Annotation of src/external/mpl/bind/dist/bin/tests/system/checkconf/tests.sh, Revision 1.1.1.1.2.3
1.1.1.1.2.2 pgoyette 1: # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
2: #
3: # This Source Code Form is subject to the terms of the Mozilla Public
4: # License, v. 2.0. If a copy of the MPL was not distributed with this
5: # file, You can obtain one at http://mozilla.org/MPL/2.0/.
6: #
7: # See the COPYRIGHT file distributed with this work for additional
8: # information regarding copyright ownership.
9:
10: SYSTEMTESTTOP=..
11: . $SYSTEMTESTTOP/conf.sh
12:
13: status=0
14: n=0
15:
16: n=`expr $n + 1`
17: echo_i "checking that named-checkconf handles a known good config ($n)"
18: ret=0
19: $CHECKCONF good.conf > /dev/null 2>&1 || ret=1
20: if [ $ret != 0 ]; then echo_i "failed"; fi
21: status=`expr $status + $ret`
22:
23: n=`expr $n + 1`
24: echo_i "checking that named-checkconf prints a known good config ($n)"
25: ret=0
26: awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
27: [ -s good.conf.in ] || ret=1
28: $CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
29: cmp good.conf.in good.conf.out || ret=1
30: if [ $ret != 0 ]; then echo_i "failed"; fi
31: status=`expr $status + $ret`
32:
33: n=`expr $n + 1`
34: echo_i "checking that named-checkconf -x removes secrets ($n)"
35: ret=0
36: # ensure there is a secret and that it is not the check string.
37: grep 'secret "' good.conf.in > /dev/null || ret=1
38: grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
39: $CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
40: grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
41: if [ $ret != 0 ]; then echo_i "failed"; fi
42: status=`expr $status + $ret`
43:
44: for bad in bad-*.conf
45: do
46: n=`expr $n + 1`
47: echo_i "checking that named-checkconf detects error in $bad ($n)"
48: ret=0
49: $CHECKCONF $bad > checkconf.out 2>&1
50: if [ $? != 1 ]; then ret=1; fi
51: grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
52: case $bad in
53: bad-update-policy[123].conf)
54: pat="identity and name fields are not the same"
55: grep "$pat" checkconf.out > /dev/null || ret=1
56: ;;
1.1.1.1.2.3! pgoyette 57: bad-update-policy[4589].conf|bad-update-policy1[01].conf)
1.1.1.1.2.2 pgoyette 58: pat="name field not set to placeholder value"
59: grep "$pat" checkconf.out > /dev/null || ret=1
60: ;;
1.1.1.1.2.3! pgoyette 61: bad-update-policy[67].conf|bad-update-policy1[2345].conf)
! 62: pat="missing name field type '.*' found"
! 63: grep "$pat" checkconf.out > /dev/null || ret=1
! 64: ;;
1.1.1.1.2.2 pgoyette 65: esac
66: if [ $ret != 0 ]; then echo_i "failed"; fi
67: status=`expr $status + $ret`
68: done
69:
70: for good in good-*.conf
71: do
72: n=`expr $n + 1`
73: echo_i "checking that named-checkconf detects no error in $good ($n)"
74: ret=0
75: $CHECKCONF $good > /dev/null 2>&1
76: if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
77: status=`expr $status + $ret`
78: done
79:
80: n=`expr $n + 1`
81: echo_i "checking that named-checkconf -z catches missing hint file ($n)"
82: ret=0
83: $CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
84: grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
85: if [ $ret != 0 ]; then echo_i "failed"; fi
86: status=`expr $status + $ret`
87:
88: n=`expr $n + 1`
89: echo_i "checking that named-checkconf catches range errors ($n)"
90: ret=0
91: $CHECKCONF range.conf > /dev/null 2>&1 && ret=1
92: if [ $ret != 0 ]; then echo_i "failed"; fi
93: status=`expr $status + $ret`
94:
95: n=`expr $n + 1`
96: echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
97: ret=0
98: warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l`
99: [ $warnings -eq 3 ] || ret=1
100: if [ $ret != 0 ]; then echo_i "failed"; fi
101: status=`expr $status + $ret`
102:
103: n=`expr $n + 1`
104: echo_i "checking named-checkconf dnssec warnings ($n)"
105: ret=0
106: $CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
107: $CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
108: $CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
109: $CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
110: # this one should have no warnings
111: $CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
112: if [ $ret != 0 ]; then echo_i "failed"; fi
113: status=`expr $status + $ret`
114:
115: n=`expr $n + 1`
116: echo_i "range checking fields that do not allow zero ($n)"
117: ret=0
118: for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
119: cat > badzero.conf << EOF
120: options {
121: $field 0;
122: };
123: EOF
124: $CHECKCONF badzero.conf > /dev/null 2>&1
125: [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
126: cat > badzero.conf << EOF
127: view dummy {
128: $field 0;
129: };
130: EOF
131: $CHECKCONF badzero.conf > /dev/null 2>&1
132: [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
133: cat > badzero.conf << EOF
134: options {
135: $field 0;
136: };
137: view dummy {
138: };
139: EOF
140: $CHECKCONF badzero.conf > /dev/null 2>&1
141: [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
142: cat > badzero.conf << EOF
143: zone dummy {
144: type slave;
145: masters { 0.0.0.0; };
146: $field 0;
147: };
148: EOF
149: $CHECKCONF badzero.conf > /dev/null 2>&1
150: [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
151: done
152: if [ $ret != 0 ]; then echo_i "failed"; fi
153: status=`expr $status + $ret`
154:
155: n=`expr $n + 1`
156: echo_i "checking options allowed in inline-signing slaves ($n)"
157: ret=0
158: l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l`
159: [ $l -eq 1 ] || ret=1
160: l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l`
161: [ $l -eq 1 ] || ret=1
162: l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l`
163: [ $l -eq 1 ] || ret=1
164: if [ $ret != 0 ]; then echo_i "failed"; fi
165: status=`expr $status + $ret`
166:
167: n=`expr $n + 1`
168: echo_i "check file + inline-signing for slave zones ($n)"
169: l=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
170: [ $l -eq 0 ] || ret=1
171: l=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
172: [ $l -eq 0 ] || ret=1
173: l=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
174: [ $l -eq 1 ] || ret=1
175: if [ $ret != 0 ]; then echo_i "failed"; fi
176: status=`expr $status + $ret`
177:
178: n=`expr $n + 1`
179: echo_i "checking named-checkconf DLZ warnings ($n)"
180: ret=0
181: $CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1
182: if [ $ret != 0 ]; then echo_i "failed"; fi
183: status=`expr $status + $ret`
184:
185: n=`expr $n + 1`
186: echo_i "checking for missing key directory warning ($n)"
187: ret=0
188: rm -rf test.keydir
189: l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l`
190: [ $l -eq 1 ] || ret=1
191: touch test.keydir
192: l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l`
193: [ $l -eq 1 ] || ret=1
194: rm -f test.keydir
195: mkdir test.keydir
196: l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l`
197: [ $l -eq 0 ] || ret=1
198: rm -rf test.keydir
199: if [ $ret != 0 ]; then echo_i "failed"; fi
200:
201: n=`expr $n + 1`
202: echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"
203: ret=0
204: $CHECKCONF -z max-ttl.conf > check.out 2>&1
205: grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
206: grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
207: grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
208: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
209: status=`expr $status + $ret`
210:
211: n=`expr $n + 1`
212: echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
213: ret=0
214: $CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1
215: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
216: status=`expr $status + $ret`
217:
218: n=`expr $n + 1`
219: echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
220: ret=0
221: $CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1
222: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
223: status=`expr $status + $ret`
224:
225: n=`expr $n + 1`
226: echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
227: ret=0
228: $CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1
229: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
230: status=`expr $status + $ret`
231:
232: n=`expr $n + 1`
233: echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
234: ret=0
235: $CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1
236: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
237: status=`expr $status + $ret`
238:
239: n=`expr $n + 1`
240: echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
241: ret=0
242: $CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1
243: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
244: status=`expr $status + $ret`
245:
246: n=`expr $n + 1`
247: echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
248: ret=0
249: $CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1
250: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
251: status=`expr $status + $ret`
252:
253: n=`expr $n + 1`
254: echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
255: ret=0
256: $CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1
257: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
258: status=`expr $status + $ret`
259:
260: n=`expr $n + 1`
261: echo_i "check that check-names fails as configured ($n)"
262: ret=0
263: $CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
264: grep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1
265: grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
266: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
267: status=`expr $status + $ret`
268:
269: n=`expr $n + 1`
270: echo_i "check that check-mx fails as configured ($n)"
271: ret=0
272: $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
273: grep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1
274: grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
275: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
276: status=`expr $status + $ret`
277:
278: n=`expr $n + 1`
279: echo_i "check that check-dup-records fails as configured ($n)"
280: ret=0
281: $CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
282: grep "has semantically identical records" checkconf.out$n > /dev/null || ret=1
283: grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
284: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
285: status=`expr $status + $ret`
286:
287: n=`expr $n + 1`
288: echo_i "check that check-mx fails as configured ($n)"
289: ret=0
290: $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
291: grep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1
292: grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
293: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
294: status=`expr $status + $ret`
295:
296: n=`expr $n + 1`
297: echo_i "check that check-mx-cname fails as configured ($n)"
298: ret=0
299: $CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
300: grep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
301: grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
302: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
303: status=`expr $status + $ret`
304:
305: n=`expr $n + 1`
306: echo_i "check that check-srv-cname fails as configured ($n)"
307: ret=0
308: $CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
309: grep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
310: grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
311: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
312: status=`expr $status + $ret`
313:
314: n=`expr $n + 1`
315: echo_i "check that named-checkconf -p properly print a port range ($n)"
316: ret=0
317: $CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
318: grep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1
319: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
320: status=`expr $status + $ret`
321:
322: n=`expr $n + 1`
323: echo_i "check that named-checkconf -z handles in-view ($n)"
324: ret=0
325: $CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1
326: grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1
327: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
328: status=`expr $status + $ret`
329:
330: n=`expr $n + 1`
331: echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
332: ret=0
333: $CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
334: grep "max-cache-size 60%;" checkconf.out$n > /dev/null || ret=1
335: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
336: status=`expr $status + $ret`
337:
338: n=`expr $n + 1`
339: echo_i "check that named-checkconf -l print out the zone list ($n)"
340: ret=0
341: $CHECKCONF -l good.conf |
342: grep -v "is not implemented" |
343: grep -v "is obsolete" > checkconf.out$n || ret=1
344: diff good.zonelist checkconf.out$n > diff.out$n || ret=1
345: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
346: status=`expr $status + $ret`
347:
348: n=`expr $n + 1`
349: echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
350: ret=0
351: $CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
352: grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1
353: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
354: status=`expr $status + $ret`
355:
356: n=`expr $n + 1`
357: echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
358: ret=0
359: $CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
360: grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1
361: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
362: status=`expr $status + $ret`
363:
364: n=`expr $n + 1`
365: echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
366: ret=0
367: $CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
368: [ -s checkconf.out$n ] && ret=1
369: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
370: status=`expr $status + $ret`
371:
372: n=`expr $n + 1`
373: echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
374: ret=0
375: $CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
376: [ -s checkconf.out$n ] || ret=1
377: grep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1
378: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
379: status=`expr $status + $ret`
380:
381: echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)"
382: ret=0
383: $CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
384: [ -s checkconf.out$n ] && ret=1
385: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
386: status=`expr $status + $ret`
387:
388: echo_i "check that the 2017 ICANN ROOT KSK alone does not warning ($n)"
389: ret=0
390: $CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
391: [ -s checkconf.out$n ] && ret=1
392: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
393: status=`expr $status + $ret`
394:
395: echo_i "check that the dlv.isc.org KSK generates a warning ($n)"
396: ret=0
397: $CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1
398: [ -s checkconf.out$n ] || ret=1
399: grep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1
400: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
401: status=`expr $status + $ret`
402:
1.1.1.1.2.3! pgoyette 403: echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
! 404: ret=0
! 405: $CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
! 406: [ -s checkconf.out$n ] || ret=1
! 407: grep "'geoip-use-ecs' is obsolete" checkconf.out$n > /dev/null || ret=1
! 408: if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
! 409: status=`expr $status + $ret`
! 410:
1.1.1.1.2.2 pgoyette 411: echo_i "exit status: $status"
412: [ $status -eq 0 ] || exit 1
CVSweb <webmaster@jp.NetBSD.org>