1 # Copyright (C) 2005, 2007, 2010-2015 Internet Systems Consortium, Inc. ("ISC")
3 # Permission to use, copy, modify, and/or distribute this software for any
4 # purpose with or without fee is hereby granted, provided that the above
5 # copyright notice and this permission notice appear in all copies.
7 # THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 # REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 # AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 # LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 # PERFORMANCE OF THIS SOFTWARE.
18 .
$SYSTEMTESTTOP/conf.sh
22 echo "I: checking that named-checkconf handles a known good config"
24 $CHECKCONF good.conf
> /dev
/null
2>&1 || ret
=1
25 if [ $ret != 0 ]; then echo "I:failed"; fi
26 status
=`expr $status + $ret`
28 echo "I: checking that named-checkconf prints a known good config"
30 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf
> good.conf.
in
31 [ -s good.conf.
in ] || ret
=1
32 $CHECKCONF -p good.conf.
in |
grep -v '^good.conf.in:' > good.conf.out
2>&1 || ret
=1
33 cmp good.conf.
in good.conf.out || ret
=1
34 if [ $ret != 0 ]; then echo "I:failed"; fi
35 status
=`expr $status + $ret`
37 echo "I: checking that named-checkconf -x removes secrets"
39 # ensure there is a secret and that it is not the check string.
40 grep 'secret "' good.conf.
in > /dev
/null || ret
=1
41 grep 'secret "????????????????"' good.conf.
in > /dev
/null
2>&1 && ret
=1
42 $CHECKCONF -p -x good.conf.
in |
grep -v '^good.conf.in:' > good.conf.out
2>&1 || ret
=1
43 grep 'secret "????????????????"' good.conf.out
> /dev
/null
2>&1 || ret
=1
44 if [ $ret != 0 ]; then echo "I:failed"; fi
45 status
=`expr $status + $ret`
50 echo "I: checking that named-checkconf detects error in $bad"
51 $CHECKCONF $bad > /dev
/null
2>&1
52 if [ $?
!= 1 ]; then echo "I:failed"; ret
=1; fi
53 status
=`expr $status + $ret`
56 echo "I: checking that named-checkconf -z catches missing hint file"
58 $CHECKCONF -z hint-nofile.conf
> hint-nofile.out
2>&1 && ret
=1
59 grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out
> /dev
/null || ret
=1
60 if [ $ret != 0 ]; then echo "I:failed"; fi
61 status
=`expr $status + $ret`
63 echo "I: checking that named-checkconf catches range errors"
65 $CHECKCONF range.conf
> /dev
/null
2>&1 && ret
=1
66 if [ $ret != 0 ]; then echo "I:failed"; fi
67 status
=`expr $status + $ret`
69 echo "I: checking that named-checkconf warns of notify inconsistencies"
71 warnings
=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l`
72 [ $warnings -eq 3 ] || ret
=1
73 if [ $ret != 0 ]; then echo "I:failed"; fi
74 status
=`expr $status + $ret`
76 echo "I: checking named-checkconf dnssec warnings"
78 $CHECKCONF dnssec
.1 2>&1 |
grep 'validation yes.*enable no' > /dev
/null || ret
=1
79 $CHECKCONF dnssec
.2 2>&1 |
grep 'auto-dnssec may only be ' > /dev
/null || ret
=1
80 $CHECKCONF dnssec
.2 2>&1 |
grep 'validation auto.*enable no' > /dev
/null || ret
=1
81 $CHECKCONF dnssec
.2 2>&1 |
grep 'validation yes.*enable no' > /dev
/null || ret
=1
82 # this one should have no warnings
83 $CHECKCONF dnssec
.3 2>&1 |
grep '.*' && ret
=1
84 if [ $ret != 0 ]; then echo "I:failed"; fi
85 status
=`expr $status + $ret`
87 echo "I: range checking fields that do not allow zero"
89 for field
in max-retry-time min-retry-time max-refresh-time min-refresh-time
; do
90 cat > badzero.conf
<< EOF
95 $CHECKCONF badzero.conf
> /dev
/null
2>&1
96 [ $?
-eq 1 ] ||
{ echo "I: options $field failed" ; ret
=1; }
97 cat > badzero.conf
<< EOF
102 $CHECKCONF badzero.conf
> /dev
/null
2>&1
103 [ $?
-eq 1 ] ||
{ echo "I: view $field failed" ; ret
=1; }
104 cat > badzero.conf
<< EOF
111 $CHECKCONF badzero.conf
> /dev
/null
2>&1
112 [ $?
-eq 1 ] ||
{ echo "I: options + view $field failed" ; ret
=1; }
113 cat > badzero.conf
<< EOF
116 masters { 0.0.0.0; };
120 $CHECKCONF badzero.conf
> /dev
/null
2>&1
121 [ $?
-eq 1 ] ||
{ echo "I: zone $field failed" ; ret
=1; }
123 if [ $ret != 0 ]; then echo "I:failed"; fi
124 status
=`expr $status + $ret`
126 echo "I: checking options allowed in inline-signing slaves"
128 n
=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l`
129 [ $n -eq 1 ] || ret
=1
130 n
=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l`
131 [ $n -eq 1 ] || ret
=1
132 n
=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l`
133 [ $n -eq 1 ] || ret
=1
134 if [ $ret != 0 ]; then echo "I:failed"; fi
135 status
=`expr $status + $ret`
137 echo "I: check file + inline-signing for slave zones"
138 n
=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
139 [ $n -eq 0 ] || ret
=1
140 n
=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
141 [ $n -eq 0 ] || ret
=1
142 n
=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
143 [ $n -eq 1 ] || ret
=1
144 if [ $ret != 0 ]; then echo "I:failed"; fi
145 status
=`expr $status + $ret`
147 echo "I: checking named-checkconf DLZ warnings"
149 $CHECKCONF dlz-bad.conf
2>&1 |
grep "'dlz' and 'database'" > /dev
/null || ret
=1
150 if [ $ret != 0 ]; then echo "I:failed"; fi
151 status
=`expr $status + $ret`
153 echo "I: checking for missing key directory warning"
156 n
=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l`
157 [ $n -eq 1 ] || ret
=1
159 n
=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l`
160 [ $n -eq 1 ] || ret
=1
163 n
=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l`
164 [ $n -eq 0 ] || ret
=1
166 if [ $ret != 0 ]; then echo "I:failed"; fi
168 echo "I: checking that named-checkconf -z catches conflicting ttl with max-ttl"
170 $CHECKCONF -z max-ttl.conf
> check.out
2>&1
171 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out
> /dev
/null
2>&1 || ret
=1
172 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out
> /dev
/null
2>&1 || ret
=1
173 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out
> /dev
/null
2>&1 || ret
=1
174 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
175 status
=`expr $status + $ret`
177 echo "I: checking that named-checkconf -z catches invalid max-ttl"
179 $CHECKCONF -z max-ttl-bad.conf
> /dev
/null
2>&1 && ret
=1
180 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
181 status
=`expr $status + $ret`
183 echo "I: checking that named-checkconf -z skips zone check with alternate databases"
185 $CHECKCONF -z altdb.conf
> /dev
/null
2>&1 || ret
=1
186 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
187 status
=`expr $status + $ret`
189 echo "I: checking that named-checkconf -z skips zone check with DLZ"
191 $CHECKCONF -z altdlz.conf
> /dev
/null
2>&1 || ret
=1
192 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
193 status
=`expr $status + $ret`
195 echo "I: check that check-names fails as configured"
197 $CHECKCONF -z check-names-fail.conf
> checkconf.out1
2>&1 && ret
=1
198 grep "near '_underscore': bad name (check-names)" checkconf.out1
> /dev
/null || ret
=1
199 grep "zone check-names/IN: loaded serial" < checkconf.out1
> /dev
/null
&& ret
=1
200 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
201 status
=`expr $status + $ret`
203 echo "I: check that check-mx fails as configured"
205 $CHECKCONF -z check-mx-fail.conf
> checkconf.out2
2>&1 && ret
=1
206 grep "near '10.0.0.1': MX is an address" checkconf.out2
> /dev
/null || ret
=1
207 grep "zone check-mx/IN: loaded serial" < checkconf.out2
> /dev
/null
&& ret
=1
208 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
209 status
=`expr $status + $ret`
211 echo "I: check that check-dup-records fails as configured"
213 $CHECKCONF -z check-dup-records-fail.conf
> checkconf.out3
2>&1 && ret
=1
214 grep "has semantically identical records" checkconf.out3
> /dev
/null || ret
=1
215 grep "zone check-dup-records/IN: loaded serial" < checkconf.out3
> /dev
/null
&& ret
=1
216 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
217 status
=`expr $status + $ret`
219 echo "I: check that check-mx fails as configured"
221 $CHECKCONF -z check-mx-fail.conf
> checkconf.out4
2>&1 && ret
=1
222 grep "failed: MX is an address" checkconf.out4
> /dev
/null || ret
=1
223 grep "zone check-mx/IN: loaded serial" < checkconf.out4
> /dev
/null
&& ret
=1
224 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
225 status
=`expr $status + $ret`
227 echo "I: check that check-mx-cname fails as configured"
229 $CHECKCONF -z check-mx-cname-fail.conf
> checkconf.out5
2>&1 && ret
=1
230 grep "MX.* is a CNAME (illegal)" checkconf.out5
> /dev
/null || ret
=1
231 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out5
> /dev
/null
&& ret
=1
232 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
233 status
=`expr $status + $ret`
235 echo "I: check that check-srv-cname fails as configured"
237 $CHECKCONF -z check-srv-cname-fail.conf
> checkconf.out6
2>&1 && ret
=1
238 grep "SRV.* is a CNAME (illegal)" checkconf.out6
> /dev
/null || ret
=1
239 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out6
> /dev
/null
&& ret
=1
240 if [ $ret != 0 ]; then echo "I:failed"; ret
=1; fi
241 status
=`expr $status + $ret`
243 echo "I:exit status: $status"
