add test for server failover on REFUSED

- add an 'nsupdate -C' option to override resolv.conf file for nsupdate
- set resolv.conf to use two test servers, the first one of which will
  return REFUSED for a query for 'example'.

diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index d3f9fd7d50dee69ab4b64de9c74168252daf82d3..b3f4c16dbaa1cce19c10d9355919dd7c6a41d655 100644 (file)
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -179,6 +179,7 @@ static dns_message_t *answer = NULL;
 static uint32_t default_ttl = 0;
 static bool default_ttl_set = false;
 static bool checknames = true;
+static const char *resolvconf = RESOLV_CONF;
 
 typedef struct nsu_requestinfo {
        dns_message_t *msg;
@@ -823,9 +824,9 @@ setup_system(void) {
 
        isc_log_setdebuglevel(glctx, logdebuglevel);
 
-       result = irs_resconf_load(gmctx, RESOLV_CONF, &resconf);
+       result = irs_resconf_load(gmctx, resolvconf, &resconf);
        if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) {
-               fatal("parse of %s failed", RESOLV_CONF);
+               fatal("parse of %s failed", resolvconf);
        }
 
        nslist = irs_resconf_getnameservers(resconf);
@@ -1005,7 +1006,7 @@ version(void) {
        fprintf(stderr, "nsupdate %s\n", PACKAGE_VERSION);
 }
 
-#define PARSE_ARGS_FMT "46dDML:y:ghilovk:p:Pr:R::t:Tu:V"
+#define PARSE_ARGS_FMT "46C:dDghilL:Mok:p:Pr:R:t:Tu:vVy:"
 
 static void
 pre_parse_args(int argc, char **argv) {
@@ -1045,9 +1046,9 @@ pre_parse_args(int argc, char **argv) {
                                fprintf(stderr, "%s: invalid argument -%c\n",
                                        argv[0], isc_commandline_option);
                        }
-                       fprintf(stderr, "usage: nsupdate [-dDi] [-L level] [-l]"
-                                       "[-g | -o | -y keyname:secret | -k "
-                                       "keyfile] "
+                       fprintf(stderr, "usage: nsupdate [-CdDi] [-L level] "
+                                       "[-l] [-g | -o | -y keyname:secret "
+                                       "| -k keyfile] [-p port] "
                                        "[-v] [-V] [-P] [-T] [-4 | -6] "
                                        "[filename]\n");
                        exit(1);
@@ -1120,6 +1121,9 @@ parse_args(int argc, char **argv) {
                                fatal("can't find IPv6 networking");
                        }
                        break;
+               case 'C':
+                       resolvconf = isc_commandline_argument;
+                       break;
                case 'd':
                        debugging = true;
                        break;
@@ -1211,7 +1215,7 @@ parse_args(int argc, char **argv) {
                        break;
 
                case 'R':
-                       fatal("The -R options has been deprecated.\n");
+                       fatal("The -R option has been deprecated.");
                        break;
 
                default:

diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst
index b6f7c6028c0d56032bcc35f6f648fb61c57496e2..4deaf51285efab8ea5e44d5d59ed87db25014a70 100644 (file)
--- a/bin/nsupdate/nsupdate.rst
+++ b/bin/nsupdate/nsupdate.rst
@@ -79,6 +79,9 @@ Options
 ``-6``
    This option sets use of IPv6 only.
 
+``-C``
+   Overrides the default `resolv.conf` file. This is only intended for testing.
+
 ``-d``
    This option sets debug mode, which provides tracing information about the update
    requests that are made and the replies received from the name server.

diff --git a/bin/tests/system/nsupdate/resolv.conf b/bin/tests/system/nsupdate/resolv.conf
new file mode 100644 (file)
index 0000000..597ae9b
--- /dev/null
+++ b/bin/tests/system/nsupdate/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 10.53.0.1
+nameserver 10.53.0.3

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 19b9b18e7eef523bec7dce5827854cb359adf7c5..f6198b06f17c7a58ebd6f3fc882eb81d19dc2b6d 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -1238,6 +1238,23 @@ END
 grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
 [ $ret = 0 ] || { echo_i "failed"; status=1; }
 
+n=`expr $n + 1`
+ret=0
+echo_i "check nsupdate retries with another server on REFUSED response ($n)"
+# resolv.conf uses 10.53.0.1 followed by 10.53.0.3; example is only
+# served by 10.53.0.3, so we should fail over to the second server;
+# that's what we're testing for. (failure is still expected, however,
+# because the address lookup for the primary doesn't use the overridden
+# resolv.conf file).
+$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1
+zone example
+update add a 3600 IN A 1.2.3.4
+send
+EOF
+grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1
+grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
 if ! $FEATURETEST --gssapi ; then
   echo_i "SKIPPED: GSSAPI tests"
 else

diff --git a/doc/man/nsupdate.1in b/doc/man/nsupdate.1in
index 08f6049b4f7a9fe4b4febfb2767f9f019576d4ca..1e8850508f35c6f63434f2edb964e9c0e258b0c9 100644 (file)
--- a/doc/man/nsupdate.1in
+++ b/doc/man/nsupdate.1in
@@ -79,6 +79,9 @@ This option sets use of IPv4 only.
 .B \fB\-6\fP
 This option sets use of IPv6 only.
 .TP
+.B \fB\-C\fP
+Overrides the default \fIresolv.conf\fP file. This is only intended for testing.
+.TP
 .B \fB\-d\fP
 This option sets debug mode, which provides tracing information about the update
 requests that are made and the replies received from the name server.