diff options
Diffstat (limited to 'testdata')
49 files changed, 2044 insertions, 731 deletions
diff --git a/testdata/02-unittest.tdir/02-unittest.test b/testdata/02-unittest.tdir/02-unittest.test index 7b1105b74508..b11ba016f233 100644 --- a/testdata/02-unittest.tdir/02-unittest.test +++ b/testdata/02-unittest.tdir/02-unittest.test @@ -7,57 +7,69 @@ . ../common.sh PRE="../.." get_make -(cd $PRE ; $MAKE unittest; $MAKE lock-verify) +(cd $PRE ; $MAKE unittest; $MAKE lock-verify; $MAKE unbound-dnstap-socket) if test -f $PRE/unbound_do_valgrind_in_test; then - do_valgrind=yes + DO_VALGRIND=yes else - do_valgrind=no + DO_VALGRIND=no fi VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all" -if test $do_valgrind = "yes"; then - echo "valgrind yes" - echo - tmpout=/tmp/tmpout.$$ - if (cd $PRE; valgrind $VALGRIND_FLAGS ./unittest >$tmpout 2>&1); then - echo "unit test worked." +# Run a unit test; it exits on failure +# $1: the command to start the unit test +run_unittest () { + unit_cmd=$1 + echo "> testing $unit_cmd" + if test $DO_VALGRIND = "yes"; then + echo "valgrind yes" + echo + tmpout=/tmp/tmpout.$$ + if (cd $PRE; valgrind $VALGRIND_FLAGS ./$unit_cmd >$tmpout 2>&1); then + echo "unit test worked." + else + echo "unit test failed." + exit 1 + fi + if grep "All heap blocks were freed -- no leaks are possible" $tmpout; then + : # clean + else + cat $tmpout + echo "Memory leaked in unit test" + grep "in use at exit" $tmpout + exit 1 + fi + if grep "ERROR SUMMARY: 0 errors from 0 contexts" $tmpout; then + : # clean + else + cat $tmpout + echo "Errors in unit test" + grep "ERROR SUMMARY" $tmpout + exit 1 + fi + rm -f $tmpout else - echo "unit test failed." - exit 1 + # without valgrind + if (cd $PRE; ./$unit_cmd); then + echo "unit test worked." + else + echo "unit test failed." + exit 1 + fi fi - if grep "All heap blocks were freed -- no leaks are possible" $tmpout; then - : # clean - else - cat $tmpout - echo "Memory leaked in unittest" - grep "in use at exit" $tmpout - exit 1 - fi - if grep "ERROR SUMMARY: 0 errors from 0 contexts" $tmpout; then - : # clean - else - cat $tmpout - echo "Errors in unittest" - grep "ERROR SUMMARY" $tmpout - exit 1 - fi - rm -f $tmpout -else - # without valgrind - if (cd $PRE; ./unittest); then - echo "unit test worked." - else - echo "unit test failed." - exit 1 - fi -fi -if test -f $PRE/ublocktrace.0; then - if (cd $PRE; ./lock-verify ublocktrace.*); then - echo "lock-verify test worked." - else - echo "lock-verify test failed." - exit 1 + if test -f $PRE/ublocktrace.0; then + if (cd $PRE; ./lock-verify ublocktrace.*); then + echo "lock-verify test worked." + else + echo "lock-verify test failed." + exit 1 + fi fi +} + +run_unittest "unittest" +if grep "define UNBOUND_DEBUG" $PRE/config.h >/dev/null; then + run_unittest "unbound-dnstap-socket -c" fi + exit 0 diff --git a/testdata/07-confroot.tdir/07-confroot.pre b/testdata/07-confroot.tdir/07-confroot.pre index 4f966bddd0e5..e085bf2f3e99 100644 --- a/testdata/07-confroot.tdir/07-confroot.pre +++ b/testdata/07-confroot.tdir/07-confroot.pre @@ -4,6 +4,7 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +. ../common.sh PRE="../.." if uname | grep "MINGW" >/dev/null; then diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.conf b/testdata/09-unbound-control.tdir/09-unbound-control.conf index 227d56075251..719e92309513 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.conf +++ b/testdata/09-unbound-control.tdir/09-unbound-control.conf @@ -1,8 +1,7 @@ server: - verbosity: 2 - num-threads: 1 - interface: 127.0.0.1 - port: @PORT@ + verbosity: 5 + num-threads: 1 # This is dynamically handled by the test when needed + interface: 127.0.0.1@@PORT@ use-syslog: no directory: "" pidfile: "unbound.pid" @@ -10,9 +9,13 @@ server: username: "" do-not-query-localhost: no access-control: 127.0.0.1 allow_snoop + access-control-view: 127.0.0.1 testview msg-cache-size: 4m rrset-cache-size: 4m minimal-responses: yes +view: + name: testview + view-first: yes # Allow falling back to global local data remote-control: control-enable: yes control-interface: 127.0.0.1 diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.pre b/testdata/09-unbound-control.tdir/09-unbound-control.pre index 479e4a90bc0f..9cdb32f37a95 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.pre +++ b/testdata/09-unbound-control.tdir/09-unbound-control.pre @@ -30,4 +30,3 @@ echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test cat .tpkg.var.test wait_ldns_testns_up fwd.log wait_unbound_up unbound.log - diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.test b/testdata/09-unbound-control.tdir/09-unbound-control.test index 0a0bd8a18d47..8bd2220f3429 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.test +++ b/testdata/09-unbound-control.tdir/09-unbound-control.test @@ -73,6 +73,70 @@ control_command () { $PRE/unbound-control $@ > outfile } +# Reload the server and check the reload has finished processing +# when a lot of debug is enabled, a lot of log needs to be printed. +control_reload () { + prelines=`wc -l unbound.log | awk '{print $1;}'` + cmd="$1" + if test -z "$cmd"; then cmd="reload"; fi + control_command -c ub.conf $cmd + expect_exit_value 0 + # see if the reload has completed. + lines1=`wc -l unbound.log | awk '{print $1;}'` + count=0 + lines2=`wc -l unbound.log | awk '{print $1;}'` + # See if the log finishes up without sleeping too long. + while test "$lines1" -ne "$lines2"; do + lines1=`wc -l unbound.log | awk '{print $1;}'` + # There is no sleep here. The add and compare are a + # brief wait. + count=`expr "$count" + 1` + if test "$count" -gt 30; then + break; + fi + lines2=`wc -l unbound.log | awk '{print $1;}'` + done + if test "$lines1" -ne "$lines2"; then + count=0 + while test "$lines1" -ne "$lines2"; do + tail -1 unbound.log + lines1=`wc -l unbound.log | awk '{print $1;}'` + sleep 1 + count=`expr "$count" + 1` + if test "$count" -gt 30; then + echo "reload is taking too long" + exit 1 + fi + lines2=`wc -l unbound.log | awk '{print $1;}'` + done + if test "$count" -ne "0"; then + echo "reload done with $count sec" + fi + fi +} + +# Reload the server for a clean state +clean_reload () { + echo "> Reloading the server for a clean state" + cp main.conf ub.conf + control_reload +} + +# Reload the server for a clean state and populate the cache +clean_reload_and_fill_cache () { + clean_reload + echo "> Populating the cache" + query www.example.com + expect_answer "10.20.30.40" + if test "$have_threads" = "no"; then + # Try to get the answer in all processes' cache. + for (( try=0 ; try < num_threads * 2 * 2 ; try++ )) ; do + query www.example.com + expect_answer "10.20.30.40" + done + fi +} + # Dump the cache contents # $@: optional options to unbound-control cache_dump () { @@ -111,8 +175,28 @@ fail_in_cache_dump () { fi } -# start the test +# Check if multi-threading or multi-process environment +have_threads="no" +if grep "define HAVE_PTHREAD 1" $PRE/config.h; then have_threads="yes"; fi +if grep "define HAVE_SOLARIS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi +if grep "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi + +# start the test; keep the original conf file around +cp ub.conf orig.conf + + +# START - thread configuration +# Do both single thread/process and multi thread/process runs. +# The number of threads can only go up from the initial configuration between +# reloads so starting with 1. +for num_threads in 1 4; do + +cp orig.conf ub.conf +echo "> setting num-threads: $num_threads" +echo "server: num-threads: $num_threads" >> ub.conf cp ub.conf main.conf +clean_reload + teststep "exit value is 1 on usage" control_command -h @@ -132,8 +216,7 @@ expect_exit_value 1 # local-data element in the server. teststep "reload the server" echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf -control_command -c ub.conf reload -expect_exit_value 0 +control_reload query afterreload. expect_answer "5.6.7.8" @@ -163,6 +246,9 @@ cat conf.spoofed_credentials >> bad.conf control_command -c bad.conf verbosity 2 expect_exit_value 1 +teststep "clean reload" +clean_reload + teststep "create a new local zone" control_command -c ub.conf local_zone example.net static expect_exit_value 0 @@ -194,44 +280,62 @@ expect_exit_value 0 query www.example.net. expect_answer "SERVFAIL" -teststep "dump the cache" -query www.example.com. -cache_dump -c ub.conf -expect_exit_value 0 -cat cache.dump -expect_in_cache_dump "10.20.30.40" - -control_command -c ub.conf lookup www.example.com -expect_exit_value 0 -# answer to lookup is meaningless because of use a forwarder, oh well. - -teststep "load the cache dump" -cache_load -c ub.conf -expect_exit_value 0 -query www.example.com. -expect_answer "10.20.30.40" - teststep "load local-zones from file" control_command -c ub.conf local_zones < local_zones expect_exit_value 0 query localzonefromfile expect_answer "REFUSED" +if test "$have_threads" = "no"; then + # Try to see if a process other than the first one + # has updated data from stdin. + for (( try=0 ; try < num_threads * 2 ; try++ )) ; do + query localzonefromfile + expect_answer "REFUSED" + done +fi teststep "load local-data from file" control_command -c ub.conf local_datas < local_data expect_exit_value 0 query -t txt localdatafromfile expect_answer "local data from file OK" +if test "$have_threads" = "no"; then + # Try to see if a process other than the first one + # has updated data from stdin. + for (( try=0 ; try < num_threads * 2 ; try++ )) ; do + query -t txt localdatafromfile + expect_answer "local data from file OK" + done +fi + +teststep "load view-local-data from file" +control_command -c ub.conf view_local_datas testview < view_local_data +expect_exit_value 0 +control_command -c ub.conf view_list_local_zones testview +query -t txt viewlocaldatafromfile +expect_answer "view local data from file OK" +if test "$have_threads" = "no"; then + # Try to see if a process other than the first one + # has updated data from stdin. + for (( try=0 ; try < num_threads * 2 ; try++ )) ; do + query -t txt viewlocaldatafromfile + expect_answer "view local data from file OK" + done +fi -teststep "remove local-zone and local-data from file" +teststep "remove local-zone, local-data and view-local-data from file" control_command -c ub.conf local_zones_remove < local_zones_remove expect_exit_value 0 control_command -c ub.conf local_datas_remove < local_data_remove expect_exit_value 0 +control_command -c ub.conf view_local_datas_remove testview < view_local_data_remove +expect_exit_value 0 control_command -c ub.conf list_local_zones fail_answer "localzonefromfile" fail_answer "local data from file OK" expect_answer "otherlocalzone" +control_command -c ub.conf view_list_local_data testview +fail_answer "viewlocaldatafromfile" teststep "flushing" control_command -c ub.conf flush www.example.net @@ -241,90 +345,92 @@ expect_exit_value 0 control_command -c ub.conf flush_zone example.net expect_exit_value 0 -teststep "reload the server for a clean state and populate the cache" -cp main.conf ub.conf -control_command -c ub.conf reload -expect_exit_value 0 -query www.example.com -expect_answer "10.20.30.40" +# START - single thread/process tests only +if test $num_threads -le 1; then -teststep "reload and check cache dump - should be empty" -control_command -c ub.conf reload -expect_exit_value 0 +clean_reload_and_fill_cache + +teststep "dump the cache" +query www.example.com. cache_dump -c ub.conf expect_exit_value 0 -fail_in_cache_dump "www.example.com.*10.20.30.40" -fail_in_cache_dump "msg www.example.com. IN A" - -query www.example.com -expect_answer "10.20.30.40" +cat cache.dump +expect_in_cache_dump "10.20.30.40" -teststep "reload_keep_cache and check cache dump - should not be empty" -control_command -c ub.conf reload_keep_cache +control_command -c ub.conf lookup www.example.com expect_exit_value 0 -cache_dump -c ub.conf +# answer to lookup is meaningless because of use a forwarder, oh well. + +teststep "load the cache dump" +cache_load -c ub.conf expect_exit_value 0 -cat cache.dump -expect_in_cache_dump "www.example.com.*10.20.30.40" -expect_in_cache_dump "msg www.example.com. IN A" +query www.example.com. +nordflag +expect_answer "10.20.30.40" + +else + echo "" + echo "> skip test parts that need single thread/process" +fi +# END - single thread/process tests only + +clean_reload_and_fill_cache + +teststep "reload and check cache - should be empty" +control_reload +query www.example.com +nordflag +fail_answer "10.20.30.40" + +clean_reload_and_fill_cache + +teststep "reload_keep_cache and check cache - should not be empty" +control_reload reload_keep_cache query www.example.com +nordflag expect_answer "10.20.30.40" +clean_reload_and_fill_cache + teststep "change msg-cache-size and reload_keep_cache - should be empty" echo "server: msg-cache-size: 2m" >> ub.conf -control_command -c ub.conf reload_keep_cache -expect_exit_value 0 -cache_dump -c ub.conf -expect_exit_value 0 -fail_in_cache_dump "www.example.com.*10.20.30.40" -fail_in_cache_dump "msg www.example.com. IN A" -query www.example.com -expect_answer "10.20.30.40" +control_reload reload_keep_cache +query www.example.com +nordflag +fail_answer "10.20.30.40" + +clean_reload_and_fill_cache teststep "change rrset-cache-size and reload_keep_cache - should be empty" echo "server: rrset-cache-size: 2m" >> ub.conf -control_command -c ub.conf reload_keep_cache -expect_exit_value 0 -cache_dump -c ub.conf -expect_exit_value 0 -fail_in_cache_dump "www.example.com.*10.20.30.40" -fail_in_cache_dump "msg www.example.com. IN A" -query www.example.com -expect_answer "10.20.30.40" +control_reload reload_keep_cache +query www.example.com +nordflag +fail_answer "10.20.30.40" -# See if this part of the test can be enabled, it needs threads for combined -# output. -have_threads="no" -if grep "define HAVE_PTHREAD 1" $PRE/config.h; then have_threads="yes"; fi -if grep "define HAVE_SOLARIS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi -if grep "define HAVE_WINDOWS_THREADS 1" $PRE/config.h; then have_threads="yes"; fi +# START - have_threads tests +# This part of the test needs threads for combined output. if test "$have_threads" = "yes"; then +clean_reload_and_fill_cache + teststep "change num-threads and reload_keep_cache - should be empty" echo "server: num-threads: 2" >> ub.conf -control_command -c ub.conf reload_keep_cache -expect_exit_value 0 -cache_dump -c ub.conf -expect_exit_value 0 -fail_in_cache_dump "www.example.com.*10.20.30.40" -fail_in_cache_dump "msg www.example.com. IN A" -query www.example.com -expect_answer "10.20.30.40" +control_reload reload_keep_cache +query www.example.com +nordflag +fail_answer "10.20.30.40" + +clean_reload_and_fill_cache teststep "change minimal-responses and reload_keep_cache - should not be empty" echo "server: minimal-responses: no" >> ub.conf -control_command -c ub.conf reload_keep_cache -expect_exit_value 0 -cache_dump -c ub.conf -expect_exit_value 0 -expect_in_cache_dump "www.example.com.*10.20.30.40" -expect_in_cache_dump "msg www.example.com. IN A" +control_reload reload_keep_cache +query www.example.com +nordflag +expect_answer "10.20.30.40" else echo "" echo "> skip test parts that need threads, have_threads=no" -# end of check for have_threads fi +# END - have_threads tests + +done +# END - thread configuration teststep "now stop the server" control_command -c ub.conf stop diff --git a/testdata/09-unbound-control.tdir/09-unbound-control.testns b/testdata/09-unbound-control.tdir/09-unbound-control.testns index 0c911ca5b30e..9a5192fabc4f 100644 --- a/testdata/09-unbound-control.tdir/09-unbound-control.testns +++ b/testdata/09-unbound-control.tdir/09-unbound-control.testns @@ -19,4 +19,3 @@ ADJUST copy_id SECTION QUESTION www.example.net. IN A ENTRY_END - diff --git a/testdata/09-unbound-control.tdir/local_data b/testdata/09-unbound-control.tdir/local_data index 54e6e93b4dd9..c535b21bcbaa 100644 --- a/testdata/09-unbound-control.tdir/local_data +++ b/testdata/09-unbound-control.tdir/local_data @@ -1 +1,4 @@ localdatafromfile 3600 TXT "local data from file OK" +localdatafromfile1 3600 A 1.1.1.1 +localdatafromfile2 3600 A 2.2.2.2 +localdatafromfile3 3600 A 3.3.3.3 diff --git a/testdata/09-unbound-control.tdir/local_data_remove b/testdata/09-unbound-control.tdir/local_data_remove index fcb8239589e3..d2a09544fdaa 100644 --- a/testdata/09-unbound-control.tdir/local_data_remove +++ b/testdata/09-unbound-control.tdir/local_data_remove @@ -1 +1,4 @@ localdatafromfile +localdatafromfile1 +localdatafromfile2 +localdatafromfile3 diff --git a/testdata/09-unbound-control.tdir/local_zones b/testdata/09-unbound-control.tdir/local_zones index 4c65f712fbb2..557a5e6212a8 100644 --- a/testdata/09-unbound-control.tdir/local_zones +++ b/testdata/09-unbound-control.tdir/local_zones @@ -1,2 +1,5 @@ localzonefromfile refuse otherlocalzone static +localzonefromfile1 static +localzonefromfile2 static +localzonefromfile3 static diff --git a/testdata/09-unbound-control.tdir/local_zones_remove b/testdata/09-unbound-control.tdir/local_zones_remove index 1d215585515a..fa215ecccf5d 100644 --- a/testdata/09-unbound-control.tdir/local_zones_remove +++ b/testdata/09-unbound-control.tdir/local_zones_remove @@ -1 +1,4 @@ localzonefromfile +localzonefromfile1 +localzonefromfile2 +localzonefromfile3 diff --git a/testdata/09-unbound-control.tdir/view_local_data b/testdata/09-unbound-control.tdir/view_local_data new file mode 100644 index 000000000000..7958d139be99 --- /dev/null +++ b/testdata/09-unbound-control.tdir/view_local_data @@ -0,0 +1,4 @@ +viewlocaldatafromfile 3600 TXT "view local data from file OK" +viewlocaldatafromfile1 3600 A 1.1.1.1 +viewlocaldatafromfile2 3600 A 2.2.2.2 +viewlocaldatafromfile3 3600 A 3.3.3.3 diff --git a/testdata/09-unbound-control.tdir/view_local_data_remove b/testdata/09-unbound-control.tdir/view_local_data_remove new file mode 100644 index 000000000000..fd5e37f2e4e3 --- /dev/null +++ b/testdata/09-unbound-control.tdir/view_local_data_remove @@ -0,0 +1,4 @@ +viewlocaldatafromfile +viewlocaldatafromfile1 +viewlocaldatafromfile2 +viewlocaldatafromfile3 diff --git a/testdata/acl_interface.tdir/acl_interface.conf b/testdata/acl_interface.tdir/acl_interface.conf index 157a2d7b76bf..1d9f8c9aae09 100644 --- a/testdata/acl_interface.tdir/acl_interface.conf +++ b/testdata/acl_interface.tdir/acl_interface.conf @@ -5,9 +5,10 @@ server: pidfile: "unbound.pid" chroot: "" username: "" + module-config: "respip validator iterator" # respip for the RPZ part do-not-query-localhost: no use-caps-for-id: no - define-tag: "one two refuse" + define-tag: "one two refuse rpz-one rpz-two rpz-nx" # Interface configuration for IPv4 interface: @IPV4_ADDR@@@PORT_ALLOW@ @@ -16,6 +17,9 @@ server: interface: @IPV4_ADDR@@@PORT_TAG_1@ interface: @IPV4_ADDR@@@PORT_TAG_2@ interface: @IPV4_ADDR@@@PORT_TAG_3@ + interface: @IPV4_ADDR@@@PORT_RPZ_1@ + interface: @IPV4_ADDR@@@PORT_RPZ_2@ + interface: @IPV4_ADDR@@@PORT_RPZ_NX@ interface: @IPV4_ADDR@@@PORT_VIEW_INT@ interface: @IPV4_ADDR@@@PORT_VIEW_EXT@ interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ @@ -26,6 +30,9 @@ server: interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow + interface-action: @IPV4_ADDR@@@PORT_RPZ_1@ allow + interface-action: @IPV4_ADDR@@@PORT_RPZ_2@ allow + interface-action: @IPV4_ADDR@@@PORT_RPZ_NX@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow @@ -33,6 +40,9 @@ server: interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one" interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two" interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse" + interface-tag: @IPV4_ADDR@@@PORT_RPZ_1@ "rpz-one" + interface-tag: @IPV4_ADDR@@@PORT_RPZ_2@ "rpz-two" + interface-tag: @IPV4_ADDR@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect @@ -50,6 +60,9 @@ server: interface: @IPV6_ADDR@@@PORT_TAG_1@ interface: @IPV6_ADDR@@@PORT_TAG_2@ interface: @IPV6_ADDR@@@PORT_TAG_3@ + interface: @IPV6_ADDR@@@PORT_RPZ_1@ + interface: @IPV6_ADDR@@@PORT_RPZ_2@ + interface: @IPV6_ADDR@@@PORT_RPZ_NX@ interface: @IPV6_ADDR@@@PORT_VIEW_INT@ interface: @IPV6_ADDR@@@PORT_VIEW_EXT@ interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ @@ -60,6 +73,9 @@ server: interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow + interface-action: @IPV6_ADDR@@@PORT_RPZ_1@ allow + interface-action: @IPV6_ADDR@@@PORT_RPZ_2@ allow + interface-action: @IPV6_ADDR@@@PORT_RPZ_NX@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow @@ -67,6 +83,9 @@ server: interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one" interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two" interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse" + interface-tag: @IPV6_ADDR@@@PORT_RPZ_1@ "rpz-one" + interface-tag: @IPV6_ADDR@@@PORT_RPZ_2@ "rpz-two" + interface-tag: @IPV6_ADDR@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect @@ -84,6 +103,9 @@ server: interface: @INTERFACE@@@PORT_TAG_1@ interface: @INTERFACE@@@PORT_TAG_2@ interface: @INTERFACE@@@PORT_TAG_3@ + interface: @INTERFACE@@@PORT_RPZ_1@ + interface: @INTERFACE@@@PORT_RPZ_2@ + interface: @INTERFACE@@@PORT_RPZ_NX@ interface: @INTERFACE@@@PORT_VIEW_INT@ interface: @INTERFACE@@@PORT_VIEW_EXT@ interface: @INTERFACE@@@PORT_VIEW_INTEXT@ @@ -94,6 +116,9 @@ server: interface-action: @INTERFACE@@@PORT_TAG_1@ allow interface-action: @INTERFACE@@@PORT_TAG_2@ allow interface-action: @INTERFACE@@@PORT_TAG_3@ allow + interface-action: @INTERFACE@@@PORT_RPZ_1@ allow + interface-action: @INTERFACE@@@PORT_RPZ_2@ allow + interface-action: @INTERFACE@@@PORT_RPZ_NX@ allow interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow @@ -101,6 +126,9 @@ server: interface-tag: @INTERFACE@@@PORT_TAG_1@ "one" interface-tag: @INTERFACE@@@PORT_TAG_2@ "two" interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse" + interface-tag: @INTERFACE@@@PORT_RPZ_1@ "rpz-one" + interface-tag: @INTERFACE@@@PORT_RPZ_2@ "rpz-two" + interface-tag: @INTERFACE@@@PORT_RPZ_NX@ "rpz-nx" interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1" interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect @@ -130,6 +158,22 @@ view: name: "intext" view-first: yes +# RPZ configuration +rpz: + name: "rpz-one" + zonefile: "rpz-one.zone" + tags: "rpz-one" + +rpz: + name: "rpz-two" + zonefile: "rpz-two.zone" + tags: "rpz-two" + +rpz: + name: "rpz-nx" + zonefile: "rpz-nx.zone" + tags: "rpz-nx" + # Stubs configuration forward-zone: name: "." diff --git a/testdata/acl_interface.tdir/acl_interface.pre b/testdata/acl_interface.tdir/acl_interface.pre index ce5358c1b2d9..88ebc4ff9016 100644 --- a/testdata/acl_interface.tdir/acl_interface.pre +++ b/testdata/acl_interface.tdir/acl_interface.pre @@ -7,7 +7,7 @@ if test ! -x "`which unshare 2>&1`"; then skip_test "no unshare (from util-linux package) available, skip test" fi -get_random_port 11 +get_random_port 14 PORT_ALLOW=$RND_PORT PORT_DENY=$(($RND_PORT + 1)) @@ -18,8 +18,11 @@ PORT_TAG_3=$(($RND_PORT + 5)) PORT_VIEW_INT=$(($RND_PORT + 6)) PORT_VIEW_EXT=$(($RND_PORT + 7)) PORT_VIEW_INTEXT=$(($RND_PORT + 8)) -FORWARD_PORT=$(($RND_PORT + 9)) -STUB_PORT=$(($RND_PORT + 10)) +PORT_RPZ_1=$(($RND_PORT + 9)) +PORT_RPZ_2=$(($RND_PORT + 10)) +PORT_RPZ_NX=$(($RND_PORT + 11)) +FORWARD_PORT=$(($RND_PORT + 12)) +STUB_PORT=$(($RND_PORT + 13)) IPV4_ADDR=192.168.1.1 IPV6_ADDR=2001:db8::1 @@ -41,6 +44,9 @@ sed \ -e 's/@PORT_VIEW_INT\@/'$PORT_VIEW_INT'/' \ -e 's/@PORT_VIEW_EXT\@/'$PORT_VIEW_EXT'/' \ -e 's/@PORT_VIEW_INTEXT\@/'$PORT_VIEW_INTEXT'/' \ + -e 's/@PORT_RPZ_1\@/'$PORT_RPZ_1'/' \ + -e 's/@PORT_RPZ_2\@/'$PORT_RPZ_2'/' \ + -e 's/@PORT_RPZ_NX\@/'$PORT_RPZ_NX'/' \ -e 's/@FORWARD_PORT\@/'$FORWARD_PORT'/' \ -e 's/@STUB_PORT\@/'$STUB_PORT'/' \ -e 's/@IPV4_ADDR\@/'$IPV4_ADDR'/' \ @@ -63,6 +69,9 @@ echo "PORT_TAG_3=$PORT_TAG_3" >> .tpkg.var.test echo "PORT_VIEW_INT=$PORT_VIEW_INT" >> .tpkg.var.test echo "PORT_VIEW_EXT=$PORT_VIEW_EXT" >> .tpkg.var.test echo "PORT_VIEW_INTEXT=$PORT_VIEW_INTEXT" >> .tpkg.var.test +echo "PORT_RPZ_1=$PORT_RPZ_1" >> .tpkg.var.test +echo "PORT_RPZ_2=$PORT_RPZ_2" >> .tpkg.var.test +echo "PORT_RPZ_NX=$PORT_RPZ_NX" >> .tpkg.var.test echo "FORWARD_PORT=$FORWARD_PORT" >> .tpkg.var.test echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test echo "IPV4_ADDR=$IPV4_ADDR" >> .tpkg.var.test diff --git a/testdata/acl_interface.tdir/acl_interface.test.scenario b/testdata/acl_interface.tdir/acl_interface.test.scenario index 00b2b059f942..4ae0a42f0602 100644 --- a/testdata/acl_interface.tdir/acl_interface.test.scenario +++ b/testdata/acl_interface.tdir/acl_interface.test.scenario @@ -78,6 +78,16 @@ expect_refused () { fi } +expect_nx_answer () { + echo "> check answer for NXDOMAIN" + if grep "NXDOMAIN" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + expect_external_answer () { echo "> check external answer" if grep "1.2.3.4" outfile; then @@ -118,6 +128,26 @@ expect_tag_two_answer () { fi } +expect_rpz_one_answer () { + echo "> check tag 'one' answer" + if grep "11.11.11.11" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +expect_rpz_two_answer () { + echo "> check tag 'two' answer" + if grep "22.22.22.22" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + # do the test for i in 4 6; do @@ -142,6 +172,15 @@ for i in 4 6; do query $i $PORT_TAG_3 "local" expect_refused + query $i $PORT_RPZ_1 "local" + expect_rpz_one_answer + + query $i $PORT_RPZ_2 "local" + expect_rpz_two_answer + + query $i $PORT_RPZ_NX "local" + expect_nx_answer + query $i $PORT_VIEW_INT "www.internal" expect_internal_answer @@ -183,6 +222,15 @@ for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADD query_addr $addr $PORT_TAG_3 "local" expect_refused + query_addr $addr $PORT_RPZ_1 "local" + expect_rpz_one_answer + + query_addr $addr $PORT_RPZ_2 "local" + expect_rpz_two_answer + + query_addr $addr $PORT_RPZ_NX "local" + expect_nx_answer + query_addr $addr $PORT_VIEW_INT "www.internal" expect_internal_answer diff --git a/testdata/acl_interface.tdir/rpz-nx.zone b/testdata/acl_interface.tdir/rpz-nx.zone new file mode 100644 index 000000000000..a5c828d18eec --- /dev/null +++ b/testdata/acl_interface.tdir/rpz-nx.zone @@ -0,0 +1,3 @@ +$ORIGIN rpz-nx. +@ IN SOA no.no no.no 1 2 3 4 5 +local IN CNAME . diff --git a/testdata/acl_interface.tdir/rpz-one.zone b/testdata/acl_interface.tdir/rpz-one.zone new file mode 100644 index 000000000000..f5dabab659ab --- /dev/null +++ b/testdata/acl_interface.tdir/rpz-one.zone @@ -0,0 +1,3 @@ +$ORIGIN rpz-one. +@ IN SOA no.no no.no 1 2 3 4 5 +local IN A 11.11.11.11 diff --git a/testdata/acl_interface.tdir/rpz-two.zone b/testdata/acl_interface.tdir/rpz-two.zone new file mode 100644 index 000000000000..9578dde8f928 --- /dev/null +++ b/testdata/acl_interface.tdir/rpz-two.zone @@ -0,0 +1,3 @@ +$ORIGIN rpz-two. +@ IN SOA no.no no.no 1 2 3 4 5 +local IN A 22.22.22.22 diff --git a/testdata/cachedb_val_expired.crpl b/testdata/cachedb_val_expired.crpl new file mode 100644 index 000000000000..4a51e8272379 --- /dev/null +++ b/testdata/cachedb_val_expired.crpl @@ -0,0 +1,327 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + minimal-responses: yes + serve-expired: yes + ;module-config: "subnetcache validator cachedb iterator" + module-config: "validator cachedb iterator" + +cachedb: + backend: "testframe" + secret-seed: "testvalue" + cachedb-check-when-serve-expired: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 +CONFIG_END + +SCENARIO_BEGIN Test cachedb, validator and serve expired. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 400 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 400 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +ns2.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.com. IN NS +SECTION AUTHORITY +foo.com. IN NS ns.example.com. +ENTRY_END +RANGE_END + +; ns2.example.com. +RANGE_BEGIN 0 400 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +REPLY QR AA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; Get an entry in cache, to make it expired. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; Get another query in cache to make it expired. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +; get the answer for it +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 10 IN A 1.2.3.5 +ENTRY_END + +; it is now expired +STEP 40 TIME_PASSES ELAPSE 20 + +; cache is expired, and cachedb is expired. +; The expired reply, from cachedb, needs a validation status, +; because the validator module set that validation is needed. +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. 30 IN A 1.2.3.5 +ENTRY_END + +; cache is expired, cachedb has no answer +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 90 TRAFFIC +; the entry should be refreshed in cache now. +; cache is valid and cachedb is valid. +STEP 100 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; flush the entry from cache +STEP 120 FLUSH_MESSAGE www.example.com. IN A + +; cache has no answer, cachedb valid +STEP 130 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 140 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 150 TIME_PASSES ELAPSE 20 +; flush the entry from cache +STEP 160 FLUSH_MESSAGE www.example.com. IN A + +; cache has no answer, cachedb is expired +STEP 170 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 180 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 190 TRAFFIC +; the expired message is updated. + +; cache is valid, cachedb is valid +STEP 200 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 210 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; expire the entry in cache +STEP 220 EXPIRE_MESSAGE www.example.com. IN A + +; cache is expired, cachedb valid +STEP 230 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 240 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +; it is now expired +STEP 250 TIME_PASSES ELAPSE 20 +; expire the entry in cache +STEP 260 EXPIRE_MESSAGE www.example.com. IN A + +; cache is expired, cachedb is expired +STEP 270 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 280 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 30 IN A 1.2.3.4 +ENTRY_END + +STEP 290 TRAFFIC +; the expired message is updated. + +; cache is valid, cachedb is valid +STEP 300 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 310 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 10 IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/cookie_file.tdir/cookie_file.conf b/testdata/cookie_file.tdir/cookie_file.conf new file mode 100644 index 000000000000..25dd93f52667 --- /dev/null +++ b/testdata/cookie_file.tdir/cookie_file.conf @@ -0,0 +1,19 @@ +server: + verbosity: 7 + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: no + port: @SERVER_PORT@ + interface: 127.0.0.1 + cookie-secret-file: "cookie_secrets.txt" + answer-cookie: yes + access-control: 127.0.0.0/8 allow_cookie # BADCOOKIE for incomplete/invalid cookies + +remote-control: + control-enable: yes + control-port: @CONTROL_PORT@ + control-use-cert: no diff --git a/testdata/cookie_file.tdir/cookie_file.dsc b/testdata/cookie_file.tdir/cookie_file.dsc new file mode 100644 index 000000000000..4f321bd2ef96 --- /dev/null +++ b/testdata/cookie_file.tdir/cookie_file.dsc @@ -0,0 +1,16 @@ +BaseName: cookie_file +Version: 1.0 +Description: Check the cookie rollover +CreationDate: Fri 14 Jun 11:00:00 CEST 2024 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: cookie_file.pre +Post: cookie_file.post +Test: cookie_file.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/remote-threaded.tdir/remote-threaded.post b/testdata/cookie_file.tdir/cookie_file.post index 4cccd9a8b6ba..b64af9cbdab3 100644 --- a/testdata/remote-threaded.tdir/remote-threaded.post +++ b/testdata/cookie_file.tdir/cookie_file.post @@ -1,4 +1,4 @@ -# #-- remote-threaded.post --# +# #-- cookie_file.post --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # source the test var file when it's there @@ -6,8 +6,5 @@ # # do your teardown here . ../common.sh -kill_pid $FWD_PID -# unbound stopped by test (if successful) -kill $UNBOUND_PID >/dev/null 2>&1 -kill $UNBOUND_PID >/dev/null 2>&1 -exit 0 +kill_from_pidfile "unbound.pid" +cat unbound.log diff --git a/testdata/cookie_file.tdir/cookie_file.pre b/testdata/cookie_file.tdir/cookie_file.pre new file mode 100644 index 000000000000..61da5425a447 --- /dev/null +++ b/testdata/cookie_file.tdir/cookie_file.pre @@ -0,0 +1,24 @@ +# #-- cookie_file.pre--# +PRE="../.." +. ../common.sh + +get_random_port 2 +SERVER_PORT=$RND_PORT +CONTROL_PORT=$(($RND_PORT + 1)) +echo "SERVER_PORT=$SERVER_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# make config file +sed \ + -e 's/@SERVER_PORT\@/'$SERVER_PORT'/' \ + -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' \ + < cookie_file.conf > ub.conf + +# empty cookie file +touch cookie_secrets.txt + +# start unbound in the background +$PRE/unbound -d -c ub.conf > unbound.log 2>&1 & + +cat .tpkg.var.test +wait_unbound_up unbound.log diff --git a/testdata/cookie_file.tdir/cookie_file.test b/testdata/cookie_file.tdir/cookie_file.test new file mode 100644 index 000000000000..7da4fa657bb8 --- /dev/null +++ b/testdata/cookie_file.tdir/cookie_file.test @@ -0,0 +1,248 @@ +# #-- cookie_file.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." +. ../common.sh + +first_secret=dd3bdf9344b678b185a6f5cb60fca715 +second_secret=445536bcd2513298075a5d379663c962 + + +teststep "Add first secret" +echo ">> add_cookie_secret $first_secret" +$PRE/unbound-control -c ub.conf add_cookie_secret $first_secret +# check secret is persisted +outfile=cookie_secrets.1 +$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +if ! grep -q "$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "^active.*$first_secret" $outfile +then + cat $outfile + echo "First secret was not provisioned" + exit 1 +fi +echo ">> print_cookie_secrets" +cat $outfile + + +teststep "Get a valid cookie for this secret" +outfile=dig.output.1 +dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=3132333435363738 > $outfile +if ! grep -q "BADCOOKIE" $outfile +then + cat $outfile + echo "Did not get a BADCOOKIE response for a client-only cookie" + exit 1 +fi +if ! grep -q "COOKIE: 3132333435363738" $outfile +then + cat $outfile + echo "Did not get a cookie in the response" + exit 1 +fi +first_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3) +cat $outfile +echo "first cookie: $first_cookie" + + +teststep "Verify the first cookie can be reused" +outfile=dig.output.2 +dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile +if grep -q "BADCOOKIE" $outfile +then + cat $outfile + echo "Got BADCOOKIE response for a valid cookie" + exit 1 +fi +if ! grep -q "COOKIE: $first_cookie" $outfile +then + cat $outfile + echo "Did not get the same first cookie in the response" + exit 1 +fi + + +teststep "Add second secret" +outfile=cookie_secrets.2 +echo ">> add_cookie_secret $second_secret" +$PRE/unbound-control -c ub.conf add_cookie_secret $second_secret +$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +if ! grep -q "$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "^staging.*$second_secret" $outfile \ + || ! grep -q "^active.*$first_secret" $outfile +then + cat $outfile + echo "Secrets were not provisioned" + exit 1 +fi +echo ">> print_cookie_secrets" +cat $outfile +echo ">> cookie_secrets.txt" +cat cookie_secrets.txt + + +teststep "Verify the first cookie can be reused" +outfile=dig.output.3 +dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile +if grep -q "BADCOOKIE" $outfile +then + cat $outfile + echo "Got BADCOOKIE response for a valid cookie" + exit 1 +fi +if ! grep -q "COOKIE: $first_cookie" $outfile +then + cat $outfile + echo "Did not get the same first cookie in the response" + exit 1 +fi + + +teststep "Secret rollover" +outfile=cookie_secrets.3 +$PRE/unbound-control -c ub.conf activate_cookie_secret +$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +if ! grep -q "^active.*$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "^active.*$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "^active.*$second_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if ! grep -q "^active.*$second_secret" $outfile \ + || ! grep -q "^staging.*$first_secret" $outfile +then + cat $outfile + echo "Second secret was not activated" + exit 1 +fi +echo ">> activate cookie secret, printout" +cat $outfile +echo ">> cookie_secrets.txt" +cat cookie_secrets.txt + + +teststep "Verify the first cookie can be reused but a new cookie is returned from the second secret" +outfile=dig.output.4 +dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile +if grep -q "BADCOOKIE" $outfile +then + cat $outfile + echo "Got BADCOOKIE response for a valid cookie" + exit 1 +fi +if ! grep -q "COOKIE: 3132333435363738" $outfile +then + cat $outfile + echo "Did not get a cookie in the response" + exit 1 +fi +if grep -q "COOKIE: $first_cookie" $outfile +then + cat $outfile + echo "Got the same first cookie in the response while the second secret is active" + exit 1 +fi +second_cookie=$(grep "; COOKIE:" $outfile | cut -d ' ' -f 3) +cat $outfile +echo "second cookie: $second_cookie" + + +teststep "Drop cookie secret" +outfile=cookie_secrets.4 +$PRE/unbound-control -c ub.conf drop_cookie_secret +$PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +if grep -q "^staging.*$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if grep -q "^staging.*$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if grep -q "^staging.*$first_secret" $outfile +then + sleep 1 + $PRE/unbound-control -c ub.conf print_cookie_secrets > $outfile +fi +if grep -q "^staging.*$first_secret" $outfile +then + cat $outfile + echo "First secret was not dropped" + exit 1 +fi +echo ">> drop cookie secret, printout" +cat $outfile +echo ">> cookie_secrets.txt" +cat cookie_secrets.txt + + +teststep "Verify the first cookie can not be reused and the second cookie is returned instead" +outfile=dig.output.4 +dig version.server ch txt @127.0.0.1 -p $SERVER_PORT +cookie=$first_cookie > $outfile +if ! grep -q "BADCOOKIE" $outfile +then + cat $outfile + echo "Did not get BADCOOKIE response for an invalid cookie" + exit 1 +fi +if ! grep -q "COOKIE: 3132333435363738" $outfile +then + cat $outfile + echo "Did not get a cookie in the response" + exit 1 +fi +if grep -q "COOKIE: $first_cookie" $outfile +then + cat $outfile + echo "Got the same first cookie in the response while the second secret is active" + exit 1 +fi +if ! grep -q "COOKIE: $second_cookie" $outfile +then + cat $outfile + echo "Did not get the same second cookie in the response" + exit 1 +fi + +exit 0 diff --git a/testdata/dnstap.tdir/dnstap.post b/testdata/dnstap.tdir/dnstap.post index 6d5e9d50d044..8fefc7e844b2 100644 --- a/testdata/dnstap.tdir/dnstap.post +++ b/testdata/dnstap.tdir/dnstap.post @@ -12,4 +12,6 @@ kill_pid $FWD_PID kill $UNBOUND_PID kill $UNBOUND_PID >/dev/null 2>&1 cat unbound.log +cat tap.log +cat tap.errlog exit 0 diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test index 3ec9c77bd0c8..ebb1802513be 100644 --- a/testdata/dnstap.tdir/dnstap.test +++ b/testdata/dnstap.tdir/dnstap.test @@ -122,8 +122,6 @@ if test $num_responses -gt 2; then fi echo "> cat logfiles" -cat tap.log -cat tap.errlog cat fwd.log echo "> OK" exit 0 diff --git a/testdata/ede.tdir/ede-auth.conf b/testdata/ede.tdir/ede-auth.conf index d78da0382ad4..81a9f6bfa65f 100644 --- a/testdata/ede.tdir/ede-auth.conf +++ b/testdata/ede.tdir/ede-auth.conf @@ -24,4 +24,3 @@ auth-zone: auth-zone: name: "rrsig-failures.test" zonefile: "bogus/rrsig-failures.test.signed" - diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf index 639899d13049..1a9cc7e3016b 100644 --- a/testdata/ede.tdir/ede.conf +++ b/testdata/ede.tdir/ede.conf @@ -33,18 +33,18 @@ server: local-zone: test nodefault do-not-query-localhost: no -forward-zone: +stub-zone: name: "dnssec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ + stub-addr: 127.0.0.1@@PORT2@ -forward-zone: +stub-zone: name: "dnskey-failures.test" - forward-addr: 127.0.0.1@@PORT2@ + stub-addr: 127.0.0.1@@PORT2@ -forward-zone: +stub-zone: name: "nsec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ + stub-addr: 127.0.0.1@@PORT2@ -forward-zone: +stub-zone: name: "rrsig-failures.test" - forward-addr: 127.0.0.1@@PORT2@ + stub-addr: 127.0.0.1@@PORT2@ diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test index e45085ebf156..d166b2e9a9c2 100644 --- a/testdata/ede.tdir/ede.test +++ b/testdata/ede.tdir/ede.test @@ -5,9 +5,6 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test -# DNSSEC failure: Signature Expired or DNSKEY Missing (depending on the servfail configuration) -dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt - # DNSSEC failure: key not incepted dig @127.0.0.1 -p $UNBOUND_PORT notyetincepted.dnssec-failures.test. TXT +dnssec > sig_notyetincepted.txt diff --git a/testdata/fwd_name_lookup.rpl b/testdata/fwd_name_lookup.rpl new file mode 100644 index 000000000000..dbcfffba524a --- /dev/null +++ b/testdata/fwd_name_lookup.rpl @@ -0,0 +1,152 @@ +; config options +server: + # must have target-fetch-policy to fetch forward-host name. + target-fetch-policy: "3 2 1 0 0" + qname-minimisation: no + minimal-responses: no + +forward-zone: + name: "." + forward-addr: 1.2.3.4 + forward-host: ns.example.com +CONFIG_END + +SCENARIO_BEGIN Test forward with forward-host lookup for more addresses + +; Forward server +RANGE_BEGIN 0 15 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. host.example.com. 3 3600 300 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; The forward server gives no answers. +RANGE_BEGIN 20 55 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +ENTRY_END +RANGE_END + +; The other forward server. +RANGE_BEGIN 20 55 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. IN A 1.2.3.7 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. IN A 1.2.3.8 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +ENTRY_END + +; The address 1.2.3.4 is not responding so it has to fail over to the +; address from the name lookup. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www2.example.com. IN A +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www2.example.com. IN A +SECTION ANSWER +www2.example.com. IN A 1.2.3.7 +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www3.example.com. IN A +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www3.example.com. IN A +SECTION ANSWER +www3.example.com. IN A 1.2.3.8 +ENTRY_END + +SCENARIO_END diff --git a/testdata/ipset.tdir/ipset.pre b/testdata/ipset.tdir/ipset.pre index 42c94fac45e0..7c61e646805d 100644 --- a/testdata/ipset.tdir/ipset.pre +++ b/testdata/ipset.tdir/ipset.pre @@ -8,6 +8,11 @@ PRE="../.." if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi +if grep "define HAVE_NET_PFVAR_H 1" $PRE/config.h; then + if test ! -f /dev/pf; then + skip_test "no /dev/pf" + fi +fi get_random_port 2 UNBOUND_PORT=$RND_PORT diff --git a/testdata/remote-threaded.tdir/bad_control.key b/testdata/remote-threaded.tdir/bad_control.key deleted file mode 100644 index d29cdbc91b37..000000000000 --- a/testdata/remote-threaded.tdir/bad_control.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDti51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4G -SLOE02/hKDkdkOvaUG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtO -DWc3tXPT1IlSEN0xnAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQAB -AoGAG3w/DatfMCu/nS5OdQx9BSqPgNbnUSqux9xA0fhgPTlN0T3oRtPcqa7JUDUW -PryI/a62ry+zGkw98N2AxolCZg3N7Z3vuRx2FMcKKNwpTzDmcZW7TmMk5FPof6gE -PnYl/ff0w+kxqA+L2EexH3Xi6ApLSZcjyzKWj+dL2AuT9gkCQQD3dPitwITxgCAD -IaHw23e3FRkM/hw1Gp8bt6nbuxitVxxpO96q1EQ+fCy/mf0bMEJDp3xzMEIfP3r4 -GmNbaxa1AkEA9b8LeBLbQ2cm2+UMeUgygBsRirdUQ786auqH38Jbvi/j6S9sDl2x -q1vRtikEBZJWfkhsOzrzwFDKe1bI/EEn9wJAAzOwRA9JqRZPU7sLrWIpmmTbfh+L -neRKSsGFoSI6n4ORCouLxgoZF/XjXldPvxpQwS9ZnOPy9xSLMsqknno0QQJAeDtA -IT8Yh6GwIWWu9KeeDY8wxe1sDLlCm4yjbZZpzGMh3rSU6XJtuqjxsW3fydoO9zn3 -ugLdvvnIFxAexUwbgQJBANyM13xcObfUJOj9rjlGCh0CDh/04ONl8SH8HBnM8guA -RJI5S6vBHweVRopEZcF1sQm6wMf3ej/sGkyyNvJxRkY= ------END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/bad_control.pem b/testdata/remote-threaded.tdir/bad_control.pem deleted file mode 100644 index e06b847208e3..000000000000 --- a/testdata/remote-threaded.tdir/bad_control.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBozCCAQwCCQDd5/rocjG5vDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0NFoXDTI4MDYxMzEyMjQ0NFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDt -i51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4GSLOE02/hKDkdkOva -UG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtODWc3tXPT1IlSEN0x -nAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAHpvcKqY48X9WsqogV16L+zT7iXhZ4tySA9EBk1a+0gud/iDPKSBi7mK -4rzphVfb4S207dVmTG+1WNpa6l3pTGML6XLElxqIu/kr7w4cF0rKvZxWPsBRqYjH -5HrK8CrQ0+YvUHXiu7IaACLGvKXY4Tqa3HQyvEtzLWJ4HhOrGx8F ------END CERTIFICATE----- diff --git a/testdata/remote-threaded.tdir/bad_server.key b/testdata/remote-threaded.tdir/bad_server.key deleted file mode 100644 index 0dbb134b5be7..000000000000 --- a/testdata/remote-threaded.tdir/bad_server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC9hurNHBtB7QFEuPJOnCylUWUF2/US3v9yQQQXnstuXMQXRaq1 -1uviLmwaGurV9tngX59HITsBT74NQrtFKfEDLViLrm2arAM9Ozsn4tnv30HXPRDj -UOc1M05Q7UzjaSrOv+TkPEqyhtUyaP1DYo0bcmbxtSkYc2ZEWCwhPklUwQIDAQAB -AoGATjzZxN4ramWaNnJapJTX4U7eczK/0pB3xwSL2exVcjOdRzYdKH+WVIJxYb1m -3/jNLFCNAeH356yxeevoPr73nG75YJ9I1ZWQWTnS3SDK6JD1+3pmAD0bQWFoitpf -FoSH9H4X5gFB5vCZ99YVoYH1UXWPcgvUHwxz0voImt6lCKECQQD4YQ4A3M0+Ki8v -Hl+5FKULnS0UtBkweCvkF/X1zZRjjYr6hLnqldFkkgTBKWe17pUXX0nwRMbP1YZX -i+vDq5JNAkEAw1eYsmC0nVAMawo57N6LYavGv/n5u1cvpTpKDtn4cXH0Uqq13Kyu -2FUTzan2NhCEK78UzbWaeewBJmxYda1+RQJAdShKk6uTAEyjnwUjv8h2JWlJN2fQ -LeWxRlDrCruiz+aW9J4gl/99GoQpy/c83TshhjnDRZsbcDNWv/rXBZ/rTQJAFQva -CtX6f7yBKgM3DHtJvyM3zbVMH9Ab9QxbsE/xwZ9KeKGl6Hm+eNZpxM3cFiUfaGs0 -/ZjkZOB1m0MvILaplQJAXC3PJ/E+87banGZRJl5qtS6/HoX5lH9TPkL8Essy7ANO -2BT2OTQawD1A+VKIrQHXs085Of8tQUfrfHHt7s3Kqg== ------END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/bad_server.pem b/testdata/remote-threaded.tdir/bad_server.pem deleted file mode 100644 index 983247ac73bd..000000000000 --- a/testdata/remote-threaded.tdir/bad_server.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQCDugnhq8B6LzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0M1oXDTI4MDYxMzEyMjQ0M1owEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYbqzRwbQe0B -RLjyTpwspVFlBdv1Et7/ckEEF57LblzEF0Wqtdbr4i5sGhrq1fbZ4F+fRyE7AU++ -DUK7RSnxAy1Yi65tmqwDPTs7J+LZ799B1z0Q41DnNTNOUO1M42kqzr/k5DxKsobV -Mmj9Q2KNG3Jm8bUpGHNmRFgsIT5JVMECAwEAATANBgkqhkiG9w0BAQUFAAOBgQCy -zGMW35/9xXoEWsuLFWUOaEKVq5DXuXtXbcMpDW6k2ELoraa305vh7Zwhj5JSqfcm -O0xyqIzXvz/cYdyOTgEkdMDZ/EvQsxKTwvj6eA4614yB1r3Ju5eZd4Gpo6BHhSpu -oqsrr0duJ+JOANTyaBplIxM1sjHbR4FGtmrFknBYBQ== ------END CERTIFICATE----- diff --git a/testdata/remote-threaded.tdir/remote-threaded.conf b/testdata/remote-threaded.tdir/remote-threaded.conf deleted file mode 100644 index da9fee1de1ba..000000000000 --- a/testdata/remote-threaded.tdir/remote-threaded.conf +++ /dev/null @@ -1,25 +0,0 @@ -server: - verbosity: 2 - num-threads: 4 - outgoing-range: 16 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: "" - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no -remote-control: - control-enable: yes - control-interface: 127.0.0.1 - # control-interface: ::1 - control-port: @CONTROL_PORT@ - server-key-file: "unbound_server.key" - server-cert-file: "unbound_server.pem" - control-key-file: "unbound_control.key" - control-cert-file: "unbound_control.pem" -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" - diff --git a/testdata/remote-threaded.tdir/remote-threaded.dsc b/testdata/remote-threaded.tdir/remote-threaded.dsc deleted file mode 100644 index b3aeebac141a..000000000000 --- a/testdata/remote-threaded.tdir/remote-threaded.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: remote-threaded -Version: 1.0 -Description: remote control test with thread communication -CreationDate: Wed Dec 3 15:00:38 CET 2008 -Maintainer: dr. W.C.A. Wijngaards -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: remote-threaded.pre -Post: remote-threaded.post -Test: remote-threaded.test -AuxFiles: -Passed: -Failure: diff --git a/testdata/remote-threaded.tdir/remote-threaded.pre b/testdata/remote-threaded.tdir/remote-threaded.pre deleted file mode 100644 index 76dc6b2492ae..000000000000 --- a/testdata/remote-threaded.tdir/remote-threaded.pre +++ /dev/null @@ -1,33 +0,0 @@ -# #-- remote-threaded.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 3 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -CONTROL_PORT=$(($RND_PORT + 2)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test -echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT remote-threaded.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < remote-threaded.conf > ub.conf -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log - diff --git a/testdata/remote-threaded.tdir/remote-threaded.test b/testdata/remote-threaded.tdir/remote-threaded.test deleted file mode 100644 index e2f6b2783aaa..000000000000 --- a/testdata/remote-threaded.tdir/remote-threaded.test +++ /dev/null @@ -1,310 +0,0 @@ -# #-- remote-threaded.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." - -# exit value is 1 on usage -$PRE/unbound-control -h -if test $? -ne 1; then - echo "wrong exit value for usage." - exit 1 -else - echo "exit value for usage: OK" -fi - -# use lock-verify if possible - -# test if the server is up. -echo "> dig www.example.com." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile -echo "> check answer" -if grep "10.20.30.40" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# exit value is 1 when a bad command is given. -echo "$PRE/unbound-control -c ub.conf blablargh" -$PRE/unbound-control -c ub.conf blablargh -if test $? -ne 1; then - echo "wrong exit value on error." - echo "> cat logfiles" - cat fwd.log - cat unbound.log - exit 1 -else - echo "correct exit value on error" -fi - -# reload the server. test if the server came up by putting a new -# local-data element in the server. -echo "server: local-data: 'afterreload. IN A 5.6.7.8'" >> ub.conf -echo "$PRE/unbound-control -c ub.conf reload" -$PRE/unbound-control -c ub.conf reload -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -echo "> dig afterreload." -dig @127.0.0.1 -p $UNBOUND_PORT afterreload. | tee outfile -echo "> check answer" -if grep "5.6.7.8" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# must have had queries now. 1 since reload. -echo "$PRE/unbound-control -c ub.conf stats" -$PRE/unbound-control -c ub.conf stats > tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - cat fwd.log - cat unbound.log - exit 1 -fi -if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then - echo "OK" -else - echo "bad stats" - cat tmp.$$ - exit 1 -fi - -# verbosity -echo "$PRE/unbound-control -c ub.conf verbosity 4" -$PRE/unbound-control -c ub.conf verbosity 4 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -# check syntax error in parse -echo "$PRE/unbound-control -c ub.conf verbosity jkdf" -$PRE/unbound-control -c ub.conf verbosity jkdf -if test $? -ne 1; then - echo "wrong exit value after failure" - exit 1 -fi - -# check bad credentials -cp ub.conf bad.conf -echo "remote-control:" >> bad.conf -echo " server-key-file: bad_server.key" >> bad.conf -echo " server-cert-file: bad_server.pem" >> bad.conf -echo " control-key-file: bad_control.key" >> bad.conf -echo " control-cert-file: bad_control.pem" >> bad.conf -echo "$PRE/unbound-control -c bad.conf verbosity 2" -$PRE/unbound-control -c bad.conf verbosity 2 -if test $? -ne 1; then - echo "wrong exit value after failure" - exit 1 -fi - -# create a new local zone -echo "> test of local zone" -echo "$PRE/unbound-control -c ub.conf local_zone example.net static" -$PRE/unbound-control -c ub.conf local_zone example.net static -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1" -$PRE/unbound-control -c ub.conf local_data www.example.net A 192.0.2.1 -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -# check that www.example.net exists -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "192.0.2.1" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# check that mail.example.net has nxdomain -echo "> dig mail.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT mail.example.net. | tee outfile -echo "> check answer" -if grep "NXDOMAIN" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# remove www.example.net - check it gets nxdomain -echo "$PRE/unbound-control -c ub.conf local_data_remove www.example.net" -$PRE/unbound-control -c ub.conf local_data_remove www.example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "NXDOMAIN" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# remove example.net - check its gone. -echo "$PRE/unbound-control -c ub.conf local_zone_remove example.net" -$PRE/unbound-control -c ub.conf local_zone_remove example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -echo "> dig www.example.net." -dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. | tee outfile -echo "> check answer" -if grep "SERVFAIL" outfile; then - echo "OK" -else - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "Not OK" - exit 1 -fi - -# dump the cache -echo "> test cache dump" -# fillup cache -echo "dig www.example.com" -dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. -echo "$PRE/unbound-control -c ub.conf dump_cache" -$PRE/unbound-control -c ub.conf dump_cache > tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -cat tmp.$$ -# we do not look at content. Only thread 0 content. -# because it may not be there when it is compiled with processes only. -if grep MSG_CACHE tmp.$$; then - echo "OK this is a cache dump" -else - echo "Not OK cache dump" - exit 1 -fi - -# test lookup -echo "$PRE/unbound-control -c ub.conf lookup www.example.com" -$PRE/unbound-control -c ub.conf lookup www.example.com -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -# answer to lookup is meaningless because of use a forwarder, oh well. - -# load the cache dump. -echo "$PRE/unbound-control -c ub.conf load_cache < tmp.$$" -$PRE/unbound-control -c ub.conf load_cache < tmp.$$ -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -# do not check if cache dump contents are present ; other threads -# may not have gotten it when it is compiled with processes only. - -# flushing -echo "$PRE/unbound-control -c ub.conf flush www.example.net" -$PRE/unbound-control -c ub.conf flush www.example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -echo "$PRE/unbound-control -c ub.conf flush_type www.example.net TXT" -$PRE/unbound-control -c ub.conf flush_type www.example.net TXT -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -echo "$PRE/unbound-control -c ub.conf flush_zone example.net" -$PRE/unbound-control -c ub.conf flush_zone example.net -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi - -# now stop the server -echo "$PRE/unbound-control -c ub.conf stop" -$PRE/unbound-control -c ub.conf stop -if test $? -ne 0; then - echo "wrong exit value after success" - exit 1 -fi -# see if the server has really exited. -TRY_MAX=20 -for (( try=0 ; try <= $TRY_MAX ; try++ )) ; do - if kill -0 $UNBOUND_PID 2>&1 | tee tmp.$$; then - echo "not stopped yet, waiting" - sleep 1 - else - echo "stopped OK; break" - break; - fi - if grep "No such process" tmp.$$; then - echo "stopped OK; break" - break; - fi -done -if kill -0 $UNBOUND_PID; then - echo "still up!" - echo "> cat logfiles" - cat fwd.log - cat unbound.log - echo "not stopped, failure" - exit 1 -else - echo "stopped OK" - - if test -f ublocktrace.0; then - if $PRE/lock-verify ublocktrace.*; then - echo "lock-verify test worked." - else - echo "lock-verify test failed." - cat fwd.log - cat unbound.log - exit 1 - fi - fi -fi - -echo "> cat logfiles" -cat fwd.log -cat unbound.log -echo "> OK" -exit 0 diff --git a/testdata/remote-threaded.tdir/remote-threaded.testns b/testdata/remote-threaded.tdir/remote-threaded.testns deleted file mode 100644 index 0c911ca5b30e..000000000000 --- a/testdata/remote-threaded.tdir/remote-threaded.testns +++ /dev/null @@ -1,22 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www IN A -SECTION ANSWER -www IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA SERVFAIL -ADJUST copy_id -SECTION QUESTION -www.example.net. IN A -ENTRY_END - diff --git a/testdata/remote-threaded.tdir/unbound_control.key b/testdata/remote-threaded.tdir/unbound_control.key deleted file mode 100644 index 753a4ef6162e..000000000000 --- a/testdata/remote-threaded.tdir/unbound_control.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA -1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ -F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR -ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm -vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb -IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL -cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr -lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov -15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf -LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ -Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 -YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 -whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c -lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax -tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ -U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 -Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc -Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 -ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ -1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN -b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz -ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C -TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF -tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y -aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 -A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU -LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U -R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy -7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj -7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw -jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 -BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar -kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR -qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 -VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 -MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa -C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= ------END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_control.pem b/testdata/remote-threaded.tdir/unbound_control.pem deleted file mode 100644 index a1edf7017f1d..000000000000 --- a/testdata/remote-threaded.tdir/unbound_control.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw -WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv -OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj -1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl -NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht -A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ -Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB -TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ -nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My -+i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj -4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 -hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU -9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn -ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ -pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD -72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ -muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP -uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte ------END CERTIFICATE----- diff --git a/testdata/remote-threaded.tdir/unbound_server.key b/testdata/remote-threaded.tdir/unbound_server.key deleted file mode 100644 index 370a7bbb2f22..000000000000 --- a/testdata/remote-threaded.tdir/unbound_server.key +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI -0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq -GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z -uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K -WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 -FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP -q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL -A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP -7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf -XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 -iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 -2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo -MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj -WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz -O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI -IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN -qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU -dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs -bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr -YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km -7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr -gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z -5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG -ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN -oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ -s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW -zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx -ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 -oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 -BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS -mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 -kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 -7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 -RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O -jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp -O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre -MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== ------END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_server.pem b/testdata/remote-threaded.tdir/unbound_server.pem deleted file mode 100644 index 986807310f2b..000000000000 --- a/testdata/remote-threaded.tdir/unbound_server.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx -EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 -WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB -igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 -a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 -4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot -aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 -TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ -uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 -+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz -XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx -dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW -84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 -JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca -fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg -XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF -qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 -sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD -yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe -CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== ------END CERTIFICATE----- diff --git a/testdata/root_anchor.tdir/root_anchor.pre b/testdata/root_anchor.tdir/root_anchor.pre index 0357646cdd5a..0123eaabe1ad 100644 --- a/testdata/root_anchor.tdir/root_anchor.pre +++ b/testdata/root_anchor.tdir/root_anchor.pre @@ -3,6 +3,8 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +. ../common.sh + # only do this test if the network is up. if dig @k.root-servers.net . SOA 2>&1 | grep NOERROR ; then : diff --git a/testdata/root_hints.tdir/root_hints.pre b/testdata/root_hints.tdir/root_hints.pre index a756693121ab..fe0096faeb79 100644 --- a/testdata/root_hints.tdir/root_hints.pre +++ b/testdata/root_hints.tdir/root_hints.pre @@ -4,6 +4,8 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +. ../common.sh + # dig 9 ? digv=`dig -v 2>&1 | wc -l` if test $digv -ne 1; then diff --git a/testdata/rpz_cname_tag.rpl b/testdata/rpz_cname_tag.rpl new file mode 100644 index 000000000000..fb782b685ac7 --- /dev/null +++ b/testdata/rpz_cname_tag.rpl @@ -0,0 +1,281 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + access-control: 193.0.0.0/8 allow + define-tag: "internal server" + access-control-tag: 192.0.0.0/8 "internal" + access-control-tag: 127.0.0.0/8 "server" + ; 193.0.0.0/8 has no tags + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + tags: "internal" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +www.gotham.a A 1.2.3.61 +www.gotham2.a CNAME g2.target.a. +g2.target.a A 1.2.3.62 +www.gotham3.a CNAME g3.target.a. +g3.target.a CNAME g3b.target.a. +g3b.target.a A 1.2.3.63 +www.gotham4.a CNAME g4.target.a. +g4.target.a CNAME g4b.target.a. +g4b.target.a CNAME g4c.target.a. +g4c.target.a A 1.2.3.64 +; server for a. +32.40.30.20.10.rpz-nsip A 1.2.3.68 +www.gotham5.a TXT "txt5" +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ handling of CNAMEs and tags. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. IN A 1.2.3.52 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. IN A 1.2.3.53 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. IN A 1.2.3.54 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham5.a. IN TXT +SECTION ANSWER +www.gotham5.a. IN TXT "gotham5" +ENTRY_END +RANGE_END + +; Test with zero rpz CNAMEs, no tag match for rpz answer. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. A 1.2.3.5 +ENTRY_END + +; Test with one rpz CNAME, no tag match for rpz answer. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. A 1.2.3.52 +ENTRY_END + +; Test with two rpz CNAMEs, no tag match for rpz answer. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.53 +ENTRY_END + +; Test with three rpz CNAMEs, no tag match for rpz answer. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END + +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. A 1.2.3.54 +ENTRY_END + +; Test with zero rpz CNAMEs, rpz answer. Tag "internal" +STEP 50 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. A 1.2.3.61 +ENTRY_END + +; Test with one rpz CNAME, rpz answer. Tag "internal" +STEP 60 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. CNAME g2.target.a. +g2.target.a. A 1.2.3.62 +ENTRY_END + +; Test with two rpz CNAMEs, rpz answer. Tag "internal" +STEP 70 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. CNAME g3.target.a. +g3.target.a. CNAME g3b.target.a. +g3b.target.a. A 1.2.3.63 +ENTRY_END + +; Test with three rpz CNAMEs, rpz answer. Tag "internal" +STEP 80 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END + +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. CNAME g4.target.a. +g4.target.a. CNAME g4b.target.a. +g4b.target.a. CNAME g4c.target.a. +g4c.target.a. A 1.2.3.64 +ENTRY_END + +; Test with zero rpz CNAMEs, no tags for the query, and so no rpz answer. +STEP 90 QUERY ADDRESS 193.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN TXT +ENTRY_END + +STEP 91 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham5.a. IN TXT +SECTION ANSWER +www.gotham5.a. IN TXT "gotham5" +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_dname_twice.rpl b/testdata/val_dname_twice.rpl new file mode 100644 index 000000000000..bc84bf91c18d --- /dev/null +++ b/testdata/val_dname_twice.rpl @@ -0,0 +1,226 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a dname used twice + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.a.test-dname-2.example.com. IN A +SECTION ANSWER +test-dname-2.example.com. 3600 IN DNAME test-2.example.com. +test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= +; unsigned CNAME +a.a.test-dname-2.example.com. IN CNAME a.a.test-2.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.a.test-2.example.com. IN A +SECTION ANSWER +a.a.test-2.example.com. 3600 IN CNAME a.test-dname-2.example.com. +a.a.test-2.example.com. 3600 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.test-dname-2.example.com. IN A +SECTION ANSWER +test-dname-2.example.com. 3600 IN DNAME test-2.example.com. +test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= +; unsigned CNAME +a.test-dname-2.example.com. IN CNAME a.test-2.example.com. +SECTION AUTHORITY +snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC +snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.test-2.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= +snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC +snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.a.test-dname-2.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +a.a.test-dname-2.example.com. IN A +SECTION ANSWER +test-dname-2.example.com. 3600 IN DNAME test-2.example.com. +test-dname-2.example.com. 3600 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= ;{id = 2854} +a.a.test-dname-2.example.com. 3600 IN CNAME a.a.test-2.example.com. +a.a.test-2.example.com. 3600 IN CNAME a.test-dname-2.example.com. +a.a.test-2.example.com. 3600 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= ;{id = 2854} +a.test-dname-2.example.com. 3600 IN CNAME a.test-2.example.com. + +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= ;{id = 2854} +snow.example.com. 3600 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC +snow.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= ;{id = 2854} +ENTRY_END + +; Check cache response for DNAME +; so 100+ the authority will not respond any more : must be from cache. +STEP 110 TIME_PASSES ELAPSE 10 + +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.a.test-dname-2.example.com. IN A +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +a.a.test-dname-2.example.com. IN A +SECTION ANSWER +test-dname-2.example.com. 3590 IN DNAME test-2.example.com. +test-dname-2.example.com. 3590 IN RRSIG DNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AB9F05uhCzJ0hFbu/033nWLEMDoDrIY1PL69PsD9kMUuyzT4irnUlGY= ;{id = 2854} +a.a.test-dname-2.example.com. 3590 IN CNAME a.a.test-2.example.com. +a.a.test-2.example.com. 3590 IN CNAME a.test-dname-2.example.com. +a.a.test-2.example.com. 3590 IN RRSIG CNAME 3 5 3600 20070926134150 20070829134150 2854 example.com. AECBiHVJ8qaSV3sC7LcOlSF2W4b9JD+g44fQ2EvkKqGJVUJfa6840i8= ;{id = 2854} +a.test-dname-2.example.com. 3590 IN CNAME a.test-2.example.com. + +SECTION AUTHORITY +example.com. 3590 IN SOA ns.example.com. root.example.com. 1 3600 300 7200 3600 +example.com. 3590 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AEO4JOt/lNSVk3InhQz4MvUXll2vOOuZklfB7HpnW45kvEqHsqfWuNw= ;{id = 2854} +snow.example.com. 3590 IN NSEC a.a.test-2.example.com. A AAAA RRSIG NSEC +snow.example.com. 3590 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHy/eDMTc5D7Q7Svh/B/r/twvHn8GTzYgSwO1jFasFrb2Gmtk8waXaM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_failure_dnskey.rpl b/testdata/val_failure_dnskey.rpl new file mode 100644 index 000000000000..3f25f15b2062 --- /dev/null +++ b/testdata/val_failure_dnskey.rpl @@ -0,0 +1,348 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DS 1444 8 2 69887be92d4848c0bc10acc95682a01e7e3b57ab0750a2ee6f72cac7191a64f1" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + log-servfail: yes + val-log-level: 2 + ede: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with failure for chaing of trust lookup. +; The error message that is created, also for EDE is more extensive. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +;ENTRY_BEGIN +;MATCH opcode qtype qname +;ADJUST copy_id +;REPLY QR NOERROR +;SECTION QUESTION +;example.com. IN DNSKEY +;SECTION ANSWER +;example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +;SECTION AUTHORITY +;example.com. IN NS ns.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;SECTION ADDITIONAL +;ns.example.com. IN A 1.2.3.4 +;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +;ENTRY_END +; servfail for DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA SERVFAIL +SECTION QUESTION +example.com. IN DNSKEY +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. 3600 IN NS ns.example.net. +example.net. 3600 IN RRSIG NS 8 2 3600 20070926134150 20070829134150 1444 example.net. nHpOqZb00nIGytQ1YmVoXEHURL/75dWhlKSEtRTorjVdPGPZNN7ziCWJW303v7u07TkZ+i6oFVEWG/SDR4ejn5o31UKJy1373PEH/cvPf9/44jw9gAFaHF1eO6ZQGaRQaeEpU06+xUcnc2QXFt6rNu60EsTvMRDN83bD+r7FA7Y= +SECTION ADDITIONAL +ns.example.net. 3600 IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. 3600 IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A 8 3 3600 20070926134150 20070829134150 1444 example.net. TgQ4nfGtLHuZXlC4JJlVQ6mejf1WJbstTxsh/kgMAc2tryOxF/gvGBHaMtz6oceFZrIgk6g3RYI1Gk5gjSFNADh+EIwI422M8XPAAxRLfFahiO4lr1aCo4c94TYeZNpnDKy81rINTz2hQE1pGWr8Z03ySABqSBnTE1FQt4N/JCo= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. 3600 IN SOA ns.example.net. host.example.net. 1 3600 300 7200 3600 +example.net. 3600 IN RRSIG SOA 8 2 3600 20070926134150 20070829134150 1444 example.net. P5FRQ4A/0n5owaBhZqlYBFD2PNAWJc5oxiDwvwh0hdjxETx8ta3EAvDKtNj5XZ5EKDAhP/tivd+Bq50I0xfRBmrouxgxjgnV3ye8zU+M1fXbuKpsWme9R3S4cs9WYfggTn7X00Af8m0tE62SLH/ZtOOQi2CvOPu7PXtHYT6KW4Q= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +example.net. 3600 IN RRSIG DNSKEY 8 2 3600 20070926134150 20070829134150 1444 example.net. hAAlJt/YwAgWBzseK0N42+ysSMaWgntcuftF8a43chLh+fbe3vPWrgwqr/Cic52tu4ZqMox592tqWDxAG7F1eDGfO0SfzS2C9Tc/Wnz5nFjFh75G4Mtt8DTv5vTyGUVX5zAFzV8SNijVC0o1F7MHaVPt3rFtjjg2zW/UOz2m9+U= +ENTRY_END + +; For sub1.example.net. zone; it is co-hosted with example.net, so that +; there can be failures for the DS lookup. But the data lookup succeeds. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.sub1.example.net. IN A +SECTION ANSWER +www.sub1.example.net. IN A 10.20.30.41 +www.sub1.example.net. 3600 IN RRSIG A 8 4 3600 20070926134150 20070829134150 29332 sub1.example.net. NcFP77Hixawt8hb+STIbbeqdF9tWTuHsbGEB4agKXlwHqS0BnyA+It6+UdE57IF0Kbnc7gSuaslX9At8ctd4HuC/9F/osbo96o23JEfnXPky/r5SsLaeN5KmUmUVjG9oxyAEc6PVlaaQ5a/RhaxmDRaDiku2gB7KjdjPxwxe+Rc54GV2eM3GtcfT+oDakLdSSACqeVjUFIOtYMpG8jAHrBe4uSnjKI7O0fWDFN5OES6sN9iUS9/ceorIoF/gSIqM7xWEuPLxE2c5TtYJyPtMCeGJ9wBP4wrTXfJ58+Lg5SFKgEuKTvAqEv9KEwg/kJb1GQ+ho5XKFO6EII2iyeUK/w== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +sub1.example.net. IN DS +SECTION ANSWER +; no DS for sub1.example.net id=29332 algo=8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.sub2.example.net. IN A +SECTION ANSWER +www.sub2.example.net. IN A 10.20.30.42 +www.sub2.example.net. 3600 IN RRSIG A 8 4 3600 20070926134150 20070829134150 29332 sub2.example.net. FOY6YxNoFyrSkBtWV7HcECmORTMedRWHdGk7Rm04icT8Bw0dWfzVaIpAkBY6FXx8UvqN7McN4IJI5dAVXptfekO+Yvy2PwkjehRUXvQK64XH5UM5pVbX5g8E4pnOrLa/jzPB7srzMpyWVCpt81lPoFpdfXUMm7434ifkTYhpAll7y5NAocFiT3F+XGe06qMIr51WxoFfegIGohMFhkTDUdLWrdV10128W+NzPdwoYtiigtCObKxTtyj3gK+mxqXvX4X4F2YIGQ+mx62ovdUilnLYZm/WC/ZQkdxeOZjeCTxvSpGGG+wtu1QufgIJ+BpAZAOxREOYZkhR29AG0np4EA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +sub2.example.net. IN DNSKEY +SECTION ANSWER +; sub2.example.net. IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub2.example.net. IN DS +SECTION ANSWER +sub2.example.net. 3600 IN DS 29332 8 2 d53e615d9d736b0f2a0097f1d5fa51c84320610f94ecbd7197e7de5f44f02d72 +sub2.example.net. 3600 IN RRSIG DS 8 3 3600 20070926134150 20070829134150 1444 example.net. dYLYs1uMxJm5+MB6L1+uStE5S1YtyYR0JF+1pPoTptc/H1hYqMxK7pVQPtIGvq8j8wNyC7jOzALfEXgwRKiSdR1l1GQ5HIxWkhUmkpLcecwJOjemee4nXaifOFa5bdbdYpuDwTiIzx+PvanlaVjEPy0i1IukanDi6jojfyWcgLA= +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; The DNSKEY lookup for the key prime is a failure. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub1.example.net. IN A +ENTRY_END + +; The DS lookup is a failure. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=23 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub1.example.net. IN A +SECTION ANSWER +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub2.example.net. IN A +ENTRY_END + +; The DNSKEY lookup is a failure. +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ede=9 +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub2.example.net. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END |