rm -f ns*/*.key ns*/*.private
rm -f ns2/tld2s.db ns2/bl.tld2.db
rm -f ns3/bl*.db ns*/empty.db
+rm -f ns3/manual-update-rpz.db
rm -f ns5/example.db ns5/bl.db
rm -f */policy2.db
rm -f */*.jnl
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+; broken zone
+foobar
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+$TTL 300
+@ SOA bl-reload. hostmaster.ns.bl-reload. ( 2 3600 1200 604800 60 )
+ NS ns.tld3.
+
+walled.tld2.bl-reload. 300 A 10.0.0.2
+
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+; This basic file is copied to several zone files before being used.
+; Its contents are also changed with nsupdate
+
+
+$TTL 300
+@ SOA manual-update-rpz. hostmaster.ns.manual-rpz-update. ( 1 3600 1200 604800 60 )
+ NS ns.tld3.
+
+walled.tld2.manual-update-rpz. 300 A 10.0.0.1
+
zone "bl-drop" policy drop;
zone "bl-tcp-only" policy tcp-only;
zone "bl.tld2";
+ zone "manual-update-rpz";
}
min-ns-dots 0
qname-wait-recurse yes
zone "crash1.tld2" {type master; file "crash1"; notify no;};
zone "crash2.tld3." {type master; file "crash2"; notify no;};
+
+zone "manual-update-rpz." {
+ type master;
+ file "manual-update-rpz.db";
+ notify no;
+};
for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do
sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
done
+# bl zones are dynamically updated. Add one zone that is updated manually.
+cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db
# $1=directory
# $2=domain name
}
signzone ns2 tld2s. base-tld2s.db tld2s.db
-
# Performance and a few other checks.
cat <<EOF >ns5/rpz-switch
response-policy {
fi
}
+# restart name server
+# $1 ns number
+# $2 rebuild bl rpz zones if "rebuild-bl-rpz"
restart () {
# try to ensure that the server really has stopped
# and won't mess with ns$1/name.pid
fi
fi
rm -f ns$1/*.jnl
- if test -f ns$1/base.db; then
- for NM in ns$1/bl*.db; do
- cp -f ns$1/base.db $NM
- done
+ if [ "$2" == "rebuild-bl-rpz" ]; then
+ if test -f ns$1/base.db; then
+ for NM in ns$1/bl*.db; do
+ cp -f ns$1/base.db $NM
+ done
+ fi
fi
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1
load_db
HAVE_CORE=yes
setret "$2"
# restart the server to avoid stalling waiting for it to stop
- restart $CKALIVE_NS
+ restart $CKALIVE_NS "rebuild-bl-rpz"
return 1
}
end_group
ckstats $ns3 bugs ns3 8
-
# superficial test for major performance bugs
QPERF=`sh qperf.sh`
if test -n "$QPERF"; then
# restart the main test RPZ server to see if that creates a core file
if test -z "$HAVE_CORE"; then
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
- restart 3
+ restart 3 "rebuild-bl-rpz"
HAVE_CORE=`find ns* -name '*core*' -print`
test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
fi
fi
done
+ # restart the main test RPZ server with a bad zone.
+ t=`expr $t + 1`
+ echo_i "checking that ns3 with broken rpz does not crash (${t})"
+ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+ cp ns3/broken.db.in ns3/bl.db
+ restart 3 # do not rebuild rpz zones
+ nocrash a3-1.tld2 -tA
+ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+ restart 3 "rebuild-bl-rpz"
+
+ # reload a RPZ zone that is now deliberately broken.
+ t=`expr $t + 1`
+ echo_i "checking rpz failed update will keep previous rpz rules (${t})"
+ $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
+ grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
+ cp ns3/broken.db.in ns3/manual-update-rpz.db
+ rndc_reload ns3 $ns3 manual-update-rpz
+ sleep 1
+ # ensure previous RPZ rules still apply.
+ $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
+ grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
+
t=`expr $t + 1`
echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
$DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t
projects / thirdparty / bind9.git / commitdiff
