]>
Commit | Line | Data |
---|---|---|
aba6c826 | 1 | #!/bin/bash |
b97043ee | 2 | set -e |
9091cf89 PL |
3 | if [ "${PDNS_DEBUG}" = "YES" ]; then |
4 | set -x | |
5 | fi | |
b97043ee | 6 | |
0d55a2c1 PL |
7 | export PDNS=${PDNS:-${PWD}/../pdns/pdns_server} |
8 | export PDNSRECURSOR=${PDNSRECURSOR:-${PWD}/../pdns/recursordist/pdns_recursor} | |
9 | export RECCONTROL=${RECCONTROL:-${PWD}/../pdns/recursordist/rec_control} | |
d9c6538e | 10 | |
b97043ee PD |
11 | . ./vars |
12 | ||
f268f09c | 13 | if [ -z "$PREFIX" ] |
b97043ee PD |
14 | then |
15 | echo "config not found or PREFIX not set" | |
16 | exit 1 | |
17 | fi | |
18 | ||
f268f09c | 19 | if [ -z "$AUTHRUN" ] |
b97043ee PD |
20 | then |
21 | echo "config not found or AUTHRUN not set" | |
22 | exit 1 | |
23 | fi | |
24 | ||
b97043ee PD |
25 | rm -rf configs/ |
26 | mkdir configs | |
b97043ee PD |
27 | |
28 | cat > run-auth <<EOF | |
29 | #!/bin/sh | |
30 | $AUTHRUN | |
31 | EOF | |
32 | chmod +x run-auth | |
33 | ||
6e20d2a4 | 34 | if [ \! -x "$PDNSRECURSOR" ] |
35 | then | |
eb58f024 PL |
36 | echo "Could not find an executable pdns_recursor at \"$PDNSRECURSOR\", check PDNSRECURSOR" |
37 | echo "Continuing with configuration anyhow" | |
6e20d2a4 | 38 | fi |
39 | ||
40 | if [ \! -x "$PDNS" ] | |
41 | then | |
eb58f024 PL |
42 | echo "Could not find an executable pdns_server at \"$PDNS\", check PDNS" |
43 | echo "Continuing with configuration anyhow" | |
6e20d2a4 | 44 | fi |
45 | ||
eb58f024 PL |
46 | cd configs |
47 | ||
709c5186 | 48 | for dir in recursor-service recursor-service2 recursor-service3 recursor-service4; do |
777e7e72 PL |
49 | mkdir -p /tmp/$dir |
50 | mkdir -p $dir | |
eb58f024 PL |
51 | cd $dir |
52 | ||
53 | cat > run <<EOF | |
b97043ee PD |
54 | #!/bin/sh |
55 | $RECRUN | |
56 | EOF | |
eb58f024 | 57 | chmod +x run |
b97043ee | 58 | |
eb58f024 | 59 | cat > hintfile << EOF |
f999ad37 PD |
60 | . 3600 IN NS ns.root. |
61 | ns.root. 3600 IN A $PREFIX.8 | |
62 | EOF | |
63 | ||
eb58f024 PL |
64 | cd .. |
65 | done | |
6e20d2a4 | 66 | |
b97043ee PD |
67 | SOA="ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300" |
68 | ||
f999ad37 PD |
69 | ### fake root zone |
70 | mkdir $PREFIX.8 | |
71 | cat > $PREFIX.8/ROOT.zone <<EOF | |
72 | . 3600 IN SOA $SOA | |
73 | . 3600 IN NS ns.root. | |
74 | ns.root. 3600 IN A $PREFIX.8 | |
75 | net. 3600 IN NS ns.example.net. | |
76 | net. 3600 IN NS ns2.example.net. | |
77 | ns.example.net. 3600 IN A $PREFIX.10 | |
78 | ns2.example.net. 3600 IN A $PREFIX.11 | |
79 | EOF | |
b97043ee PD |
80 | |
81 | ### plain example.net zone | |
82 | mkdir $PREFIX.10 | |
83 | cat > $PREFIX.10/example.net.zone <<EOF | |
84 | example.net. 3600 IN SOA $SOA | |
85 | example.net. 3600 IN NS ns.example.net. | |
86 | example.net. 3600 IN NS ns2.example.net. | |
87 | ns.example.net. 3600 IN A $PREFIX.10 | |
88 | ns2.example.net. 3600 IN A $PREFIX.11 | |
89 | www.example.net. 3600 IN A 192.0.2.1 | |
6de632a5 PL |
90 | www2.example.net. 3600 IN A 192.0.2.2 |
91 | www3.example.net. 3600 IN A 192.0.2.3 | |
92 | www4.example.net. 3600 IN A 192.0.2.4 | |
528a3e73 | 93 | www5.example.net. 3600 IN A 192.0.2.5 |
1008b79a | 94 | default.example.net. 3600 IN A 192.0.2.42 |
b3fef90e | 95 | weirdtxt.example.net. 3600 IN IN TXT "x\014x" |
b97043ee PD |
96 | arthur.example.net. 3600 IN NS ns.arthur.example.net. |
97 | arthur.example.net. 3600 IN NS ns2.arthur.example.net. | |
98 | ns.arthur.example.net. 3600 IN A $PREFIX.12 | |
99 | ns2.arthur.example.net. 3600 IN A $PREFIX.13 | |
100 | prefect.example.net. 3600 IN NS ns.prefect.example.net. | |
101 | ns.prefect.example.net. 3600 IN A $PREFIX.14 | |
102 | marvin.example.net. 3600 IN NS ns.marvin.example.net. | |
103 | ns.marvin.example.net. 3600 IN A $PREFIX.15 | |
104 | trillian.example.net. 3600 IN NS ns.trillian.example.net. | |
105 | ns.trillian.example.net. 3600 IN A $PREFIX.16 | |
817367ce PD |
106 | ghost.example.net. 3600 IN NS ns.ghost.example.net. |
107 | ns.ghost.example.net. 3600 IN A $PREFIX.17 | |
2d1a1979 PD |
108 | ford.example.net. 3600 IN NS ns.ford.example.net. |
109 | ns.ford.example.net. 3600 IN A $PREFIX.12 | |
05ac5c1c PD |
110 | hijackme.example.net. 3600 IN NS ns.hijackme.example.net. |
111 | ns.hijackme.example.net. 3600 IN A $PREFIX.20 | |
112 | hijacker.example.net. 3600 IN NS ns.hijacker.example.net. | |
113 | ns.hijacker.example.net. 3600 IN A $PREFIX.21 | |
a970f300 PL |
114 | answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net. |
115 | pfsbox.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net. | |
116 | box.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net. | |
117 | ns.answer-cname-in-local.example.net. 3600 IN A $PREFIX.22 | |
33a4f605 PL |
118 | not-auth-zone.example.net. 3600 IN NS ns.not-auth-zone.example.net. |
119 | ns.not-auth-zone.example.net. 3600 IN A $PREFIX.23 | |
eb58f024 PL |
120 | lowercase-outgoing.example.net. 3600 IN NS ns.lowercase-outgoing.example.net. |
121 | ns.lowercase-outgoing.example.net. 3600 IN A $PREFIX.24 | |
14919b17 | 122 | nxdomainme.example.net. 3600 IN A $PREFIX.25 |
b97043ee PD |
123 | EOF |
124 | ||
125 | mkdir $PREFIX.11 | |
126 | cp $PREFIX.10/example.net.zone $PREFIX.11/ | |
127 | ||
128 | ### plain delegated zone, no surprises | |
c6f94689 | 129 | ### also serves as intentionally NON-authoritative for ford |
b97043ee PD |
130 | mkdir $PREFIX.12 |
131 | cat > $PREFIX.12/arthur.example.net.zone <<EOF | |
132 | arthur.example.net. 3600 IN SOA $SOA | |
133 | arthur.example.net. 3600 IN NS ns.arthur.example.net. | |
134 | arthur.example.net. 3600 IN NS ns2.arthur.example.net. | |
135 | arthur.example.net. 3600 IN MX mail.arthur.example.net. | |
136 | ns.arthur.example.net. 3600 IN A $PREFIX.12 | |
137 | ns2.arthur.example.net. 3600 IN A $PREFIX.13 | |
138 | www.arthur.example.net. 3600 IN A 192.0.2.2 | |
139 | www2.arthur.example.net. 3600 IN A 192.0.2.6 | |
140 | mail.arthur.example.net. 3600 IN A 192.0.2.3 | |
add935a2 PD |
141 | big.arthur.example.net. 3600 IN TXT "the quick brown fox jumps over the lazy dog" |
142 | big.arthur.example.net. 3600 IN TXT "The quick brown fox jumps over the lazy dog" | |
143 | big.arthur.example.net. 3600 IN TXT "THe quick brown fox jumps over the lazy dog" | |
144 | big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog" | |
145 | big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog" | |
146 | big.arthur.example.net. 3600 IN TXT "THE Quick brown fox jumps over the lazy dog" | |
147 | big.arthur.example.net. 3600 IN TXT "THE QUick brown fox jumps over the lazy dog" | |
148 | big.arthur.example.net. 3600 IN TXT "THE QUIck brown fox jumps over the lazy dog" | |
149 | big.arthur.example.net. 3600 IN TXT "THE QUICk brown fox jumps over the lazy dog" | |
150 | big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog" | |
151 | big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog" | |
152 | big.arthur.example.net. 3600 IN TXT "THE QUICK Brown fox jumps over the lazy dog" | |
153 | big.arthur.example.net. 3600 IN TXT "THE QUICK BRown fox jumps over the lazy dog" | |
154 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROwn fox jumps over the lazy dog" | |
155 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWn fox jumps over the lazy dog" | |
156 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog" | |
157 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog" | |
158 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN Fox jumps over the lazy dog" | |
159 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOx jumps over the lazy dog" | |
160 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog" | |
161 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog" | |
162 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX Jumps over the lazy dog" | |
163 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUmps over the lazy dog" | |
164 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMps over the lazy dog" | |
165 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPs over the lazy dog" | |
166 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog" | |
167 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog" | |
168 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS Over the lazy dog" | |
169 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVer the lazy dog" | |
170 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVEr the lazy dog" | |
171 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog" | |
172 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog" | |
173 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER The lazy dog" | |
174 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THe lazy dog" | |
175 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog" | |
176 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog" | |
177 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE Lazy dog" | |
178 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAzy dog" | |
179 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZy dog" | |
180 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog" | |
181 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog" | |
182 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY Dog" | |
183 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOg" | |
184 | big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" | |
f84d14c8 PD |
185 | srv.arthur.example.net. 3600 IN SRV 0 100 389 server2.example.net. |
186 | rp.arthur.example.net. 3600 IN RP ahu.ds9a.nl. counter | |
187 | type1234.arthur.example.net. 3600 IN TYPE1234 \# 2 4142 | |
b97043ee PD |
188 | EOF |
189 | ||
190 | mkdir $PREFIX.13 | |
191 | cp $PREFIX.12/arthur.example.net.zone $PREFIX.13 | |
192 | ||
193 | ### zone with various CNAMEs, valid packets | |
194 | mkdir $PREFIX.14 | |
195 | cat > $PREFIX.14/prefect.example.net.zone <<EOF | |
196 | prefect.example.net. 3600 IN SOA $SOA | |
197 | prefect.example.net. 3600 IN NS ns.prefect.example.net. | |
198 | ns.prefect.example.net. 3600 IN A $PREFIX.14 | |
199 | www-a.prefect.example.net. 3600 IN CNAME www-a-2.prefect.example.net. | |
200 | ;www-a-2.prefect.example.net. NXDOMAIN | |
201 | www-b.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net. | |
202 | www-b-2.prefect.example.net. 3600 IN A 192.0.2.4 | |
203 | www-c.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net. | |
204 | ;www-c-2.prefect.example.net. NOERROR on A | |
205 | www-c-2.prefect.example.net. 3600 IN AAAA 2001:db8::1 | |
206 | www-d.prefect.example.net. 3600 IN CNAME www.arthur.example.net. | |
207 | EOF | |
208 | ||
209 | ### zone with valid in-zone CNAME, invalid NXDOMAIN in response | |
210 | mkdir $PREFIX.15 | |
211 | cat > $PREFIX.15/marvin.example.net.zone <<EOF | |
212 | marvin.example.net. 3600 IN SOA $SOA | |
213 | marvin.example.net. 3600 IN NS ns.marvin.example.net. | |
214 | ns.marvin.example.net. 3600 IN A $PREFIX.15 | |
215 | www.marvin.example.net. 3600 IN CNAME android.marvin.example.net. | |
216 | android.marvin.example.net. 3600 IN A 192.0.2.5 | |
217 | EOF | |
218 | ||
219 | cat > $PREFIX.15/prequery.lua <<EOF | |
c1feb3a8 AT |
220 | if not newDN then |
221 | function newDN(x) | |
222 | return x | |
223 | end | |
224 | end | |
b97043ee PD |
225 | function prequery ( dnspacket ) |
226 | qname, qtype = dnspacket:getQuestion() | |
97ab616e | 227 | if qtype == pdns.A and qname == "www.marvin.example.net." |
b97043ee PD |
228 | then |
229 | dnspacket:setRcode(pdns.NXDOMAIN) | |
230 | ret = {} | |
97ab616e RG |
231 | ret[1] = newDR(newDN(qname), "CNAME", 3600, "android.marvin.example.net", 1) |
232 | ret[2] = newDR(newDN("marvin.example.net"), "SOA", 3600, "$SOA", 2) | |
b97043ee PD |
233 | dnspacket:addRecords(ret) |
234 | return true | |
235 | end | |
236 | return false | |
237 | end | |
238 | EOF | |
239 | ||
240 | ### zone with working cross-zone CNAME, invalid NXDOMAIN in response | |
241 | mkdir $PREFIX.16 | |
242 | cat > $PREFIX.16/trillian.example.net.zone <<EOF | |
243 | trillian.example.net. 3600 IN SOA $SOA | |
244 | trillian.example.net. 3600 IN NS ns.trillian.example.net. | |
245 | ns.trillian.example.net. 3600 IN A $PREFIX.16 | |
246 | www.trillian.example.net. 3600 IN CNAME www2.arthur.example.net. | |
247 | EOF | |
248 | ||
249 | cat > $PREFIX.16/prequery.lua <<EOF | |
c1feb3a8 AT |
250 | if not newDN then |
251 | function newDN(x) | |
252 | return x | |
253 | end | |
254 | end | |
b97043ee PD |
255 | function prequery ( dnspacket ) |
256 | qname, qtype = dnspacket:getQuestion() | |
97ab616e | 257 | if qtype == pdns.A and qname == "www.trillian.example.net." |
b97043ee PD |
258 | then |
259 | dnspacket:setRcode(pdns.NXDOMAIN) | |
260 | ret = {} | |
97ab616e RG |
261 | ret[1] = newDR(newDN(qname), "CNAME", 3600, "www2.arthur.example.net", 1) |
262 | ret[2] = newDR(newDN(""), "SOA", 3600, "$SOA", 2) | |
b97043ee PD |
263 | dnspacket:addRecords(ret) |
264 | return true | |
265 | end | |
266 | return false | |
267 | end | |
268 | EOF | |
269 | ||
817367ce PD |
270 | ### parent zone for ghost testing |
271 | mkdir $PREFIX.17 | |
272 | cat > $PREFIX.17/ghost.example.net.zone <<EOF | |
273 | ghost.example.net. 3600 IN SOA $SOA | |
274 | ghost.example.net. 3600 IN NS ns.ghost.example.net. | |
275 | ns.ghost.example.net. 3600 IN A $PREFIX.17 | |
276 | 1.ghost.example.net. 10 IN NS ns.1.ghost.example.net. | |
277 | ns.1.ghost.example.net. 10 IN A $PREFIX.18 | |
0b80f30b PD |
278 | 2.ghost.example.net. 10 IN NS ns.2.ghost.example.net. |
279 | ns.2.ghost.example.net. 10 IN A $PREFIX.19 | |
817367ce PD |
280 | EOF |
281 | ||
9acdb5ad | 282 | cat > $PREFIX.17/prequery.lua <<EOF |
38abf833 | 283 | posix = require 'posix' |
9acdb5ad | 284 | |
c1feb3a8 AT |
285 | if not newDN then |
286 | function newDN(x) | |
287 | return x | |
288 | end | |
289 | end | |
9acdb5ad PD |
290 | function prequery ( dnspacket ) |
291 | qname, qtype = dnspacket:getQuestion() | |
8949a3e0 OM |
292 | if (string.sub(tostring(qname), -20) == "1.ghost.example.net." and posix.stat('drop-1')) or |
293 | (string.sub(tostring(qname), -20) == "2.ghost.example.net." and posix.stat('drop-2')) | |
9acdb5ad PD |
294 | then |
295 | dnspacket:setRcode(pdns.NXDOMAIN) | |
296 | ret = {} | |
97ab616e | 297 | ret[1] = newDR(newDN("ghost.example.net"), "SOA", 3600, "$SOA", 2) |
9acdb5ad PD |
298 | dnspacket:addRecords(ret) |
299 | return true | |
300 | end | |
301 | return false | |
302 | end | |
303 | EOF | |
304 | ||
0b80f30b | 305 | ### ghost domain with ever-changing NSset |
817367ce PD |
306 | mkdir $PREFIX.18 |
307 | cat > $PREFIX.18/1.ghost.example.net.zone <<EOF | |
308 | 1.ghost.example.net. 3600 IN SOA $SOA | |
309 | 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net. | |
310 | ns.1.ghost.example.net. 20 IN A $PREFIX.18 | |
0b80f30b | 311 | *.www.1.ghost.example.net. 20 IN A 192.0.2.7 |
817367ce PD |
312 | EOF |
313 | ||
314 | cat > $PREFIX.18/prequery.lua <<EOF | |
315 | i=0 | |
316 | ||
c1feb3a8 AT |
317 | if not newDN then |
318 | function newDN(x) | |
319 | return x | |
320 | end | |
321 | end | |
817367ce PD |
322 | function prequery ( dnspacket ) |
323 | i = i + 1 | |
324 | qname, qtype = dnspacket:getQuestion() | |
8949a3e0 | 325 | if qtype == pdns.A and string.sub(tostring(qname), -24) == "www.1.ghost.example.net." |
817367ce PD |
326 | then |
327 | dnspacket:setRcode(pdns.NOERROR) | |
328 | ret = {} | |
329 | -- www.1.ghost.example.net. 20 IN A 192.0.2.7 | |
97ab616e | 330 | ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.7", 1) |
817367ce | 331 | -- 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net. |
97ab616e RG |
332 | ret[2] = newDR(newDN("1.ghost.example.net"), "NS", 20, "ns"..i..".1.ghost.example.net", 2) |
333 | -- ns.1.ghost.example.net. 20 IN A $PREFIX.18 | |
334 | ret[3] = newDR(newDN("ns"..i..".1.ghost.example.net"), "A", 20, "$PREFIX.18", 3) | |
817367ce PD |
335 | dnspacket:addRecords(ret) |
336 | return true | |
337 | end | |
338 | return false | |
339 | end | |
340 | EOF | |
341 | ||
0b80f30b PD |
342 | ### ghost domain with static NSset |
343 | mkdir $PREFIX.19 | |
344 | cat > $PREFIX.19/2.ghost.example.net.zone <<EOF | |
345 | 2.ghost.example.net. 3600 IN SOA $SOA | |
346 | 2.ghost.example.net. 20 IN NS ns.2.ghost.example.net. | |
347 | ns.2.ghost.example.net. 20 IN A $PREFIX.19 | |
348 | *.www.2.ghost.example.net. 20 IN A 192.0.2.8 | |
349 | EOF | |
350 | cat > $PREFIX.19/prequery.lua <<EOF | |
c1feb3a8 AT |
351 | if not newDN then |
352 | function newDN(x) | |
353 | return x | |
354 | end | |
355 | end | |
0b80f30b PD |
356 | function prequery ( dnspacket ) |
357 | qname, qtype = dnspacket:getQuestion() | |
c1feb3a8 | 358 | if qtype == pdns.A and string.sub(tostring(qname), -25) == ".www.2.ghost.example.net." |
0b80f30b PD |
359 | then |
360 | dnspacket:setRcode(pdns.NOERROR) | |
361 | ret = {} | |
97ab616e RG |
362 | ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.8", 1) |
363 | ret[2] = newDR(newDN("2.ghost.example.net"), "NS", 20, "ns.2.ghost.example.net", 2) | |
364 | ret[3] = newDR(newDN("ns.2.ghost.example.net"), "A", 20, "$PREFIX.19", 3) | |
0b80f30b PD |
365 | dnspacket:addRecords(ret) |
366 | return true | |
367 | end | |
368 | return false | |
369 | end | |
370 | EOF | |
b97043ee | 371 | |
05ac5c1c PD |
372 | ### plain domain as target for hijacking |
373 | mkdir $PREFIX.20 | |
374 | cat > $PREFIX.20/hijackme.example.net.zone <<EOF | |
375 | hijackme.example.net. 3600 IN SOA $SOA | |
376 | hijackme.example.net. 20 IN NS ns.hijackme.example.net. | |
377 | ns.hijackme.example.net. 20 IN A $PREFIX.20 | |
378 | www.hijackme.example.net. 20 IN A 192.0.2.20 | |
379 | EOF | |
380 | ||
381 | ### domain designed to hijack the A of ns.hijackme.example.net | |
382 | mkdir $PREFIX.21 | |
383 | cat > $PREFIX.21/hijacker.example.net.zone <<EOF | |
384 | hijacker.example.net. 3600 IN SOA $SOA | |
385 | hijacker.example.net. 20 IN NS ns.hijackme.example.net. | |
386 | ;ns.hijackme.example.net. 20 IN A $PREFIX.21 | |
387 | ||
388 | EOF | |
389 | ||
390 | cat > $PREFIX.21/hijackme.example.net.zone <<EOF | |
391 | hijackme.example.net. 3600 IN SOA $SOA | |
392 | hijackme.example.net. 20 IN NS ns.hijackme.example.net. | |
393 | ns.hijackme.example.net. 20 IN A $PREFIX.21 | |
394 | www.hijackme.example.net. 20 IN A 192.0.2.21 | |
395 | ||
396 | EOF | |
397 | ||
a970f300 PL |
398 | ## Several domains where one gets overwritten as a local auth zone |
399 | mkdir $PREFIX.22 | |
400 | cat > $PREFIX.22/box.answer-cname-in-local.example.net.zone <<EOF | |
401 | box.answer-cname-in-local.example.net. 3600 IN SOA $SOA | |
402 | box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net. | |
403 | ||
404 | global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net. | |
405 | service.box.answer-cname-in-local.example.net. 20 IN CNAME pfs.global.box.answer-cname-in-local.example.net. | |
406 | ||
407 | EOF | |
408 | ||
409 | cat > $PREFIX.22/global.box.answer-cname-in-local.example.net.zone <<EOF | |
410 | global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA | |
411 | global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net. | |
412 | ||
413 | pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-metropole.pfsbox.answer-cname-in-local.example.net. | |
414 | ||
415 | EOF | |
416 | ||
417 | cat > $PREFIX.22/pfsbox.answer-cname-in-local.example.net.zone <<EOF | |
418 | pfsbox.answer-cname-in-local.example.net. 3600 IN SOA $SOA | |
419 | pfsbox.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net. | |
420 | ||
421 | vip-metropole.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.0.0.1 | |
422 | vip-reunion.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.1.1.1 | |
423 | ||
424 | EOF | |
425 | ||
33a4f605 PL |
426 | # Used for the auth-zones test, to test a CNAME inside an auth-zone to a name |
427 | # outside of and auth-zone | |
428 | mkdir $PREFIX.23 | |
429 | cat > $PREFIX.23/not-auth-zone.example.net.zone <<EOF | |
430 | not-auth-zone.example.net. 3600 IN SOA $SOA | |
431 | not-auth-zone.example.net. 20 IN NS ns.not-auth-zone.example.net. | |
432 | ||
433 | ns.not-auth-zone.example.net. 20 IN A $PREFIX.23 | |
434 | host1.not-auth-zone.example.net. 20 IN A 127.0.0.57 | |
435 | EOF | |
436 | ||
a7a787b8 PD |
437 | cat > $PREFIX.23/france.auth-zone.example.net.zone <<EOF |
438 | france.auth-zone.example.net. 3600 IN SOA $SOA | |
439 | france.auth-zone.example.net. 3600 IN NS ns1.auth-zone.example.net | |
440 | www.france.auth-zone.example.net. 3600 IN A 192.0.2.23 | |
441 | france.auth-zone.example.net. 3600 IN A 192.0.2.223 | |
442 | EOF | |
443 | ||
a970f300 PL |
444 | # And for the recursor |
445 | cat > recursor-service/global.box.answer-cname-in-local.example.net.zone <<EOF | |
446 | global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA | |
447 | global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net. | |
448 | ||
449 | pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-reunion.pfsbox.answer-cname-in-local.example.net. | |
450 | ||
451 | EOF | |
452 | ||
33a4f605 PL |
453 | # For the auth-zones test |
454 | cat > recursor-service/auth-zone.example.net.zone <<EOF | |
455 | auth-zone.example.net. 3600 IN SOA $SOA | |
456 | auth-zone.example.net. 20 IN NS localhost.example.net. | |
457 | ||
458 | host1.auth-zone.example.net. 20 IN A 127.0.0.55 | |
459 | host1.auth-zone.example.net. 20 IN AAAA 2001:DB8::1:45BA | |
460 | ||
461 | host2.auth-zone.example.net. 20 IN CNAME host1.another-auth-zone.example.net. | |
462 | ||
463 | host3.auth-zone.example.net. 20 IN CNAME host1.not-auth-zone.example.net. | |
e0039478 | 464 | *.wild.auth-zone.example.net. 3600 IN TXT "Hi there!" |
a7a787b8 | 465 | france.auth-zone.example.net. 20 IN NS ns1.auth-zone.example.net. |
9826e24d | 466 | ns1.auth-zone.example.net. 20 IN A $PREFIX.23 |
2d283340 | 467 | *.something.auth-zone.example.net. 20 IN CNAME host1.auth-zone.example.net. |
33a4f605 PL |
468 | EOF |
469 | ||
eb58f024 PL |
470 | mkdir $PREFIX.24 |
471 | cat > $PREFIX.24/lowercase-outgoing.example.net.zone <<EOF | |
472 | lowercase-outgoing.example.net. 3600 IN SOA $SOA | |
473 | lowercase-outgoing.example.net. 20 IN NS ns.lowercase-outgoing.example.net. | |
474 | ||
475 | ns.lowercase-outgoing.example.net. 20 IN A $PREFIX.24 | |
476 | host.lowercase-outgoing.example.net. 20 IN A 127.0.0.57 | |
477 | EOF | |
478 | ||
479 | cat > $PREFIX.24/prequery.lua <<EOF | |
480 | filename = "questions.txt" | |
481 | ||
482 | --- Truncate file | |
483 | file = io.open(filename, "w") | |
484 | file:close() | |
485 | ||
c1feb3a8 AT |
486 | if not newDN then |
487 | function newDN(x) | |
488 | return x | |
489 | end | |
490 | end | |
eb58f024 PL |
491 | function prequery ( dnspacket ) |
492 | qname, qtype = dnspacket:getQuestion() | |
493 | file = io.open('questions.txt', "a") | |
c1feb3a8 | 494 | file:write(tostring(qname) .. "\n") |
eb58f024 PL |
495 | file:close() |
496 | ||
497 | return false | |
498 | end | |
499 | EOF | |
500 | ||
33a4f605 PL |
501 | cat > recursor-service/another-auth-zone.example.net.zone <<EOF |
502 | another-auth-zone.example.net. 3600 IN SOA $SOA | |
503 | another-auth-zone.example.net. 20 IN NS localhost.example.net. | |
504 | ||
505 | host1.another-auth-zone.example.net. 20 IN A 127.0.0.56 | |
506 | EOF | |
507 | ||
b97043ee PD |
508 | for dir in $PREFIX.* |
509 | do | |
510 | cat > $dir/pdns.conf <<EOF | |
74caf870 | 511 | module-dir=../../../regression-tests/modules |
b97043ee PD |
512 | launch=bind |
513 | daemon=no | |
514 | local-address=$dir | |
f5ad09dc | 515 | ## TODO remove when switching circle-ci and travis to 4.3 |
9902881b | 516 | local-ipv6= |
b97043ee PD |
517 | bind-config=named.conf |
518 | no-shuffle | |
519 | socket-dir=. | |
817367ce PD |
520 | cache-ttl=0 |
521 | negquery-cache-ttl=0 | |
522 | query-cache-ttl=0 | |
523 | distributor-threads=1 | |
524 | ||
b97043ee | 525 | EOF |
b97043ee PD |
526 | if [ -e $dir/prequery.lua ] |
527 | then | |
528 | echo 'lua-prequery-script=prequery.lua' >> $dir/pdns.conf | |
529 | fi | |
f268f09c | 530 | |
b97043ee PD |
531 | cat > $dir/named.conf <<EOF |
532 | options { | |
533 | directory "./"; | |
534 | }; | |
535 | EOF | |
f268f09c | 536 | for zone in $(ls $dir | grep '\.zone$' | sed 's/\.zone$//') |
b97043ee | 537 | do |
f999ad37 PD |
538 | realzone=$zone |
539 | if [ $realzone = ROOT ] | |
540 | then | |
541 | realzone='.' | |
542 | fi | |
b97043ee | 543 | cat >> $dir/named.conf <<EOF |
f999ad37 | 544 | zone "$realzone"{ |
b97043ee PD |
545 | type master; |
546 | file "./$zone.zone"; | |
547 | }; | |
548 | EOF | |
549 | done | |
6e20d2a4 | 550 | ln -s ../../run-auth $dir/run |
b97043ee PD |
551 | done |
552 | ||
a6a26b43 PL |
553 | cat > recursor-service/forward-zones-file << EOF |
554 | # Some comment that should be ignored | |
555 | forward-zones-test.non-existing.powerdns.com=8.8.8.8 | |
556 | forward-zones-test2.non-existing.powerdns.com=8.8.8.8# This comment should be ignored as well | |
557 | EOF | |
558 | ||
a970f300 | 559 | cat > recursor-service/recursor.conf <<EOF |
a6a26b43 PL |
560 | webserver=yes |
561 | api-key=secret | |
a6a26b43 PL |
562 | forward-zones-file=$(pwd)/recursor-service/forward-zones-file |
563 | ||
2a6da08f | 564 | socket-dir=/tmp/recursor-service |
33a4f605 | 565 | auth-zones=global.box.answer-cname-in-local.example.net=$(pwd)/recursor-service/global.box.answer-cname-in-local.example.net.zone,auth-zone.example.net=$(pwd)/recursor-service/auth-zone.example.net.zone,another-auth-zone.example.net=$(pwd)/recursor-service/another-auth-zone.example.net.zone |
c093909c | 566 | loglevel=9 |
a970f300 PL |
567 | |
568 | EOF | |
eb58f024 PL |
569 | |
570 | cat > recursor-service2/recursor.conf <<EOF | |
571 | local-port=5300 | |
2a6da08f | 572 | socket-dir=/tmp/recursor-service2 |
eb58f024 PL |
573 | lowercase-outgoing=yes |
574 | ||
575 | EOF | |
6de632a5 PL |
576 | |
577 | cat > recursor-service3/recursor.conf << EOF | |
578 | local-port=5301 | |
2a6da08f | 579 | socket-dir=/tmp/recursor-service3 |
6de632a5 | 580 | lua-config-file=$(pwd)/recursor-service3/config.lua |
baa13bf9 | 581 | lua-dns-script=$(pwd)/recursor-service3/script.lua |
6de632a5 PL |
582 | |
583 | EOF | |
584 | ||
585 | cat > recursor-service3/config.lua <<EOF | |
586 | rpzFile("$(pwd)/recursor-service3/rpz.zone", {policyName="myRPZ"}) | |
528a3e73 | 587 | rpzFile("$(pwd)/recursor-service3/rpz2.zone", {policyName="mySecondRPZ"}) |
1008b79a RG |
588 | rpzFile("$(pwd)/recursor-service3/rpz3.zone", {policyName="cappedTTLRPZ", maxTTL=5}) |
589 | rpzFile("$(pwd)/recursor-service3/rpz4.zone", {policyName="defPolicyTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=10, maxTTL=20}) | |
590 | rpzFile("$(pwd)/recursor-service3/rpz5.zone", {policyName="defPolicyCappedTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=50, maxTTL=20}) | |
591 | rpzFile("$(pwd)/recursor-service3/rpz6.zone", {policyName="defPolicyWithoutTTL", defpol=Policy.Custom, defcontent="default.example.net"}) | |
592 | rpzFile("$(pwd)/recursor-service3/rpz7.zone", {policyName="defPolicyWithoutTTLCapped", defpol=Policy.Custom, defcontent="default.example.net", maxTTL=50}) | |
6de632a5 PL |
593 | EOF |
594 | ||
3ad91402 PL |
595 | IFS=. read REV_PREFIX1 REV_PREFIX2 REV_PREFIX3 <<< $(echo $PREFIX) # This will bite us in the ass if we ever test on IPv6 |
596 | ||
6de632a5 PL |
597 | cat > recursor-service3/rpz.zone <<EOF |
598 | \$TTL 2h; | |
599 | \$ORIGIN domain.example. | |
600 | @ SOA $SOA | |
601 | @ NS ns.example.net. | |
602 | ||
603 | arthur.example.net CNAME . ; NXDOMAIN on apex | |
604 | *.arthur.example.net CNAME *. ; NODATA for everything below the apex | |
605 | srv.arthur.example.net CNAME rpz-passthru. ; Allow this name though | |
606 | www.example.net CNAME www2.example.net. ; Local-Data Action | |
baa13bf9 | 607 | www3.example.net CNAME www4.example.net. ; Local-Data Action (to be changed in preresolve) |
528a3e73 | 608 | www5.example.net A 192.0.2.15 ; Override www5.example.net. |
6e39dfd4 | 609 | trillian.example.net CNAME . ; NXDOMAIN on apex, allows all sub-names (#4086) |
a9e029ee | 610 | *.wildcard-target.example.net CNAME *.walled-garden.example.net. ; Special form of Local Data: a CNAME RR with a wildcarded target name |
6de632a5 PL |
611 | |
612 | 32.4.2.0.192.rpz-ip CNAME rpz-drop. ; www4.example.net resolves to 192.0.2.4, drop A responses with that IP | |
3ad91402 PL |
613 | |
614 | ns.hijackme.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.hijackme.example.net | |
615 | ns.marvin.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.marvin.example.net (we disable RPZ in preresolve though) | |
616 | 32.24.$REV_PREFIX3.$REV_PREFIX2.$REV_PREFIX1.rpz-nsip CNAME . ; The IP for ns.lowercase-outgoing.example.net, should yield NXDOMAIN | |
617 | ||
6de632a5 | 618 | EOF |
baa13bf9 | 619 | |
528a3e73 RG |
620 | cat > recursor-service3/rpz2.zone <<EOF |
621 | \$TTL 2h; | |
622 | \$ORIGIN domain.example. | |
623 | @ SOA $SOA | |
624 | @ NS ns.example.net. | |
625 | ||
626 | www5.example.net A 192.0.2.25 ; Override www5.example.net. | |
627 | ||
628 | EOF | |
629 | ||
1008b79a RG |
630 | cat > recursor-service3/rpz3.zone <<EOF |
631 | \$TTL 2h; | |
632 | \$ORIGIN domain.example. | |
633 | @ SOA $SOA | |
634 | @ NS ns.example.net. | |
635 | ||
636 | capped-ttl.example.net 50 IN A 192.0.2.35 ; exceeds the maxTTL setting | |
637 | unsupported.example.net 50 IN CNAME rpz-unsupported. ; unsupported target | |
638 | unsupported2.example.net 50 IN CNAME 32.3.2.0.192.rpz-unsupported. ; also unsupported target | |
639 | not-rpz.example.net 50 IN CNAME rpz-not.com. ; this one is not a special RPZ target | |
640 | ||
641 | EOF | |
642 | ||
643 | cat > recursor-service3/rpz4.zone <<EOF | |
644 | \$TTL 2h; | |
645 | \$ORIGIN domain.example. | |
646 | @ SOA $SOA | |
647 | @ NS ns.example.net. | |
648 | ||
649 | defpol-with-ttl.example.net 50 IN A 192.0.2.35 ; will be overriden by the default policy and the default TTL | |
650 | ||
651 | EOF | |
652 | ||
653 | cat > recursor-service3/rpz5.zone <<EOF | |
654 | \$TTL 2h; | |
655 | \$ORIGIN domain.example. | |
656 | @ SOA $SOA | |
657 | @ NS ns.example.net. | |
658 | ||
659 | defpol-with-ttl-capped.example.net 100 IN A 192.0.2.35 ; will be overriden by the default policy and the default TTL (but capped by maxTTL) | |
660 | ||
661 | EOF | |
662 | ||
663 | cat > recursor-service3/rpz6.zone <<EOF | |
664 | \$TTL 2h; | |
665 | \$ORIGIN domain.example. | |
666 | @ SOA $SOA | |
667 | @ NS ns.example.net. | |
668 | ||
669 | defpol-without-ttl.example.net A 192.0.2.35 ; will be overriden by the default policy, but with the zone's TTL | |
670 | ||
671 | EOF | |
672 | ||
673 | cat > recursor-service3/rpz7.zone <<EOF | |
674 | \$TTL 2h; | |
675 | \$ORIGIN domain.example. | |
676 | @ SOA $SOA | |
677 | @ NS ns.example.net. | |
678 | ||
679 | defpol-without-ttl-capped.example.net A 192.0.2.35 ; will be overriden by the default policy, but with the zone's TTL capped by maxTTL | |
680 | ||
681 | EOF | |
682 | ||
baa13bf9 | 683 | cat > recursor-service3/script.lua <<EOF |
528a3e73 RG |
684 | function prerpz(dq) |
685 | if dq.qname:equal('www5.example.net') then | |
686 | dq:discardPolicy('myRPZ') | |
687 | end | |
688 | return true | |
689 | end | |
690 | ||
baa13bf9 | 691 | function preresolve(dq) |
14919b17 RG |
692 | if dq.qname:equal("nxdomainme.example.net") then |
693 | dq.rcode = pdns.NXDOMAIN | |
694 | return true | |
695 | end | |
3ad91402 PL |
696 | if dq.qname:equal("android.marvin.example.net") then |
697 | dq.wantsRPZ = false -- disable RPZ | |
698 | end | |
baa13bf9 PL |
699 | if dq.appliedPolicy.policyKind == pdns.policykinds.Custom then |
700 | if dq.qname:equal("www3.example.net") then | |
701 | dq.appliedPolicy.policyCustom = "www2.example.net" | |
702 | end | |
703 | end | |
704 | return false | |
705 | end | |
706 | EOF | |
709c5186 PL |
707 | |
708 | cat > recursor-service4/recursor.conf <<EOF | |
709 | local-port=5302 | |
710 | socket-dir=/tmp/recursor-service4 | |
711 | packetcache-ttl=0 | |
712 | forward-zones=net.=$PREFIX.10;$PREFIX.11 | |
713 | ||
714 | EOF |