blob: f3cf9b29ef51365afa2aff78f32bb054385cb5f4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# #-- rpz_reload.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test
PRE="../.."
. ../common.sh
# do the test
echo "> dig . SOA"
dig @127.0.0.1 -p $UNBOUND_PORT localhost. A | tee outfile
echo "> check answer"
if grep localhost outfile | grep "127.0.0.1"; then
echo "OK"
else
echo "Not OK"
exit 1
fi
echo ""
echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
echo "wrong exit value."
exit 1
else
echo "exit value: OK"
fi
# Have the RPZ block some things.
dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile
echo "> check answer"
if grep "www.example.org" outfile | grep "1.2.3.5"; then
echo "OK"
else
echo "Not OK"
exit 1
fi
if grep "rpz: applied .example policy." unbound.log | grep "foo.example.net. A"; then
echo "log line OK"
else
echo "log line not OK"
exit 1
fi
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile
if grep "www.example.org" outfile | grep "1.2.3.5"; then
echo "OK"
else
echo "Not OK"
exit 1
fi
if grep "rpz: applied .example policy." unbound.log | grep "www.example.net. A"; then
echo "log line OK"
else
echo "log line not OK"
exit 1
fi
# Modify the config
cp ub.conf ub2.conf
sed -e 's/rpz-action-override: cname/#rpz-action-override: ""/' \
-e 's/rpz-cname-override: "www.example.org"/rpz-cname-override: ""/' \
-e 's/rpz-log-name: "example policy"/rpz-log-name: "exrpz"/' \
< ub2.conf > ub.conf
echo ""
echo "> Modified config"
grep "rpz" ub.conf
echo ""
echo "> unbound-control reload"
$PRE/unbound-control -c ub.conf reload 2>&1 | tee outfile
if test $? -ne 0; then
echo "wrong exit value."
exit 1
fi
wait_logfile unbound.log "Restart of unbound" 60
# Check the output after reload
dig @127.0.0.1 -p $UNBOUND_PORT foo.example.net. A | tee outfile
echo "> check answer"
if grep "NXDOMAIN" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
if grep "rpz: applied .exrpz." unbound.log | grep "foo.example.net. A"; then
echo "log line OK"
else
echo "log line not OK"
exit 1
fi
dig @127.0.0.1 -p $UNBOUND_PORT www.example.net. A | tee outfile
if grep "1.2.3.4" outfile; then
echo "OK"
else
echo "Not OK"
exit 1
fi
if grep "rpz: applied .exrpz." unbound.log | grep "www.example.net. A"; then
echo "log line OK"
else
echo "log line not OK"
exit 1
fi
exit 0
|
