF="$OPTARG";; - S) SCONF="$OPTARG";; *) echo "$USAGE" 1>&2; exit 1;; esac done @@ -46,11 +44,9 @@ fi # erase any existing conf files cat /dev/null > $MCONF -cat /dev/null > $SCONF add_conf () { echo "$*" >>$MCONF - echo "$*" >>$SCONF } if ! $FEATURETEST --enable-dnsrps; then @@ -82,86 +78,6 @@ else exit 0 fi -CMN=" dnsrps-options { dnsrpzd-conf ../dnsrpzd.conf - dnsrpzd-sock ../dnsrpzd.sock - dnsrpzd-rpzf ../dnsrpzd.rpzf - dnsrpzd-args '-dddd -L stdout' - log-level 3" - -PRIMARY="$CMN" -if [ -n "$AS_NS" ]; then - PRIMARY="$PRIMARY - qname-as-ns yes - ip-as-ns yes" -fi - -# write dnsrps settings for primary resolver -cat <>$MCONF -$PRIMARY }; -EOF - -# write dnsrps settings for resolvers that should not start dnsrpzd -cat <>$SCONF -$CMN - dnsrpzd '' }; # do not start dnsrpzd -EOF - - -# DNSRPS is available. -# The test should fail if the license is bad. -add_conf "dnsrps-enable yes;" - -# Use alt-dnsrpzd-license.conf if it exists -CUR_L=dnsrpzd-license-cur.conf -ALT_L=alt-dnsrpzd-license.conf -# try ../rpz/alt-dnsrpzd-license.conf if alt-dnsrpzd-license.conf does not exist -[ -s $ALT_L ] || ALT_L=../rpz/alt-dnsrpzd-license.conf -if [ -s $ALT_L ]; then - SRC_L=$ALT_L - USE_ALT= -else - SRC_L=../rpz/dnsrpzd-license.conf - USE_ALT="## consider installing alt-dnsrpzd-license.conf" -fi -cp $SRC_L $CUR_L - -# parse $CUR_L for the license zone name, primary IP addresses, and optional -# transfer-source IP addresses -eval `sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'\ - -e 's/.*zone *\([-a-z0-9]*.license.fastrpz.com\).*/NAME=\1/p' \ - -e 's/.*farsight_fastrpz_license *\([0-9.]*\);.*/IPV4=\1/p' \ - -e 's/.*farsight_fastrpz_license *\([0-9a-f:]*\);.*/IPV6=\1/p' \ - -e 's/.*transfer-source *\([0-9.]*\);.*/TS4=-b\1/p' \ - -e 's/.*transfer-source *\([0-9a-f:]*\);.*/TS6=-b\1/p' \ - -e 's/.*transfer-source-v6 *\([0-9a-f:]*\);.*/TS6=-b\1/p' \ - $CUR_L` -if [ -z "$NAME" ]; then - add_conf "## no DNSRPS tests; no license domain name in $SRC_L" - add_conf '#fail' - exit 0 -fi -if [ -z "$IPV4" ]; then - IPV4=license1.fastrpz.com - TS4= -fi -if [ -z "$IPV6" ]; then - IPV6=license1.fastrpz.com - TS6= -fi - -# This TSIG key is common and NOT a secret -KEY='hmac-sha256:farsight_fastrpz_license:f405d02b4c8af54855fcebc1' - -# Try IPv4 and then IPv6 to deal with IPv6 tunnel and connectivity problems -if `$DIG -4 -t axfr -y$KEY $TS4 $NAME @$IPV4 \ - | grep -i "^$NAME.*TXT" >/dev/null`; then - exit 0 -fi -if `$DIG -6 -t axfr -y$KEY $TS6 $NAME @$IPV6 \ - | grep -i "^$NAME.*TXT" >/dev/null`; then - exit 0 -fi - -add_conf "## DNSRPS lacks a valid license via $SRC_L" -[ -z "$USE_ALT" ] || add_conf "$USE_ALT" -add_conf '#fail' +add_conf 'dnsrps-options { log-level 3 };' +add_conf 'dnsrps-enable yes;' +add_conf 'dnsrps-library "../../rpz/testlib/.libs/libdummyrpz.so";' diff --git a/bin/tests/system/rpz/.gitignore b/bin/tests/system/rpz/.gitignore index 0457088016..2a9dd67107 100644 --- a/bin/tests/system/rpz/.gitignore +++ b/bin/tests/system/rpz/.gitignore @@ -1,2 +1 @@ -alt-dnsrpzd-license.conf dnsrps diff --git a/bin/tests/system/rpz/clean.sh b/bin/tests/system/rpz/clean.sh index 1a3127cffd..218df9336d 100644 --- a/bin/tests/system/rpz/clean.sh +++ b/bin/tests/system/rpz/clean.sh @@ -40,6 +40,7 @@ rm -f ns5/example.db ns5/bl.db ns5/fast-expire.db ns5/expire.conf rm -f ns8/manual-update-rpz.db rm -f */policy2.db rm -f */*.jnl +rm -f dnsrps.cache dnsrps.conf if [ ${PARTIAL:-unset} = unset ]; then rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp @@ -49,9 +50,7 @@ if [ ${PARTIAL:-unset} = unset ]; then rm -f ns*/named.lock rm -f ns*/named.conf rm -f ns*/*switch - rm -f dnsrps*.conf - rm -f dnsrpzd.conf - rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid + rm -f dnsrps.zones rm -f ns*/managed-keys.bind* rm -f tmp fi diff --git a/bin/tests/system/rpz/dnsrps.c b/bin/tests/system/rpz/dnsrps.c index 5a54ab9c9a..167433f1e1 100644 --- a/bin/tests/system/rpz/dnsrps.c +++ b/bin/tests/system/rpz/dnsrps.c @@ -13,11 +13,8 @@ /* * -a exit(0) if dnsrps is available or dlopen() msg if not - * -p print the path to dnsrpzd configured in dnsrps so that - * dnsrpzd can be run by a setup.sh script. - * Exit(1) if dnsrps is not available * -n domain print the serial number of a domain to check if a new - * version of a policy zone has been transferred to dnsrpzd. + * version of a policy zone is ready. * Exit(1) if dnsrps is not available * -w sec.ond wait for seconds, because `sleep 0.1` is not portable */ @@ -37,8 +34,6 @@ #ifdef USE_DNSRPS #include - -librpz_t *librpz; #else /* ifdef USE_DNSRPS */ typedef struct { char c[120]; @@ -48,7 +43,7 @@ typedef struct { static bool link_dnsrps(librpz_emsg_t *emsg); -#define USAGE "usage: [-ap] [-n domain] [-w sec.onds]\n" +#define USAGE "usage: [-a] [-n domain] [-w sec.onds]\n" int main(int argc, char **argv) { @@ -64,7 +59,7 @@ main(int argc, char **argv) { char *p; int i; - while ((i = getopt(argc, argv, "apn:w:")) != -1) { + while ((i = getopt(argc, argv, "an:w:")) != -1) { switch (i) { case 'a': if (!link_dnsrps(&emsg)) { @@ -73,18 +68,6 @@ main(int argc, char **argv) { } return (0); - case 'p': - if (!link_dnsrps(&emsg)) { - fprintf(stderr, "## %s\n", emsg.c); - return (1); - } -#ifdef USE_DNSRPS - printf("%s\n", librpz->dnsrpzd_path); -#else /* ifdef USE_DNSRPS */ - UNREACHABLE(); -#endif /* ifdef USE_DNSRPS */ - return (0); - case 'n': if (!link_dnsrps(&emsg)) { fprintf(stderr, "## %s\n", emsg.c); @@ -92,8 +75,7 @@ main(int argc, char **argv) { } #ifdef USE_DNSRPS /* - * Get the serial number of a policy zone from - * a running dnsrpzd daemon. + * Get the serial number of a policy zone. */ clist = librpz->clist_create(&emsg, NULL, NULL, NULL, NULL, NULL); @@ -101,11 +83,7 @@ main(int argc, char **argv) { fprintf(stderr, "## %s: %s\n", optarg, emsg.c); return (1); } - snprintf(cstr, sizeof(cstr), - "zone %s; dnsrpzd \"\";" - " dnsrpzd-sock dnsrpzd.sock;" - " dnsrpzd-rpzf dnsrpzd.rpzf", - optarg); + snprintf(cstr, sizeof(cstr), "zone %s;", optarg); client = librpz->client_create(&emsg, clist, cstr, true); if (client == NULL) { @@ -162,7 +140,7 @@ main(int argc, char **argv) { static bool link_dnsrps(librpz_emsg_t *emsg) { #ifdef USE_DNSRPS - librpz = librpz_lib_open(emsg, NULL, DNSRPS_LIBRPZ_PATH); + librpz = librpz_lib_open(emsg, NULL, LIBRPZ_LIB_OPEN); if (librpz == NULL) { return (false); } diff --git a/bin/tests/system/rpz/dnsrpzd.conf.in b/bin/tests/system/rpz/dnsrps.zones.in similarity index 98% rename from bin/tests/system/rpz/dnsrpzd.conf.in rename to bin/tests/system/rpz/dnsrps.zones.in index 736556286d..90789b347c 100644 --- a/bin/tests/system/rpz/dnsrpzd.conf.in +++ b/bin/tests/system/rpz/dnsrps.zones.in @@ -15,8 +15,6 @@ pid-file ../dnsrpzd.pid -include ../dnsrpzd-license-cur.conf - # configure NOTIFY and zone transfers port @EXTRAPORT1@; listen-on port @EXTRAPORT1@ { 10.53.0.3; }; diff --git a/bin/tests/system/rpz/dnsrpzd-license.conf b/bin/tests/system/rpz/dnsrpzd-license.conf deleted file mode 100644 index 739b39d19d..0000000000 --- a/bin/tests/system/rpz/dnsrpzd-license.conf +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -zone isc.license.fastrpz.com { - primaries port 53 { - KEY farsight_fastrpz_license 104.244.14.176; - KEY farsight_fastrpz_license 2620:11c:f008::176; - }; -}; - -key farsight_fastrpz_license { - algorithm hmac-sha256; secret "f405d02b4c8af54855fcebc1"; -}; diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in index e1f8fb6056..58b591b70d 100644 --- a/bin/tests/system/rpz/ns5/named.conf.in +++ b/bin/tests/system/rpz/ns5/named.conf.in @@ -35,7 +35,7 @@ options { # turn rpz on or off include "rpz-switch"; - include "../dnsrps-secondary.conf"; + include "../dnsrps.conf"; }; key rndc_key { diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in index c0ad5c4237..5c4b77437f 100644 --- a/bin/tests/system/rpz/ns6/named.conf.in +++ b/bin/tests/system/rpz/ns6/named.conf.in @@ -36,7 +36,7 @@ options { nsip-enable yes nsdname-enable yes; - include "../dnsrps-secondary.conf"; + include "../dnsrps.conf"; }; logging { category rpz { default_debug; }; }; @@ -58,7 +58,7 @@ zone "policy1" { file "empty.db"; also-notify { 10.53.0.3 port @EXTRAPORT1@; }; notify-delay 0; - allow-transfer { any; }; + allow-transfer { any; }; }; zone "bl.tld2s." { diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in index 40c385c32d..3aed1a2bb1 100644 --- a/bin/tests/system/rpz/ns7/named.conf.in +++ b/bin/tests/system/rpz/ns7/named.conf.in @@ -32,7 +32,7 @@ options { nsdname-enable yes min-update-interval 0; - include "../dnsrps-secondary.conf"; + include "../dnsrps.conf"; }; logging { category rpz { default_debug; }; }; @@ -54,6 +54,6 @@ zone "policy2" { file "policy2.db"; also-notify { 10.53.0.3 port @EXTRAPORT1@; }; notify-delay 0; - allow-transfer { any; }; + allow-transfer { any; }; request-ixfr no; // force axfr on rndc reload }; diff --git a/bin/tests/system/rpz/ns9/named.conf.in b/bin/tests/system/rpz/ns9/named.conf.in index 70297bdeba..0d3fce7852 100644 --- a/bin/tests/system/rpz/ns9/named.conf.in +++ b/bin/tests/system/rpz/ns9/named.conf.in @@ -30,7 +30,7 @@ options { recursion yes; dnssec-validation yes; dns64-server "example.localdomain."; - dns64 64:ff9b::/96 { }; + dns64 64:ff9b::/96 { }; response-policy { zone "rpz"; } diff --git a/bin/tests/system/rpz/ns9/rpz.db b/bin/tests/system/rpz/ns9/rpz.db index dcbe5d6728..77679873c6 100644 --- a/bin/tests/system/rpz/ns9/rpz.db +++ b/bin/tests/system/rpz/ns9/rpz.db @@ -9,8 +9,9 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -rpz. 28800 IN SOA rpz. hostmaster.rpz. 6 10800 3600 2419200 900 -rpz. 28800 IN NS . -a-only.example.rpz. 28800 IN CNAME *. -no-a-no-aaaa.example.rpz. 28800 IN CNAME *. -a-plus-aaaa.example.rpz. 28800 IN CNAME *. +$TTL 28800 +rpz. IN SOA rpz. hostmaster.rpz. 6 10800 3600 2419200 900 +rpz. IN NS . +a-only.example CNAME *. +no-a-no-aaaa.example CNAME *. +a-plus-aaaa.example CNAME *. diff --git a/bin/tests/system/rpz/setup.sh b/bin/tests/system/rpz/setup.sh index 75e4957ea4..cc102c2f59 100644 --- a/bin/tests/system/rpz/setup.sh +++ b/bin/tests/system/rpz/setup.sh @@ -55,13 +55,13 @@ copy_setports ns8/named.conf.in ns8/named.conf copy_setports ns9/named.conf.in ns9/named.conf copy_setports ns10/named.conf.in ns10/named.conf -copy_setports dnsrpzd.conf.in dnsrpzd.conf +copy_setports dnsrps.zones.in dnsrps.zones # decide whether to test DNSRPS -# Note that dnsrps.conf and dnsrps-secondary.conf are included in named.conf -# and differ from dnsrpz.conf which is used by dnsrpzd. -$SHELL ../ckdnsrps.sh -A $TEST_DNSRPS $DEBUG -test -z "$(grep 'dnsrps-enable yes' dnsrps.conf)" && TEST_DNSRPS= +# Note that dnsrps.conf is included in named.conf +$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG +test -z "$(grep 'testing with DNSRPS' dnsrps.conf)" && TEST_DNSRPS= +touch dnsrps.cache # set up test policy zones. # bl is the main test zone @@ -169,11 +169,3 @@ cp ns2/bl.tld2.db.in ns2/bl.tld2.db cp ns5/empty.db.in ns5/empty.db cp ns5/empty.db.in ns5/policy2.db cp ns6/bl.tld2s.db.in ns6/bl.tld2s.db - -# Run dnsrpzd to get the license and prime the static policy zones -if test -n "$TEST_DNSRPS"; then - DNSRPZD="$(../rpz/dnsrps -p)" - cd ns3 - "$DNSRPZ" -D../dnsrpzd.rpzf -S../dnsrpzd.sock -C../dnsrpzd.conf \ - -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 -fi diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 4e83a6b702..a18064d3d9 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -35,6 +35,7 @@ HAVE_CORE= status=0 t=0 +export DNSRPS_TEST_UPDATE_FILE=$(pwd)/dnsrps.cache DEBUG= SAVE_RESULTS= ARGS= @@ -67,7 +68,6 @@ DNSRPSCMD=./dnsrps RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" if test -x $DNSRPSCMD; then - # speed up the many delays for dnsrpzd by waiting only 0.1 seconds WAIT_CMD="$DNSRPSCMD -w 0.1" TEN_SECS=100 else @@ -129,10 +129,10 @@ get_sn_fast () { fi } -# check that dnsrpzd has loaded its zones +# check that dnsrps provider has zones loaded # $1=domain # $2=DNS server IP address -FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf` +FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrps.zones` dnsrps_loaded() { test "$mode" = dnsrps || return n=0 @@ -182,7 +182,15 @@ ck_soa() { # (re)load the response policy zones with the rules in the file $TEST_FILE load_db () { if test -n "$TEST_FILE"; then - copy_setports $TEST_FILE tmp + copy_setports $TEST_FILE tmp + + for ZONE in bl0 bl1 bl2 bl3 bl4 bl5 bl6 bl7 bl8 bl9 bl10 bl11 bl12 bl13 bl14 bl15 bl16 bl17 bl18 bl19; do + produce_librpz_rules ns5 $ZONE bl + done + + produce_librpz_rules ns2 bl.tld2 bl.tld2 + cat tmp >> $DNSRPS_TEST_UPDATE_FILE + if $NSUPDATE -v tmp; then : $RNDCCMD $ns3 sync else @@ -190,7 +198,7 @@ load_db () { $RNDCCMD $ns3 sync exit 1 fi - rm -f tmp + rm -f tmp fi } @@ -213,11 +221,11 @@ restart () { fi rm -f ns$1/*.jnl if [ "$2" = "rebuild-bl-rpz" ]; then - if test -f ns$1/base.db; then + if test -f ns$1/base.db; then for NM in ns$1/bl*.db; do - cp -f ns$1/base.db $NM - done - fi + cp -f ns$1/base.db $NM + done + fi fi start_server --noclean --restart --port ${PORT} ns$1 load_db @@ -242,8 +250,8 @@ ckalive () { } resetstats () { - NSDIR=$1 - eval "${NSDIR}_CNT=''" + NSDIR=$1 + eval "${NSDIR}_CNT=''" } ckstats () { @@ -279,6 +287,16 @@ ckstatsrange () { eval "${NSDIR}_CNT=$NEW_CNT" } +add_librpz_rule() { + echo $1 >> $DNSRPS_TEST_UPDATE_FILE +} + +produce_librpz_rules() { + # echo "Producing rules for $1" + ZONEFILE=$1/$3.db + cat $ZONEFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$2 '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE +} + # $1=message # $2=optional test file name start_group () { @@ -299,9 +317,10 @@ start_group () { end_group () { if test -n "$TEST_FILE"; then # remove the previous set of test rules - copy_setports $TEST_FILE tmp + copy_setports $TEST_FILE tmp + add_librpz_rule "rollback" sed -e 's/[ ]add[ ]/ delete /' tmp | $NSUPDATE - rm -f tmp + rm -f tmp TEST_FILE= fi ckalive $ns3 "failed; ns3 server crashed and restarted" @@ -510,6 +529,7 @@ for mode in native dnsrps; do retry_quiet 10 make_proto_nodata start_group "QNAME rewrites" test1 + nochange . # 1 do not crash or rewrite root nxdomain a0-1.tld2 # 2 nodata a3-1.tld2 # 3 @@ -600,13 +620,18 @@ EOF # updating an response zone policy cp ns2/blv2.tld2.db.in ns2/bl.tld2.db rndc_reload ns2 $ns2 bl.tld2 + add_librpz_rule "update zone bl.tld2 1 inc" ck_soa 2 bl.tld2 $ns3 + add_librpz_rule "wipe" + produce_librpz_rules ns2 bl.tld2 bl.tld2 nochange a7-1.tld2 # 19 PASSTHRU # ensure that a clock tick has occurred so that named will do the reload sleep 1 cp ns2/blv3.tld2.db.in ns2/bl.tld2.db rndc_reload ns2 $ns2 bl.tld2 + add_librpz_rule "update zone bl.tld2 1 inc" ck_soa 3 bl.tld2 $ns3 + produce_librpz_rules ns2 bl.tld2 bl.tld2 nxdomain a7-1.tld2 # 20 secondary policy zone (RT34450) end_group ckstats $ns3 test2 ns3 12 @@ -647,17 +672,10 @@ EOF nxdomain a3-1.static-stub # 14 nochange_ns10 a3-1.stub-nomatch # 15 nochange_ns10 a3-1.static-stub-nomatch # 16 - if [ "$mode" = dnsrps ]; then - addr 12.12.12.12 as-ns.tld5. # 17 qname-as-ns - fi nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" && setret "seen: unrecognized NS rpz_rrset_find() failed: glue" end_group - if [ "$mode" = dnsrps ]; then - ckstats $ns3 test3 ns3 10 - else - ckstats $ns3 test3 ns3 9 - fi + ckstats $ns3 test3 ns3 9 # these tests assume "min-ns-dots 0" start_group "NSIP rewrites" test4 @@ -670,9 +688,6 @@ EOF nxdomain a4-1.static-stub # 6 nochange_ns10 a4-1.stub-nomatch # 7 nochange_ns10 a4-1.static-stub-nomatch # 8 - if [ "$mode" = dnsrps ]; then - addr 12.12.12.12 as-ns.tld5. # 9 ip-as-ns - fi nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" && setret "seen: unrecognized NS rpz_rrset_find() failed: glue" end_group @@ -685,11 +700,7 @@ EOF a3-1.tld2. x IN TXT "NSIP walled garden" EOF end_group - if [ "$mode" = dnsrps ]; then - ckstats $ns3 test4 ns3 7 - else - ckstats $ns3 test4 ns3 6 - fi + ckstats $ns3 test4 ns3 6 # policies in ./test5 overridden by response-policy{} in ns3/named.conf # and in ns5/named.conf @@ -722,6 +733,7 @@ EOF ckstats $ns5 test5 ns5 4 # check that miscellaneous bugs are still absent + add_librpz_rule "wipe" start_group "crashes" test6 for Q in RRSIG SIG ANY 'ANY +dnssec'; do nocrash a3-1.tld2 -t$Q @@ -789,27 +801,6 @@ EOF echo_i "performance not checked; queryperf not available" fi - if [ "$mode" = dnsrps ]; then - echo_i "checking that dnsrpzd is automatically restarted" - OLD_PID=`cat dnsrpzd.pid` - kill "$OLD_PID" - n=0 - while true; do - NEW_PID=`cat dnsrpzd.pid 2>/dev/null` - if test -n "$NEW_PID" -a "0$OLD_PID" -ne "0$NEW_PID"; then - #echo "OLD_PID=$OLD_PID NEW_PID=$NEW_PID" - break; - fi - $DIG -p ${PORT} +short +norecurse a0-1.tld2 @$ns3 >/dev/null - n=`expr $n + 1` - if test "$n" -gt $TEN_SECS; then - setret "dnsrpzd did not restart" - break - fi - $WAIT_CMD - done - fi - # Ensure ns3 manages to transfer the fast-expire zone before shutdown. nextpartreset ns3/named.run wait_for_log 20 "zone fast-expire/IN: transferred serial 1" ns3/named.run @@ -822,6 +813,7 @@ EOF # restart the main test RPZ server to see if that creates a core file if test -z "$HAVE_CORE"; then stop_server --use-rndc --port ${CONTROLPORT} ns3 + add_librpz_rule "restart" restart 3 "rebuild-bl-rpz" HAVE_CORE=`find ns* -name '*core*' -print` test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?" @@ -833,7 +825,7 @@ EOF if test -n "$EMSGS"; then setret "error messages in $runfile starting with:" grep -E 'invalid rpz|rpz.*failed' ns*/named.run | \ - sed -e '10,$d' -e 's/^//' | cat_i + sed -e '10,$d' -e 's/^//' | cat_i fi done @@ -918,9 +910,11 @@ EOF nsd $ns5 delete '*.example.com.policy1.' example.com.policy1. done + t=`expr $t + 1` echo_i "checking that going from an empty policy zone works (${t})" nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2. + add_librpz_rule "update add *.x.servfail.policy2 300 CNAME ." sleep 1 rndc_reload ns7 $ns7 policy2 $DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t} @@ -977,6 +971,7 @@ EOF fi # RPZ 'CNAME *.' (NODATA) trumps DNS64. Test against various DNS64 scenarios. + produce_librpz_rules ns9 rpz rpz for label in a-only no-a-no-aaaa a-plus-aaaa do for type in AAAA A diff --git a/bin/tests/system/rpzextra/ns1/named.conf.in b/bin/tests/system/rpzextra/ns1/named.conf.in index 202ffa7006..224064d64f 100644 --- a/bin/tests/system/rpzextra/ns1/named.conf.in +++ b/bin/tests/system/rpzextra/ns1/named.conf.in @@ -40,19 +40,19 @@ options { logging { channel rpz_passthru { - file "rpz_passthru.txt" versions 3 size 5m; - print-time yes; - print-category yes; - print-severity yes; - severity info; + file "rpz_passthru.txt" versions 3 size 5m; + print-time yes; + print-category yes; + print-severity yes; + severity info; }; channel rpz_log { - file "rpz.txt" versions 3 size 20m; - print-time yes; - print-category yes; - print-severity yes; - severity info; + file "rpz.txt" versions 3 size 20m; + print-time yes; + print-category yes; + print-severity yes; + severity info; }; category rpz { rpz_log; default_debug; }; diff --git a/bin/tests/system/rpzrecurse/.gitignore b/bin/tests/system/rpzrecurse/.gitignore index 5d4371d852..b58ca75d82 100644 --- a/bin/tests/system/rpzrecurse/.gitignore +++ b/bin/tests/system/rpzrecurse/.gitignore @@ -5,7 +5,6 @@ /ns3/named2.conf /ns4/named.conf /ans5/ans.pid -/dnsrps-secondary.conf /dnsrps.conf /dnsrpzd.conf session.key diff --git a/bin/tests/system/rpzrecurse/clean.sh b/bin/tests/system/rpzrecurse/clean.sh index 45b7940256..d1d57abb6b 100644 --- a/bin/tests/system/rpzrecurse/clean.sh +++ b/bin/tests/system/rpzrecurse/clean.sh @@ -29,6 +29,7 @@ rm -f ns2/named.conf.header rm -f ns3/named.conf rm -f ns3/named.run.prev -rm -f dnsrps*.conf dnsrpzd* +rm -f dnsrps.cache +rm -f dnsrps*.conf rm -f ns*/session.key rm -f ns*/managed-keys.bind* ns*/*.mkeys* diff --git a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in index 2fb16788aa..90a17b7a37 100644 --- a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in +++ b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in @@ -27,7 +27,7 @@ options { querylog yes; # let ns3 start dnsrpzd - include "../dnsrps-secondary.conf"; + include "../dnsrps.conf"; }; key rndc_key { diff --git a/bin/tests/system/rpzrecurse/setup.sh b/bin/tests/system/rpzrecurse/setup.sh index e68784f46a..6ffe1d6cc4 100644 --- a/bin/tests/system/rpzrecurse/setup.sh +++ b/bin/tests/system/rpzrecurse/setup.sh @@ -46,6 +46,11 @@ copy_setports ns3/named1.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf +# decide whether to test DNSRPS +$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG +test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS= +touch dnsrps.cache + # setup policy zones for a 64-zone test i=1 while test $i -le 64 @@ -63,25 +68,3 @@ do done i=`expr $i + 1` done - -# decide whether to test DNSRPS -$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG -test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS= - -CWD=`pwd` -cat <dnsrpzd.conf -PID-FILE $CWD/dnsrpzd.pid; - -include $CWD/dnsrpzd-license-cur.conf - -zone "policy" { type primary; file "`pwd`/ns3/policy.db"; }; -EOF -sed -n -e 's/^ *//' -e "/zone.*.*primary/s@file \"@&$CWD/ns2/@p" ns2/*.conf \ - >>dnsrpzd.conf - -# Run dnsrpzd to get the license and prime the static policy zones -if test -n "$TEST_DNSRPS"; then - DNSRPZD="`../rpz/dnsrps -p`" - "$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \ - -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 -fi diff --git a/bin/tests/system/rpzrecurse/tests.sh b/bin/tests/system/rpzrecurse/tests.sh index 23ed82e6e9..aea2701954 100644 --- a/bin/tests/system/rpzrecurse/tests.sh +++ b/bin/tests/system/rpzrecurse/tests.sh @@ -20,6 +20,7 @@ status=0 t=0 +export DNSRPS_TEST_UPDATE_FILE=$(pwd)/dnsrps.cache DEBUG= ARGS= @@ -46,6 +47,7 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" run_server() { TESTNAME=$1 + start_server_rules $1 $2 echo_i "stopping resolver" stop_server --use-rndc --port ${CONTROLPORT} ns2 @@ -57,6 +59,22 @@ run_server() { sleep 3 } +start_server_rules() { + FCONF=ns2/named.$1.conf + + cat /dev/null > $DNSRPS_TEST_UPDATE_FILE + cat $FCONF | grep 'zone ' | grep ' primary' | while read LINE; do + ZONE=`echo $LINE | sed 's/.*zone "//g' | awk -F '"' '{print $1}'`; + DBFILE=`echo $LINE | sed 's/.*file "//g' | awk -F '"' '{print $1}'`; + cat ns2/$DBFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$ZONE '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE + done +} + +produce_librpz_rules() { + ZONEFILE=$1/$3.db + cat $ZONEFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$2 '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE +} + run_query() { TESTNAME=$1 LINE=$2 @@ -74,7 +92,7 @@ expect_norecurse() { LINE=$2 NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` - t=`expr $t + 1` + t=$((t+1)) echo_i "testing $NAME doesn't recurse (${t})" add_test_marker 10.53.0.2 run_query $TESTNAME $LINE || { @@ -90,7 +108,7 @@ expect_recurse() { LINE=$2 NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` - t=`expr $t + 1` + t=$((t+1)) echo_i "testing $NAME recurses (${t})" add_test_marker 10.53.0.2 run_query $TESTNAME $LINE && { @@ -144,7 +162,7 @@ for mode in native dnsrps; do # show whether and why DNSRPS is enabled or disabled sed -n 's/^## //p' dnsrps.conf | cat_i - t=`expr $t + 1` + t=$((t+1)) echo_i "testing that l1.l0 exists without RPZ (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} @@ -153,7 +171,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t+1)) echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} @@ -211,7 +229,7 @@ for mode in native dnsrps; do for n in $testlist; do run_server 4$n ni=$1 - t=`expr $t + 1` + t=$((t+1)) echo_i "testing that ${ni} of 33 queries skip recursion (${t})" add_test_marker 10.53.0.2 c=0 @@ -221,7 +239,7 @@ for mode in native dnsrps; do run_query 4$n $i c=`expr $c + $?` done - skipped=`expr 33 - $c` + skipped=$((33-c)) if [ $skipped != $ni ]; then echo_i "test $t failed (actual=$skipped, expected=$ni)" status=1 @@ -242,7 +260,7 @@ for mode in native dnsrps; do echo_i "check recursive behavior consistency during policy update races" run_server 6a sleep 1 - t=`expr $t + 1` + t=$((t+1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} @@ -256,7 +274,7 @@ for mode in native dnsrps; do $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` sleep 1 - t=`expr $t + 1` + t=$((t+1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & @@ -285,7 +303,7 @@ for mode in native dnsrps; do cp ns2/saved.policy.local ns2/db.6a.00.policy.local run_server 6a sleep 1 - t=`expr $t + 1` + t=$((t+1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} @@ -298,7 +316,7 @@ for mode in native dnsrps; do $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` sleep 1 - t=`expr $t + 1` + t=$((t+1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & @@ -323,7 +341,7 @@ for mode in native dnsrps; do } # Check maximum number of RPZ zones (64) - t=`expr $t + 1` + t=$((t+1)) echo_i "testing maximum number of RPZ zones (${t})" add_test_marker 10.53.0.2 run_server max @@ -335,11 +353,11 @@ for mode in native dnsrps; do echo_i "test $t failed: didn't get expected answer from policy zone $i" status=1 } - i=`expr $i + 1` + i=$((i+1)) done # Check CLIENT-IP behavior - t=`expr $t + 1` + t=$((t+1)) echo_i "testing CLIENT-IP behavior (${t})" add_test_marker 10.53.0.2 run_server clientip @@ -354,7 +372,7 @@ for mode in native dnsrps; do } # Check CLIENT-IP behavior #2 - t=`expr $t + 1` + t=$((t+1)) echo_i "testing CLIENT-IP behavior #2 (${t})" add_test_marker 10.53.0.2 run_server clientip2 @@ -384,7 +402,7 @@ for mode in native dnsrps; do } # Check RPZ log clause - t=`expr $t + 1` + t=$((t+1)) echo_i "testing RPZ log clause (${t})" add_test_marker 10.53.0.2 run_server log @@ -407,7 +425,7 @@ for mode in native dnsrps; do # Check wildcard behavior - t=`expr $t + 1` + t=$((t+1)) echo_i "testing wildcard behavior with 1 RPZ zone (${t})" add_test_marker 10.53.0.2 run_server wildcard1 @@ -422,7 +440,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t+1)) echo_i "testing wildcard behavior with 2 RPZ zones (${t})" add_test_marker 10.53.0.2 run_server wildcard2 @@ -437,7 +455,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t+1)) echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})" add_test_marker 10.53.0.2 run_server wildcard3 @@ -452,7 +470,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t+1)) echo_i "testing wildcard passthru before explicit drop (${t})" add_test_marker 10.53.0.2 run_server wildcard4 @@ -469,7 +487,7 @@ for mode in native dnsrps; do if [ "$mode" = "native" ]; then # Check for invalid prefix length error - t=`expr $t + 1` + t=$((t+1)) echo_i "testing for invalid prefix length error (${t})" add_test_marker 10.53.0.2 run_server invalidprefixlength @@ -479,68 +497,72 @@ for mode in native dnsrps; do } fi - t=`expr $t + 1` - echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)" - add_test_marker 10.53.0.2 10.53.0.3 - echo_i "timing 'nsip-wait-recurse yes' (default)" - ret=0 - t1=`$PERL -e 'print time()."\n";'` - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t - t2=`$PERL -e 'print time()."\n";'` - p1=`expr $t2 - $t1` - echo_i "elapsed time $p1 seconds" + if [ "$mode" = "native" ]; then + t=$((t+1)) + echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)" + add_test_marker 10.53.0.2 10.53.0.3 + echo_i "timing 'nsip-wait-recurse yes' (default)" + produce_librpz_rules ns3 policy policy + ret=0 + t1=`$PERL -e 'print time()."\n";'` + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t + t2=`$PERL -e 'print time()."\n";'` + p1=$((t2-t1)) + echo_i "elapsed time $p1 seconds" - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush - copy_setports ns3/named2.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null - wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + copy_setports ns3/named2.conf.in ns3/named.conf + nextpart ns3/named.run > /dev/null + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 - echo_i "timing 'nsip-wait-recurse no'" - t3=`$PERL -e 'print time()."\n";'` - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t - t4=`$PERL -e 'print time()."\n";'` - p2=`expr $t4 - $t3` - echo_i "elapsed time $p2 seconds" + echo_i "timing 'nsip-wait-recurse no'" + echo "update zone policy 0 no_nsip_wait_recurse" > $DNSRPS_TEST_UPDATE_FILE + t3=`$PERL -e 'print time()."\n";'` + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t + t4=`$PERL -e 'print time()."\n";'` + p2=$((t4-t3)) + echo_i "elapsed time $p2 seconds" - if test $p1 -le $p2; then ret=1; fi - if test $ret != 0; then echo_i "failed"; fi - status=`expr $status + $ret` + if test $p1 -le $p2; then ret=1; fi + if test $ret != 0; then echo_i "failed"; fi + status=$((status+ret)) - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush - # restore original named.conf - copy_setports ns3/named1.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null - wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + # restore original named.conf + copy_setports ns3/named1.conf.in ns3/named.conf + nextpart ns3/named.run > /dev/null + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 - t=`expr $t + 1` - echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)" - add_test_marker 10.53.0.2 10.53.0.3 - echo_i "timing 'nsdname-wait-recurse yes' (default)" - ret=0 - t1=`$PERL -e 'print time()."\n";'` - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t - t2=`$PERL -e 'print time()."\n";'` - p1=`expr $t2 - $t1` - echo_i "elapsed time $p1 seconds" + t=$((t+1)) + echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)" + add_test_marker 10.53.0.2 10.53.0.3 + echo_i "timing 'nsdname-wait-recurse yes' (default)" + ret=0 + t1=`$PERL -e 'print time()."\n";'` + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t + t2=`$PERL -e 'print time()."\n";'` + p1=$((t2-t1)) + echo_i "elapsed time $p1 seconds" - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush - copy_setports ns3/named3.conf.in ns3/named.conf - nextpart ns3/named.run > /dev/null - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null - wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush + copy_setports ns3/named3.conf.in ns3/named.conf + nextpart ns3/named.run > /dev/null + $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null + wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 - echo_i "timing 'nsdname-wait-recurse no'" - t3=`$PERL -e 'print time()."\n";'` - $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t - t4=`$PERL -e 'print time()."\n";'` - p2=`expr $t4 - $t3` - echo_i "elapsed time $p2 seconds" + echo_i "timing 'nsdname-wait-recurse no'" + t3=`$PERL -e 'print time()."\n";'` + $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t + t4=`$PERL -e 'print time()."\n";'` + p2=$((t4-t3)) + echo_i "elapsed time $p2 seconds" - if test $p1 -le $p2; then ret=1; fi - if test $ret != 0; then echo_i "failed"; fi - status=`expr $status + $ret` + if test $p1 -le $p2; then ret=1; fi + if test $ret != 0; then echo_i "failed"; fi + status=$((status+ret)) + fi [ $status -ne 0 ] && pf=fail || pf=pass