5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587]
+5168. [test] Do not crash on shutdown when RPZ fails to load. Also,
+ keep previous version of the database if RPZ fails to
+ load. [GL #813]
+
5167. [bug] nxdomain-redirect could sometimes lookup the wrong
redirect name. [GL #892]
The test setup for the RPZ tests prepares a query perf tool and sets up
policy zones.
-
Name servers
------------
ns6 is a forwarding server.
-
Updating the response policy zones
----------------------------------
# Clean up after rpz tests.
-rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
-rm -f ns*/*.key ns*/*.private ns2/tld2s.db ns2/bl.tld2.db
-rm -f ns3/bl*.db ns*/*switch ns*/empty.db ns*/empty.db.jnl
-rm -f ns5/requests ns5/example.db ns5/bl.db ns5/*.perf
-rm -f */named.memstats */named.run */named.stats */session.key
-rm -f */*.jnl */*.core */*.pid
+USAGE="$0: [-Px]"
+DEBUG=
+while getopts "Px" c; do
+ case $c in
+ x) set -x ;;
+ P) PARTIAL=set ;;
+ *) echo "$USAGE" 1>&2; exit 1;;
+ esac
+done
+shift `expr $OPTIND - 1 || true`
+if test "$#" -ne 0; then
+ echo "$USAGE" 1>&2
+ exit 1
+fi
+
+# this might be called from setup.sh to partially clean up the files
+# from the first test pass so the second pass can be set up correctly.
+# remove those files first, then decide whether to remove the others.
+rm -f ns*/*.key ns*/*.private
+rm -f ns2/tld2s.db ns2/bl.tld2.db
+rm -f ns3/bl*.db ns*/empty.db
+rm -f ns3/manual-update-rpz.db
+rm -f ns5/example.db ns5/bl.db
rm -f */policy2.db
-rm -f ns*/named.lock
-rm -f ns*/named.conf
-rm -f tmp
+rm -f */*.jnl
+
+if [ ${PARTIAL:-unset} = unset ]; then
+ rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
+ rm -f ns5/requests ns5/*.perf
+ rm -f */named.memstats */*.run */*.run.prev */named.stats */session.key
+ rm -f */*.log */*core */*.pid
+ rm -f ns*/named.lock
+ rm -f ns*/named.conf
+ rm -f ns*/*switch ns*/empty.db.jnl
+ rm -f dnsrps*.conf
+ rm -f dnsrpzd.conf
+ rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid
+ rm -f ns*/managed-keys.bind*
+ rm -f tmp
+fi
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+; broken zone
+foobar
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+$TTL 300
+@ SOA bl-reload. hostmaster.ns.bl-reload. ( 2 3600 1200 604800 60 )
+ NS ns.tld3.
+
+walled.tld2.bl-reload. 300 A 10.0.0.2
+
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+$TTL 300
+@ SOA manual-update-rpz. hostmaster.ns.manual-rpz-update. ( 1 3600 1200 604800 60 )
+ NS ns.tld3.
+
+walled.tld2.manual-update-rpz. 300 A 10.0.0.1
+
zone "bl-drop" policy drop;
zone "bl-tcp-only" policy tcp-only;
zone "bl.tld2";
+ zone "manual-update-rpz";
}
min-ns-dots 0
qname-wait-recurse yes
zone "bl.tld2." {type slave; file "bl.tld2.db"; masters {10.53.0.2;};
request-ixfr no; masterfile-format text;};
-zone "crash1.tld2" {type master; file "crash1";};
-zone "crash2.tld3." {type master; file "crash2";};
+zone "crash1.tld2" {type master; file "crash1"; notify no;};
+zone "crash2.tld3." {type master; file "crash2"; notify no;};
+
+zone "manual-update-rpz." {
+ type master;
+ file "manual-update-rpz.db";
+ notify no;
+};
for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do
sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
done
+# bl zones are dynamically updated. Add one zone that is updated manually.
+cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db
# $1=directory
# $2=domain name
fi
}
+# restart name server
+# $1 ns number
+# $2 rebuild bl rpz zones if "rebuild-bl-rpz"
restart () {
# try to ensure that the server really has stopped
# and won't mess with ns$1/name.pid
fi
fi
rm -f ns$1/*.jnl
- if test -f ns$1/base.db; then
- for NM in ns$1/bl*.db; do
- cp -f ns$1/base.db $NM
- done
+ if [ "$2" == "rebuild-bl-rpz" ]; then
+ if test -f ns$1/base.db; then
+ for NM in ns$1/bl*.db; do
+ cp -f ns$1/base.db $NM
+ done
+ fi
fi
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1
load_db
HAVE_CORE=yes
setret "$2"
# restart the server to avoid stalling waiting for it to stop
- restart $CKALIVE_NS
+ restart $CKALIVE_NS "rebuild-bl-rpz"
return 1
}
# restart the main test RPZ server to see if that creates a core file
if test -z "$HAVE_CORE"; then
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
- restart 3
+ restart 3 "rebuild-bl-rpz"
HAVE_CORE=`find ns* -name '*core*' -print`
test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
fi
egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' | cat_i
fi
- echo_i "checking that ttl values are not zeroed when qtype is '*'"
- $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.any
- ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any`
+ # restart the main test RPZ server with a bad zone.
+ t=`expr $t + 1`
+ echo_i "checking that ns3 with broken rpz does not crash (${t})"
+ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+ cp ns3/broken.db.in ns3/bl.db
+ restart 3 # do not rebuild rpz zones
+ nocrash a3-1.tld2 -tA
+ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+ restart 3 "rebuild-bl-rpz"
+
+ # reload a RPZ zone that is now deliberately broken.
+ t=`expr $t + 1`
+ echo_i "checking rpz failed update will keep previous rpz rules (${t})"
+ $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
+ grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
+ cp ns3/broken.db.in ns3/manual-update-rpz.db
+ rndc_reload ns3 $ns3 manual-update-rpz
+ sleep 1
+ # ensure previous RPZ rules still apply.
+ $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
+ grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
+
+ t=`expr $t + 1`
+ echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
+ $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t
+ ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.$t`
if test ${ttl:=0} -eq 0; then setret "failed"; fi
- echo_i "checking rpz updates/transfers with parent nodes added after children"
+ t=`expr $t + 1`
+ echo_i "checking rpz updates/transfers with parent nodes added after children (${t})"
# regression test for RT #36272: the success condition
# is the slave server not crashing.
for i in 1 2 3 4 5; do
./bin/tests/system/rootkeysentinel/prereq.sh SH 2018,2019
./bin/tests/system/rootkeysentinel/setup.sh SH 2018,2019
./bin/tests/system/rootkeysentinel/tests.sh SH 2018,2019
+./bin/tests/system/rpz/README TXT.BRIEF 2019
./bin/tests/system/rpz/clean.sh SH 2011,2012,2013,2014,2016,2018,2019
./bin/tests/system/rpz/ns1/named.conf.in CONF-C 2018,2019
./bin/tests/system/rpz/ns1/root.db ZONE 2011,2012,2013,2016,2018,2019
./bin/tests/system/rpz/ns2/named.conf.in CONF-C 2018,2019
./bin/tests/system/rpz/ns2/tld2.db ZONE 2011,2012,2013,2016,2018,2019
./bin/tests/system/rpz/ns3/base.db ZONE 2011,2012,2013,2016,2018,2019
+./bin/tests/system/rpz/ns3/broken.db.in ZONE 2019
./bin/tests/system/rpz/ns3/crash1 X 2011,2013,2018,2019
./bin/tests/system/rpz/ns3/crash2 X 2011,2012,2013,2018,2019
./bin/tests/system/rpz/ns3/hints ZONE 2011,2013,2016,2018,2019
+./bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in ZONE 2019
+./bin/tests/system/rpz/ns3/manual-update-rpz.db.in ZONE 2019
./bin/tests/system/rpz/ns3/named.conf.in CONF-C 2018,2019
./bin/tests/system/rpz/ns4/hints ZONE 2011,2013,2016,2018,2019
./bin/tests/system/rpz/ns4/named.conf.in CONF-C 2018,2019
projects / thirdparty / bind9.git / commitdiff
