mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

update the rpz tests to use the dummyrpz library

Browse Source 
when testing the DNSRPS API, instead of linking to an installed
librpz.so from fastrpz, we now link to the test library. code that
ran dnsrpzd and checked the fastrpz license is now unnecessary and
has been removed.

two dnsrps-specific test cases in rpz (qname_as_ns and ip_as_ns) have
been removed, because they were only supported by fastrpz and do not
work in the test library. in rpzrecurse, nsip-wait-recurse and
nsdname-wait-recurse are now only tested in native mode, due to those
tests being specific to the native implementation.
This commit is contained in:
Evan Hunt
2023-03-13 19:43:04 -07:00
parent b8b6b10ad2
commit f43de96460
19 changed files with 192 additions and 332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
bin/tests/system/ckdnsrps.sh
View File

@@ -14,9 +14,9 @@
set -e set -e
# Say on stdout whether to test DNSRPS # Say on stdout whether to test DNSRPS
# and create dnsrps.conf and dnsrps-secondary.conf # and creates dnsrps.conf
# Note that dnsrps.conf and dnsrps-secondary.conf are included in named.conf # Note that dnsrps.conf is included in named.conf
# and differ from dnsrpz.conf which is used by dnsrpzd. # and differs from dnsrpz.conf which is used by dnsrpzd.
. ../conf.sh . ../conf.sh
@@ -26,15 +26,13 @@ DNSRPS_CMD=../rpz/dnsrps
AS_NS= AS_NS=
TEST_DNSRPS= TEST_DNSRPS=
MCONF=dnsrps.conf MCONF=dnsrps.conf
SCONF=dnsrps-secondary.conf USAGE="$0: [-xAD] [-M dnsrps.conf]"
USAGE="$0: [-xAD] [-M dnsrps.conf] [-S dnsrps-secondary.conf]"
while getopts "xADM:S:" c; do while getopts "xADM:S:" c; do
case $c in case $c in
x) set -x; DEBUG=-x;; x) set -x; DEBUG=-x;;
A) AS_NS=yes;; A) AS_NS=yes;;
D) TEST_DNSRPS=yes;; D) TEST_DNSRPS=yes;;
M) MCONF="$OPTARG";; M) MCONF="$OPTARG";;
S) SCONF="$OPTARG";;
*) echo "$USAGE" 1>&2; exit 1;; *) echo "$USAGE" 1>&2; exit 1;;
esac esac
done done
@@ -46,11 +44,9 @@ fi
# erase any existing conf files # erase any existing conf files
cat /dev/null > $MCONF cat /dev/null > $MCONF
cat /dev/null > $SCONF
add_conf () { add_conf () {
echo "$*" >>$MCONF echo "$*" >>$MCONF
echo "$*" >>$SCONF
} }
if ! $FEATURETEST --enable-dnsrps; then if ! $FEATURETEST --enable-dnsrps; then
@@ -82,86 +78,6 @@ else
exit 0 exit 0
fi fi
CMN=" dnsrps-options { dnsrpzd-conf ../dnsrpzd.conf add_conf 'dnsrps-options { log-level 3 };'
dnsrpzd-sock ../dnsrpzd.sock add_conf 'dnsrps-enable yes;'
dnsrpzd-rpzf ../dnsrpzd.rpzf add_conf 'dnsrps-library "../../rpz/testlib/.libs/libdummyrpz.so";'
dnsrpzd-args '-dddd -L stdout'
log-level 3"
PRIMARY="$CMN"
if [ -n "$AS_NS" ]; then
PRIMARY="$PRIMARY
qname-as-ns yes
ip-as-ns yes"
fi
# write dnsrps settings for primary resolver
cat <<EOF >>$MCONF
$PRIMARY };
EOF
# write dnsrps settings for resolvers that should not start dnsrpzd
cat <<EOF >>$SCONF
$CMN
dnsrpzd '' }; # do not start dnsrpzd
EOF
# DNSRPS is available.
# The test should fail if the license is bad.
add_conf "dnsrps-enable yes;"
# Use alt-dnsrpzd-license.conf if it exists
CUR_L=dnsrpzd-license-cur.conf
ALT_L=alt-dnsrpzd-license.conf
# try ../rpz/alt-dnsrpzd-license.conf if alt-dnsrpzd-license.conf does not exist
[ -s $ALT_L ] || ALT_L=../rpz/alt-dnsrpzd-license.conf
if [ -s $ALT_L ]; then
SRC_L=$ALT_L
USE_ALT=
else
SRC_L=../rpz/dnsrpzd-license.conf
USE_ALT="## consider installing alt-dnsrpzd-license.conf"
fi
cp $SRC_L $CUR_L
# parse $CUR_L for the license zone name, primary IP addresses, and optional
# transfer-source IP addresses
eval `sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'\
-e 's/.*zone *\([-a-z0-9]*.license.fastrpz.com\).*/NAME=\1/p' \
-e 's/.*farsight_fastrpz_license *\([0-9.]*\);.*/IPV4=\1/p' \
-e 's/.*farsight_fastrpz_license *\([0-9a-f:]*\);.*/IPV6=\1/p' \
-e 's/.*transfer-source *\([0-9.]*\);.*/TS4=-b\1/p' \
-e 's/.*transfer-source *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
-e 's/.*transfer-source-v6 *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
$CUR_L`
if [ -z "$NAME" ]; then
add_conf "## no DNSRPS tests; no license domain name in $SRC_L"
add_conf '#fail'
exit 0
fi
if [ -z "$IPV4" ]; then
IPV4=license1.fastrpz.com
TS4=
fi
if [ -z "$IPV6" ]; then
IPV6=license1.fastrpz.com
TS6=
fi
# This TSIG key is common and NOT a secret
KEY='hmac-sha256:farsight_fastrpz_license:f405d02b4c8af54855fcebc1'
# Try IPv4 and then IPv6 to deal with IPv6 tunnel and connectivity problems
if `$DIG -4 -t axfr -y$KEY $TS4 $NAME @$IPV4 \
| grep -i "^$NAME.*TXT" >/dev/null`; then
exit 0
fi
if `$DIG -6 -t axfr -y$KEY $TS6 $NAME @$IPV6 \
| grep -i "^$NAME.*TXT" >/dev/null`; then
exit 0
fi
add_conf "## DNSRPS lacks a valid license via $SRC_L"
[ -z "$USE_ALT" ] || add_conf "$USE_ALT"
add_conf '#fail'

1
bin/tests/system/rpz/.gitignore vendored
View File

@@ -1,2 +1 @@
alt-dnsrpzd-license.conf
dnsrps dnsrps

5
bin/tests/system/rpz/clean.sh
View File

@@ -40,6 +40,7 @@ rm -f ns5/example.db ns5/bl.db ns5/fast-expire.db ns5/expire.conf
rm -f ns8/manual-update-rpz.db rm -f ns8/manual-update-rpz.db
rm -f */policy2.db rm -f */policy2.db
rm -f */*.jnl rm -f */*.jnl
rm -f dnsrps.cache dnsrps.conf
if [ ${PARTIAL:-unset} = unset ]; then if [ ${PARTIAL:-unset} = unset ]; then
rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
@@ -49,9 +50,7 @@ if [ ${PARTIAL:-unset} = unset ]; then
rm -f ns*/named.lock rm -f ns*/named.lock
rm -f ns*/named.conf rm -f ns*/named.conf
rm -f ns*/*switch rm -f ns*/*switch
rm -f dnsrps*.conf rm -f dnsrps.zones
rm -f dnsrpzd.conf
rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid
rm -f ns*/managed-keys.bind* rm -f ns*/managed-keys.bind*
rm -f tmp rm -f tmp
fi fi

34
bin/tests/system/rpz/dnsrps.c
View File

@@ -13,11 +13,8 @@
/* /*
* -a exit(0) if dnsrps is available or dlopen() msg if not * -a exit(0) if dnsrps is available or dlopen() msg if not
* -p print the path to dnsrpzd configured in dnsrps so that
* dnsrpzd can be run by a setup.sh script.
* Exit(1) if dnsrps is not available
* -n domain print the serial number of a domain to check if a new * -n domain print the serial number of a domain to check if a new
* version of a policy zone has been transferred to dnsrpzd. * version of a policy zone is ready.
* Exit(1) if dnsrps is not available * Exit(1) if dnsrps is not available
* -w sec.ond wait for seconds, because `sleep 0.1` is not portable * -w sec.ond wait for seconds, because `sleep 0.1` is not portable
*/ */
@@ -37,8 +34,6 @@
#ifdef USE_DNSRPS #ifdef USE_DNSRPS
#include <dns/librpz.h> #include <dns/librpz.h>
librpz_t *librpz;
#else /* ifdef USE_DNSRPS */ #else /* ifdef USE_DNSRPS */
typedef struct { typedef struct {
char c[120]; char c[120];
@@ -48,7 +43,7 @@ typedef struct {
static bool static bool
link_dnsrps(librpz_emsg_t *emsg); link_dnsrps(librpz_emsg_t *emsg);
#define USAGE "usage: [-ap] [-n domain] [-w sec.onds]\n" #define USAGE "usage: [-a] [-n domain] [-w sec.onds]\n"
int int
main(int argc, char **argv) { main(int argc, char **argv) {
@@ -64,7 +59,7 @@ main(int argc, char **argv) {
char *p; char *p;
int i; int i;
while ((i = getopt(argc, argv, "apn:w:")) != -1) { while ((i = getopt(argc, argv, "an:w:")) != -1) {
switch (i) { switch (i) {
case 'a': case 'a':
if (!link_dnsrps(&emsg)) { if (!link_dnsrps(&emsg)) {
@@ -73,18 +68,6 @@ main(int argc, char **argv) {
} }
return (0); return (0);
case 'p':
if (!link_dnsrps(&emsg)) {
fprintf(stderr, "## %s\n", emsg.c);
return (1);
}
#ifdef USE_DNSRPS
printf("%s\n", librpz->dnsrpzd_path);
#else /* ifdef USE_DNSRPS */
UNREACHABLE();
#endif /* ifdef USE_DNSRPS */
return (0);
case 'n': case 'n':
if (!link_dnsrps(&emsg)) { if (!link_dnsrps(&emsg)) {
fprintf(stderr, "## %s\n", emsg.c); fprintf(stderr, "## %s\n", emsg.c);
@@ -92,8 +75,7 @@ main(int argc, char **argv) {
} }
#ifdef USE_DNSRPS #ifdef USE_DNSRPS
/* /*
* Get the serial number of a policy zone from * Get the serial number of a policy zone.
* a running dnsrpzd daemon.
*/ */
clist = librpz->clist_create(&emsg, NULL, NULL, NULL, clist = librpz->clist_create(&emsg, NULL, NULL, NULL,
NULL, NULL); NULL, NULL);
@@ -101,11 +83,7 @@ main(int argc, char **argv) {
fprintf(stderr, "## %s: %s\n", optarg, emsg.c); fprintf(stderr, "## %s: %s\n", optarg, emsg.c);
return (1); return (1);
} }
snprintf(cstr, sizeof(cstr), snprintf(cstr, sizeof(cstr), "zone %s;", optarg);
"zone %s; dnsrpzd \"\";"
" dnsrpzd-sock dnsrpzd.sock;"
" dnsrpzd-rpzf dnsrpzd.rpzf",
optarg);
client = librpz->client_create(&emsg, clist, cstr, client = librpz->client_create(&emsg, clist, cstr,
true); true);
if (client == NULL) { if (client == NULL) {
@@ -162,7 +140,7 @@ main(int argc, char **argv) {
static bool static bool
link_dnsrps(librpz_emsg_t *emsg) { link_dnsrps(librpz_emsg_t *emsg) {
#ifdef USE_DNSRPS #ifdef USE_DNSRPS
librpz = librpz_lib_open(emsg, NULL, DNSRPS_LIBRPZ_PATH); librpz = librpz_lib_open(emsg, NULL, LIBRPZ_LIB_OPEN);
if (librpz == NULL) { if (librpz == NULL) {
return (false); return (false);
} }

2
bin/tests/system/rpz/dnsrpzd.conf.in → bin/tests/system/rpz/dnsrps.zones.in
View File

@@ -15,8 +15,6 @@
pid-file ../dnsrpzd.pid pid-file ../dnsrpzd.pid
include ../dnsrpzd-license-cur.conf
# configure NOTIFY and zone transfers # configure NOTIFY and zone transfers
port @EXTRAPORT1@; port @EXTRAPORT1@;
listen-on port @EXTRAPORT1@ { 10.53.0.3; }; listen-on port @EXTRAPORT1@ { 10.53.0.3; };

23
bin/tests/system/rpz/dnsrpzd-license.conf
View File

@@ -1,23 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
zone isc.license.fastrpz.com {
primaries port 53 {
KEY farsight_fastrpz_license 104.244.14.176;
KEY farsight_fastrpz_license 2620:11c:f008::176;
};
};
key farsight_fastrpz_license {
algorithm hmac-sha256; secret "f405d02b4c8af54855fcebc1";
};

2
bin/tests/system/rpz/ns5/named.conf.in
View File

@@ -35,7 +35,7 @@ options {
# turn rpz on or off # turn rpz on or off
include "rpz-switch"; include "rpz-switch";
include "../dnsrps-secondary.conf"; include "../dnsrps.conf";
}; };
key rndc_key { key rndc_key {

2
bin/tests/system/rpz/ns6/named.conf.in
View File

@@ -36,7 +36,7 @@ options {
nsip-enable yes nsip-enable yes
nsdname-enable yes; nsdname-enable yes;
include "../dnsrps-secondary.conf"; include "../dnsrps.conf";
}; };
logging { category rpz { default_debug; }; }; logging { category rpz { default_debug; }; };

2
bin/tests/system/rpz/ns7/named.conf.in
View File

@@ -32,7 +32,7 @@ options {
nsdname-enable yes nsdname-enable yes
min-update-interval 0; min-update-interval 0;
include "../dnsrps-secondary.conf"; include "../dnsrps.conf";
}; };
logging { category rpz { default_debug; }; }; logging { category rpz { default_debug; }; };

11
bin/tests/system/rpz/ns9/rpz.db
View File

@@ -9,8 +9,9 @@
; See the COPYRIGHT file distributed with this work for additional ; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership. ; information regarding copyright ownership.
rpz. 28800 IN SOA rpz. hostmaster.rpz. 6 10800 3600 2419200 900 $TTL 28800
rpz. 28800 IN NS . rpz. IN SOA rpz. hostmaster.rpz. 6 10800 3600 2419200 900
a-only.example.rpz. 28800 IN CNAME *. rpz. IN NS .
no-a-no-aaaa.example.rpz. 28800 IN CNAME *. a-only.example CNAME *.
a-plus-aaaa.example.rpz. 28800 IN CNAME *. no-a-no-aaaa.example CNAME *.
a-plus-aaaa.example CNAME *.

18
bin/tests/system/rpz/setup.sh
View File

@@ -55,13 +55,13 @@ copy_setports ns8/named.conf.in ns8/named.conf
copy_setports ns9/named.conf.in ns9/named.conf copy_setports ns9/named.conf.in ns9/named.conf
copy_setports ns10/named.conf.in ns10/named.conf copy_setports ns10/named.conf.in ns10/named.conf
copy_setports dnsrpzd.conf.in dnsrpzd.conf copy_setports dnsrps.zones.in dnsrps.zones
# decide whether to test DNSRPS # decide whether to test DNSRPS
# Note that dnsrps.conf and dnsrps-secondary.conf are included in named.conf # Note that dnsrps.conf is included in named.conf
# and differ from dnsrpz.conf which is used by dnsrpzd. $SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG
$SHELL ../ckdnsrps.sh -A $TEST_DNSRPS $DEBUG test -z "$(grep 'testing with DNSRPS' dnsrps.conf)" && TEST_DNSRPS=
test -z "$(grep 'dnsrps-enable yes' dnsrps.conf)" && TEST_DNSRPS= touch dnsrps.cache
# set up test policy zones. # set up test policy zones.
# bl is the main test zone # bl is the main test zone
@@ -169,11 +169,3 @@ cp ns2/bl.tld2.db.in ns2/bl.tld2.db
cp ns5/empty.db.in ns5/empty.db cp ns5/empty.db.in ns5/empty.db
cp ns5/empty.db.in ns5/policy2.db cp ns5/empty.db.in ns5/policy2.db
cp ns6/bl.tld2s.db.in ns6/bl.tld2s.db cp ns6/bl.tld2s.db.in ns6/bl.tld2s.db
# Run dnsrpzd to get the license and prime the static policy zones
if test -n "$TEST_DNSRPS"; then
DNSRPZD="$(../rpz/dnsrps -p)"
cd ns3
"$DNSRPZ" -D../dnsrpzd.rpzf -S../dnsrpzd.sock -C../dnsrpzd.conf \
-w 0 -dddd -L stdout >./dnsrpzd.run 2>&1
fi

71
bin/tests/system/rpz/tests.sh
View File

@@ -35,6 +35,7 @@ HAVE_CORE=
status=0 status=0
t=0 t=0
export DNSRPS_TEST_UPDATE_FILE=$(pwd)/dnsrps.cache
DEBUG= DEBUG=
SAVE_RESULTS= SAVE_RESULTS=
ARGS= ARGS=
@@ -67,7 +68,6 @@ DNSRPSCMD=./dnsrps
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
if test -x $DNSRPSCMD; then if test -x $DNSRPSCMD; then
# speed up the many delays for dnsrpzd by waiting only 0.1 seconds
WAIT_CMD="$DNSRPSCMD -w 0.1" WAIT_CMD="$DNSRPSCMD -w 0.1"
TEN_SECS=100 TEN_SECS=100
else else
@@ -129,10 +129,10 @@ get_sn_fast () {
fi fi
} }
# check that dnsrpzd has loaded its zones # check that dnsrps provider has zones loaded
# $1=domain # $1=domain
# $2=DNS server IP address # $2=DNS server IP address
FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf` FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrps.zones`
dnsrps_loaded() { dnsrps_loaded() {
test "$mode" = dnsrps || return test "$mode" = dnsrps || return
n=0 n=0
@@ -183,6 +183,14 @@ ck_soa() {
load_db () { load_db () {
if test -n "$TEST_FILE"; then if test -n "$TEST_FILE"; then
copy_setports $TEST_FILE tmp copy_setports $TEST_FILE tmp
for ZONE in bl0 bl1 bl2 bl3 bl4 bl5 bl6 bl7 bl8 bl9 bl10 bl11 bl12 bl13 bl14 bl15 bl16 bl17 bl18 bl19; do
produce_librpz_rules ns5 $ZONE bl
done
produce_librpz_rules ns2 bl.tld2 bl.tld2
cat tmp >> $DNSRPS_TEST_UPDATE_FILE
if $NSUPDATE -v tmp; then : if $NSUPDATE -v tmp; then :
$RNDCCMD $ns3 sync $RNDCCMD $ns3 sync
else else
@@ -279,6 +287,16 @@ ckstatsrange () {
eval "${NSDIR}_CNT=$NEW_CNT" eval "${NSDIR}_CNT=$NEW_CNT"
} }
add_librpz_rule() {
echo $1 >> $DNSRPS_TEST_UPDATE_FILE
}
produce_librpz_rules() {
# echo "Producing rules for $1"
ZONEFILE=$1/$3.db
cat $ZONEFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$2 '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE
}
# $1=message # $1=message
# $2=optional test file name # $2=optional test file name
start_group () { start_group () {
@@ -300,6 +318,7 @@ end_group () {
if test -n "$TEST_FILE"; then if test -n "$TEST_FILE"; then
# remove the previous set of test rules # remove the previous set of test rules
copy_setports $TEST_FILE tmp copy_setports $TEST_FILE tmp
add_librpz_rule "rollback"
sed -e 's/[ ]add[ ]/ delete /' tmp | $NSUPDATE sed -e 's/[ ]add[ ]/ delete /' tmp | $NSUPDATE
rm -f tmp rm -f tmp
TEST_FILE= TEST_FILE=
@@ -510,6 +529,7 @@ for mode in native dnsrps; do
retry_quiet 10 make_proto_nodata retry_quiet 10 make_proto_nodata
start_group "QNAME rewrites" test1 start_group "QNAME rewrites" test1
nochange . # 1 do not crash or rewrite root nochange . # 1 do not crash or rewrite root
nxdomain a0-1.tld2 # 2 nxdomain a0-1.tld2 # 2
nodata a3-1.tld2 # 3 nodata a3-1.tld2 # 3
@@ -600,13 +620,18 @@ EOF
# updating an response zone policy # updating an response zone policy
cp ns2/blv2.tld2.db.in ns2/bl.tld2.db cp ns2/blv2.tld2.db.in ns2/bl.tld2.db
rndc_reload ns2 $ns2 bl.tld2 rndc_reload ns2 $ns2 bl.tld2
add_librpz_rule "update zone bl.tld2 1 inc"
ck_soa 2 bl.tld2 $ns3 ck_soa 2 bl.tld2 $ns3
add_librpz_rule "wipe"
produce_librpz_rules ns2 bl.tld2 bl.tld2
nochange a7-1.tld2 # 19 PASSTHRU nochange a7-1.tld2 # 19 PASSTHRU
# ensure that a clock tick has occurred so that named will do the reload # ensure that a clock tick has occurred so that named will do the reload
sleep 1 sleep 1
cp ns2/blv3.tld2.db.in ns2/bl.tld2.db cp ns2/blv3.tld2.db.in ns2/bl.tld2.db
rndc_reload ns2 $ns2 bl.tld2 rndc_reload ns2 $ns2 bl.tld2
add_librpz_rule "update zone bl.tld2 1 inc"
ck_soa 3 bl.tld2 $ns3 ck_soa 3 bl.tld2 $ns3
produce_librpz_rules ns2 bl.tld2 bl.tld2
nxdomain a7-1.tld2 # 20 secondary policy zone (RT34450) nxdomain a7-1.tld2 # 20 secondary policy zone (RT34450)
end_group end_group
ckstats $ns3 test2 ns3 12 ckstats $ns3 test2 ns3 12
@@ -647,17 +672,10 @@ EOF
nxdomain a3-1.static-stub # 14 nxdomain a3-1.static-stub # 14
nochange_ns10 a3-1.stub-nomatch # 15 nochange_ns10 a3-1.stub-nomatch # 15
nochange_ns10 a3-1.static-stub-nomatch # 16 nochange_ns10 a3-1.static-stub-nomatch # 16
if [ "$mode" = dnsrps ]; then
addr 12.12.12.12 as-ns.tld5. # 17 qname-as-ns
fi
nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" && nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" &&
setret "seen: unrecognized NS rpz_rrset_find() failed: glue" setret "seen: unrecognized NS rpz_rrset_find() failed: glue"
end_group end_group
if [ "$mode" = dnsrps ]; then
ckstats $ns3 test3 ns3 10
else
ckstats $ns3 test3 ns3 9 ckstats $ns3 test3 ns3 9
fi
# these tests assume "min-ns-dots 0" # these tests assume "min-ns-dots 0"
start_group "NSIP rewrites" test4 start_group "NSIP rewrites" test4
@@ -670,9 +688,6 @@ EOF
nxdomain a4-1.static-stub # 6 nxdomain a4-1.static-stub # 6
nochange_ns10 a4-1.stub-nomatch # 7 nochange_ns10 a4-1.stub-nomatch # 7
nochange_ns10 a4-1.static-stub-nomatch # 8 nochange_ns10 a4-1.static-stub-nomatch # 8
if [ "$mode" = dnsrps ]; then
addr 12.12.12.12 as-ns.tld5. # 9 ip-as-ns
fi
nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" && nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" &&
setret "seen: unrecognized NS rpz_rrset_find() failed: glue" setret "seen: unrecognized NS rpz_rrset_find() failed: glue"
end_group end_group
@@ -685,11 +700,7 @@ EOF
a3-1.tld2. x IN TXT "NSIP walled garden" a3-1.tld2. x IN TXT "NSIP walled garden"
EOF EOF
end_group end_group
if [ "$mode" = dnsrps ]; then
ckstats $ns3 test4 ns3 7
else
ckstats $ns3 test4 ns3 6 ckstats $ns3 test4 ns3 6
fi
# policies in ./test5 overridden by response-policy{} in ns3/named.conf # policies in ./test5 overridden by response-policy{} in ns3/named.conf
# and in ns5/named.conf # and in ns5/named.conf
@@ -722,6 +733,7 @@ EOF
ckstats $ns5 test5 ns5 4 ckstats $ns5 test5 ns5 4
# check that miscellaneous bugs are still absent # check that miscellaneous bugs are still absent
add_librpz_rule "wipe"
start_group "crashes" test6 start_group "crashes" test6
for Q in RRSIG SIG ANY 'ANY +dnssec'; do for Q in RRSIG SIG ANY 'ANY +dnssec'; do
nocrash a3-1.tld2 -t$Q nocrash a3-1.tld2 -t$Q
@@ -789,27 +801,6 @@ EOF
echo_i "performance not checked; queryperf not available" echo_i "performance not checked; queryperf not available"
fi fi
if [ "$mode" = dnsrps ]; then
echo_i "checking that dnsrpzd is automatically restarted"
OLD_PID=`cat dnsrpzd.pid`
kill "$OLD_PID"
n=0
while true; do
NEW_PID=`cat dnsrpzd.pid 2>/dev/null`
if test -n "$NEW_PID" -a "0$OLD_PID" -ne "0$NEW_PID"; then
#echo "OLD_PID=$OLD_PID NEW_PID=$NEW_PID"
break;
fi
$DIG -p ${PORT} +short +norecurse a0-1.tld2 @$ns3 >/dev/null
n=`expr $n + 1`
if test "$n" -gt $TEN_SECS; then
setret "dnsrpzd did not restart"
break
fi
$WAIT_CMD
done
fi
# Ensure ns3 manages to transfer the fast-expire zone before shutdown. # Ensure ns3 manages to transfer the fast-expire zone before shutdown.
nextpartreset ns3/named.run nextpartreset ns3/named.run
wait_for_log 20 "zone fast-expire/IN: transferred serial 1" ns3/named.run wait_for_log 20 "zone fast-expire/IN: transferred serial 1" ns3/named.run
@@ -822,6 +813,7 @@ EOF
# restart the main test RPZ server to see if that creates a core file # restart the main test RPZ server to see if that creates a core file
if test -z "$HAVE_CORE"; then if test -z "$HAVE_CORE"; then
stop_server --use-rndc --port ${CONTROLPORT} ns3 stop_server --use-rndc --port ${CONTROLPORT} ns3
add_librpz_rule "restart"
restart 3 "rebuild-bl-rpz" restart 3 "rebuild-bl-rpz"
HAVE_CORE=`find ns* -name '*core*' -print` HAVE_CORE=`find ns* -name '*core*' -print`
test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?" test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
@@ -918,9 +910,11 @@ EOF
nsd $ns5 delete '*.example.com.policy1.' example.com.policy1. nsd $ns5 delete '*.example.com.policy1.' example.com.policy1.
done done
t=`expr $t + 1` t=`expr $t + 1`
echo_i "checking that going from an empty policy zone works (${t})" echo_i "checking that going from an empty policy zone works (${t})"
nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2. nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2.
add_librpz_rule "update add *.x.servfail.policy2 300 CNAME ."
sleep 1 sleep 1
rndc_reload ns7 $ns7 policy2 rndc_reload ns7 $ns7 policy2
$DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t} $DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t}
@@ -977,6 +971,7 @@ EOF
fi fi
# RPZ 'CNAME *.' (NODATA) trumps DNS64. Test against various DNS64 scenarios. # RPZ 'CNAME *.' (NODATA) trumps DNS64. Test against various DNS64 scenarios.
produce_librpz_rules ns9 rpz rpz
for label in a-only no-a-no-aaaa a-plus-aaaa for label in a-only no-a-no-aaaa a-plus-aaaa
do do
for type in AAAA A for type in AAAA A

1
bin/tests/system/rpzrecurse/.gitignore vendored
View File

@@ -5,7 +5,6 @@
/ns3/named2.conf /ns3/named2.conf
/ns4/named.conf /ns4/named.conf
/ans5/ans.pid /ans5/ans.pid
/dnsrps-secondary.conf
/dnsrps.conf /dnsrps.conf
/dnsrpzd.conf /dnsrpzd.conf
session.key session.key

3
bin/tests/system/rpzrecurse/clean.sh
View File

@@ -29,6 +29,7 @@ rm -f ns2/named.conf.header
rm -f ns3/named.conf rm -f ns3/named.conf
rm -f ns3/named.run.prev rm -f ns3/named.run.prev
rm -f dnsrps*.conf dnsrpzd* rm -f dnsrps.cache
rm -f dnsrps*.conf
rm -f ns*/session.key rm -f ns*/session.key
rm -f ns*/managed-keys.bind* ns*/*.mkeys* rm -f ns*/managed-keys.bind* ns*/*.mkeys*

2
bin/tests/system/rpzrecurse/ns2/named.conf.header.in
View File

@@ -27,7 +27,7 @@ options {
querylog yes; querylog yes;
# let ns3 start dnsrpzd # let ns3 start dnsrpzd
include "../dnsrps-secondary.conf"; include "../dnsrps.conf";
}; };
key rndc_key { key rndc_key {

27
bin/tests/system/rpzrecurse/setup.sh
View File

@@ -46,6 +46,11 @@ copy_setports ns3/named1.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns4/named.conf.in ns4/named.conf
# decide whether to test DNSRPS
$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG
test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=
touch dnsrps.cache
# setup policy zones for a 64-zone test # setup policy zones for a 64-zone test
i=1 i=1
while test $i -le 64 while test $i -le 64
@@ -63,25 +68,3 @@ do
done done
i=`expr $i + 1` i=`expr $i + 1`
done done
# decide whether to test DNSRPS
$SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG
test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS=
CWD=`pwd`
cat <<EOF >dnsrpzd.conf
PID-FILE $CWD/dnsrpzd.pid;
include $CWD/dnsrpzd-license-cur.conf
zone "policy" { type primary; file "`pwd`/ns3/policy.db"; };
EOF
sed -n -e 's/^ *//' -e "/zone.*.*primary/s@file \"@&$CWD/ns2/@p" ns2/*.conf \
>>dnsrpzd.conf
# Run dnsrpzd to get the license and prime the static policy zones
if test -n "$TEST_DNSRPS"; then
DNSRPZD="`../rpz/dnsrps -p`"
"$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \
-w 0 -dddd -L stdout >./dnsrpzd.run 2>&1
fi

78
bin/tests/system/rpzrecurse/tests.sh
View File

@@ -20,6 +20,7 @@ status=0
t=0 t=0
export DNSRPS_TEST_UPDATE_FILE=$(pwd)/dnsrps.cache
DEBUG= DEBUG=
ARGS= ARGS=
@@ -46,6 +47,7 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
run_server() { run_server() {
TESTNAME=$1 TESTNAME=$1
start_server_rules $1 $2
echo_i "stopping resolver" echo_i "stopping resolver"
stop_server --use-rndc --port ${CONTROLPORT} ns2 stop_server --use-rndc --port ${CONTROLPORT} ns2
@@ -57,6 +59,22 @@ run_server() {
sleep 3 sleep 3
} }
start_server_rules() {
FCONF=ns2/named.$1.conf
cat /dev/null > $DNSRPS_TEST_UPDATE_FILE
cat $FCONF | grep 'zone ' | grep ' primary' | while read LINE; do
ZONE=`echo $LINE | sed 's/.*zone "//g' | awk -F '"' '{print $1}'`;
DBFILE=`echo $LINE | sed 's/.*file "//g' | awk -F '"' '{print $1}'`;
cat ns2/$DBFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$ZONE '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE
done
}
produce_librpz_rules() {
ZONEFILE=$1/$3.db
cat $ZONEFILE | egrep -v '^;' | egrep '\<(A|CNAME)\>' | awk -v zone=$2 '{ if (NF == 4) {print "static add "$1"."zone" "$2" "$3" "$4} else if (NF == 3) {print "static add "$1"."zone" 300 "$2" "$3}}' >> $DNSRPS_TEST_UPDATE_FILE
}
run_query() { run_query() {
TESTNAME=$1 TESTNAME=$1
LINE=$2 LINE=$2
@@ -74,7 +92,7 @@ expect_norecurse() {
LINE=$2 LINE=$2
NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1`
t=`expr $t + 1` t=$((t+1))
echo_i "testing $NAME doesn't recurse (${t})" echo_i "testing $NAME doesn't recurse (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_query $TESTNAME $LINE || { run_query $TESTNAME $LINE || {
@@ -90,7 +108,7 @@ expect_recurse() {
LINE=$2 LINE=$2
NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1`
t=`expr $t + 1` t=$((t+1))
echo_i "testing $NAME recurses (${t})" echo_i "testing $NAME recurses (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_query $TESTNAME $LINE && { run_query $TESTNAME $LINE && {
@@ -144,7 +162,7 @@ for mode in native dnsrps; do
# show whether and why DNSRPS is enabled or disabled # show whether and why DNSRPS is enabled or disabled
sed -n 's/^## //p' dnsrps.conf | cat_i sed -n 's/^## //p' dnsrps.conf | cat_i
t=`expr $t + 1` t=$((t+1))
echo_i "testing that l1.l0 exists without RPZ (${t})" echo_i "testing that l1.l0 exists without RPZ (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
$DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} $DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t}
@@ -153,7 +171,7 @@ for mode in native dnsrps; do
status=1 status=1
} }
t=`expr $t + 1` t=$((t+1))
echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})" echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
$DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} $DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t}
@@ -211,7 +229,7 @@ for mode in native dnsrps; do
for n in $testlist; do for n in $testlist; do
run_server 4$n run_server 4$n
ni=$1 ni=$1
t=`expr $t + 1` t=$((t+1))
echo_i "testing that ${ni} of 33 queries skip recursion (${t})" echo_i "testing that ${ni} of 33 queries skip recursion (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
c=0 c=0
@@ -221,7 +239,7 @@ for mode in native dnsrps; do
run_query 4$n $i run_query 4$n $i
c=`expr $c + $?` c=`expr $c + $?`
done done
skipped=`expr 33 - $c` skipped=$((33-c))
if [ $skipped != $ni ]; then if [ $skipped != $ni ]; then
echo_i "test $t failed (actual=$skipped, expected=$ni)" echo_i "test $t failed (actual=$skipped, expected=$ni)"
status=1 status=1
@@ -242,7 +260,7 @@ for mode in native dnsrps; do
echo_i "check recursive behavior consistency during policy update races" echo_i "check recursive behavior consistency during policy update races"
run_server 6a run_server 6a
sleep 1 sleep 1
t=`expr $t + 1` t=$((t+1))
echo_i "running dig to cache CNAME record (${t})" echo_i "running dig to cache CNAME record (${t})"
add_test_marker 10.53.0.1 10.53.0.2 add_test_marker 10.53.0.1 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t}
@@ -256,7 +274,7 @@ for mode in native dnsrps; do
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
t=`expr $t + 1` t=$((t+1))
echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} &
@@ -285,7 +303,7 @@ for mode in native dnsrps; do
cp ns2/saved.policy.local ns2/db.6a.00.policy.local cp ns2/saved.policy.local ns2/db.6a.00.policy.local
run_server 6a run_server 6a
sleep 1 sleep 1
t=`expr $t + 1` t=$((t+1))
echo_i "running dig to cache CNAME record (${t})" echo_i "running dig to cache CNAME record (${t})"
add_test_marker 10.53.0.1 10.53.0.2 add_test_marker 10.53.0.1 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t}
@@ -298,7 +316,7 @@ for mode in native dnsrps; do
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i
test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid`
sleep 1 sleep 1
t=`expr $t + 1` t=$((t+1))
echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
$DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} &
@@ -323,7 +341,7 @@ for mode in native dnsrps; do
} }
# Check maximum number of RPZ zones (64) # Check maximum number of RPZ zones (64)
t=`expr $t + 1` t=$((t+1))
echo_i "testing maximum number of RPZ zones (${t})" echo_i "testing maximum number of RPZ zones (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server max run_server max
@@ -335,11 +353,11 @@ for mode in native dnsrps; do
echo_i "test $t failed: didn't get expected answer from policy zone $i" echo_i "test $t failed: didn't get expected answer from policy zone $i"
status=1 status=1
} }
i=`expr $i + 1` i=$((i+1))
done done
# Check CLIENT-IP behavior # Check CLIENT-IP behavior
t=`expr $t + 1` t=$((t+1))
echo_i "testing CLIENT-IP behavior (${t})" echo_i "testing CLIENT-IP behavior (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server clientip run_server clientip
@@ -354,7 +372,7 @@ for mode in native dnsrps; do
} }
# Check CLIENT-IP behavior #2 # Check CLIENT-IP behavior #2
t=`expr $t + 1` t=$((t+1))
echo_i "testing CLIENT-IP behavior #2 (${t})" echo_i "testing CLIENT-IP behavior #2 (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server clientip2 run_server clientip2
@@ -384,7 +402,7 @@ for mode in native dnsrps; do
} }
# Check RPZ log clause # Check RPZ log clause
t=`expr $t + 1` t=$((t+1))
echo_i "testing RPZ log clause (${t})" echo_i "testing RPZ log clause (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server log run_server log
@@ -407,7 +425,7 @@ for mode in native dnsrps; do
# Check wildcard behavior # Check wildcard behavior
t=`expr $t + 1` t=$((t+1))
echo_i "testing wildcard behavior with 1 RPZ zone (${t})" echo_i "testing wildcard behavior with 1 RPZ zone (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server wildcard1 run_server wildcard1
@@ -422,7 +440,7 @@ for mode in native dnsrps; do
status=1 status=1
} }
t=`expr $t + 1` t=$((t+1))
echo_i "testing wildcard behavior with 2 RPZ zones (${t})" echo_i "testing wildcard behavior with 2 RPZ zones (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server wildcard2 run_server wildcard2
@@ -437,7 +455,7 @@ for mode in native dnsrps; do
status=1 status=1
} }
t=`expr $t + 1` t=$((t+1))
echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})" echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server wildcard3 run_server wildcard3
@@ -452,7 +470,7 @@ for mode in native dnsrps; do
status=1 status=1
} }
t=`expr $t + 1` t=$((t+1))
echo_i "testing wildcard passthru before explicit drop (${t})" echo_i "testing wildcard passthru before explicit drop (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server wildcard4 run_server wildcard4
@@ -469,7 +487,7 @@ for mode in native dnsrps; do
if [ "$mode" = "native" ]; then if [ "$mode" = "native" ]; then
# Check for invalid prefix length error # Check for invalid prefix length error
t=`expr $t + 1` t=$((t+1))
echo_i "testing for invalid prefix length error (${t})" echo_i "testing for invalid prefix length error (${t})"
add_test_marker 10.53.0.2 add_test_marker 10.53.0.2
run_server invalidprefixlength run_server invalidprefixlength
@@ -479,15 +497,17 @@ for mode in native dnsrps; do
} }
fi fi
t=`expr $t + 1` if [ "$mode" = "native" ]; then
t=$((t+1))
echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)" echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)"
add_test_marker 10.53.0.2 10.53.0.3 add_test_marker 10.53.0.2 10.53.0.3
echo_i "timing 'nsip-wait-recurse yes' (default)" echo_i "timing 'nsip-wait-recurse yes' (default)"
produce_librpz_rules ns3 policy policy
ret=0 ret=0
t1=`$PERL -e 'print time()."\n";'` t1=`$PERL -e 'print time()."\n";'`
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t
t2=`$PERL -e 'print time()."\n";'` t2=`$PERL -e 'print time()."\n";'`
p1=`expr $t2 - $t1` p1=$((t2-t1))
echo_i "elapsed time $p1 seconds" echo_i "elapsed time $p1 seconds"
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
@@ -497,15 +517,16 @@ for mode in native dnsrps; do
wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1
echo_i "timing 'nsip-wait-recurse no'" echo_i "timing 'nsip-wait-recurse no'"
echo "update zone policy 0 no_nsip_wait_recurse" > $DNSRPS_TEST_UPDATE_FILE
t3=`$PERL -e 'print time()."\n";'` t3=`$PERL -e 'print time()."\n";'`
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t
t4=`$PERL -e 'print time()."\n";'` t4=`$PERL -e 'print time()."\n";'`
p2=`expr $t4 - $t3` p2=$((t4-t3))
echo_i "elapsed time $p2 seconds" echo_i "elapsed time $p2 seconds"
if test $p1 -le $p2; then ret=1; fi if test $p1 -le $p2; then ret=1; fi
if test $ret != 0; then echo_i "failed"; fi if test $ret != 0; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
# restore original named.conf # restore original named.conf
@@ -514,7 +535,7 @@ for mode in native dnsrps; do
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null
wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1
t=`expr $t + 1` t=$((t+1))
echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)" echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)"
add_test_marker 10.53.0.2 10.53.0.3 add_test_marker 10.53.0.2 10.53.0.3
echo_i "timing 'nsdname-wait-recurse yes' (default)" echo_i "timing 'nsdname-wait-recurse yes' (default)"
@@ -522,7 +543,7 @@ for mode in native dnsrps; do
t1=`$PERL -e 'print time()."\n";'` t1=`$PERL -e 'print time()."\n";'`
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t
t2=`$PERL -e 'print time()."\n";'` t2=`$PERL -e 'print time()."\n";'`
p1=`expr $t2 - $t1` p1=$((t2-t1))
echo_i "elapsed time $p1 seconds" echo_i "elapsed time $p1 seconds"
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush
@@ -535,12 +556,13 @@ for mode in native dnsrps; do
t3=`$PERL -e 'print time()."\n";'` t3=`$PERL -e 'print time()."\n";'`
$DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t
t4=`$PERL -e 'print time()."\n";'` t4=`$PERL -e 'print time()."\n";'`
p2=`expr $t4 - $t3` p2=$((t4-t3))
echo_i "elapsed time $p2 seconds" echo_i "elapsed time $p2 seconds"
if test $p1 -le $p2; then ret=1; fi if test $p1 -le $p2; then ret=1; fi
if test $ret != 0; then echo_i "failed"; fi if test $ret != 0; then echo_i "failed"; fi
status=`expr $status + $ret` status=$((status+ret))
fi
[ $status -ne 0 ] && pf=fail || pf=pass [ $status -ne 0 ] && pf=fail || pf=pass