Implement test for #5083

Signed-off-by: Arthur Gautier <baloo@gandi.net>

diff --git a/regression-tests.nobackend/.gitignore b/regression-tests.nobackend/.gitignore
index bf0986a183d615da8c75657f465faf250d37b1b2..3a3a1babc76c850a5ea0026cae0bc07a7d533fa6 100644 (file)
--- a/regression-tests.nobackend/.gitignore
+++ b/regression-tests.nobackend/.gitignore
@@ -13,3 +13,8 @@ real_result
 /pdns-gsqlite3-slave.conf
 /slave.db
 /named.conf
+dnssec.sqlite3
+pdns-bind.conf
+pdns-gsqlite3.conf
+pdns-gsqlite3.pid
+pdns.sqlite3

diff --git a/regression-tests.nobackend/rectify-axfr/command b/regression-tests.nobackend/rectify-axfr/command
new file mode 100755 (executable)
index 0000000..8e0fc87
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/command
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+MAKE=${MAKE:-make}
+source ../regression-tests/common
+
+rm -f pdns*.pid pdns-gsqlite3.conf pdns.sqlite3 named.conf
+
+sed '/directory/ { s@./zones@../regression-tests/zones@ }' ../regression-tests/named.conf > ./named.conf
+
+cat > pdns-gsqlite3.conf << __EOF__
+launch=gsqlite3
+gsqlite3-database=pdns.sqlite3
+gsqlite3-dnssec
+module-dir=../regression-tests/modules
+__EOF__
+
+ARGS="--config-dir=. --config-name=gsqlite3"
+
+port=5501
+nameserver=localhost
+
+sqlite3 pdns.sqlite3 < ../modules/gsqlite3backend/schema.sqlite3.sql
+tosql gsqlite | sqlite3 pdns.sqlite3
+echo ANALYZE\; | sqlite3 pdns.sqlite3
+
+for zone in $(grep 'zone ' named.conf | cut -f2 -d\")
+do
+       $PDNSUTIL $ARGS set-nsec3 $zone "1 1 1 abcd" >&2
+       $PDNSUTIL $ARGS add-zone-key $zone rsasha256 1024 zsk active >&2
+done
+
+$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./          \
+        $ARGS \
+        --allow-axfr-ips=127.0.0.1 \
+        --cache-ttl=60 --module-dir=../regression-tests/modules >&2 &
+
+check_process
+
+set +e
+
+# Add skipreason to not have full zone output
+# There is a bug in ldns-verify-zone on travis that will make
+# it fail on dnssec-parent.com
+skipreasons='nsec3'
+
+. ../regression-tests/tests/verify-dnssec-zone/command
+
+kill $(cat pdns-gsqlite3.pid)

diff --git a/regression-tests.nobackend/rectify-axfr/description b/regression-tests.nobackend/rectify-axfr/description
new file mode 100644 (file)
index 0000000..70e744c
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/description
@@ -0,0 +1 @@
+Make sure pdns rectifies the zones when processing AXFR

diff --git a/regression-tests.nobackend/rectify-axfr/expected_result b/regression-tests.nobackend/rectify-axfr/expected_result
new file mode 100644 (file)
index 0000000..082b76a
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/expected_result
@@ -0,0 +1,138 @@
+--- ldns-verify-zone -V2 test.com
+RETVAL: 0
+
+--- jdnssec-verifyzone test.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone test.com
+zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA)
+zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA)
+zone test.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 test.dyndns
+RETVAL: 0
+
+--- jdnssec-verifyzone test.dyndns
+zone verified.
+RETVAL: 0
+
+--- named-checkzone test.dyndns
+zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 wtest.com
+RETVAL: 0
+
+--- jdnssec-verifyzone wtest.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone wtest.com
+zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal)
+zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 dnssec-parent.com
+Error: there is no NSEC(3) for ent.auth-ent.dnssec-parent.com.
+Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com.
+There were errors in the zone
+RETVAL: 11
+
+--- jdnssec-verifyzone dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone dnssec-parent.com
+zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 delegated.dnssec-parent.com
+RETVAL: 0
+
+--- jdnssec-verifyzone delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone delegated.dnssec-parent.com
+zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com
+RETVAL: 0
+
+--- jdnssec-verifyzone secure-delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone secure-delegated.dnssec-parent.com
+zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 minimal.com
+RETVAL: 0
+
+--- jdnssec-verifyzone minimal.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone minimal.com
+zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 tsig.com
+RETVAL: 0
+
+--- jdnssec-verifyzone tsig.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone tsig.com
+zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 stest.com
+RETVAL: 0
+
+--- jdnssec-verifyzone stest.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone stest.com
+zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 cdnskey-cds-test.com
+RETVAL: 0
+
+--- jdnssec-verifyzone cdnskey-cds-test.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone cdnskey-cds-test.com
+zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 2.0.192.in-addr.arpa
+RETVAL: 0
+
+--- jdnssec-verifyzone 2.0.192.in-addr.arpa
+zone verified.
+RETVAL: 0
+
+--- named-checkzone 2.0.192.in-addr.arpa
+zone 2.0.192.in-addr.arpa/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+

diff --git a/regression-tests/common b/regression-tests/common
new file mode 100644 (file)
index 0000000..0c3c7d3
--- /dev/null
+++ b/regression-tests/common
@@ -0,0 +1,30 @@
+tosql ()
+{
+       if echo $ZONE2SQL | grep -q '../pdns'; then
+               ${MAKE} -C ../pdns zone2sql > /dev/null
+       fi
+       $ZONE2SQL --transactions --$1 --named-conf=./named.conf
+}
+
+check_process ()
+{
+       set +e
+       loopcount=0
+       while [ $loopcount -lt 5 ]; do
+               sleep 1
+               pids=$(cat pdns*.pid 2>/dev/null)
+               if [ ! -z "$pids" ]
+               then
+                       kill -0 $pids >/dev/null 2>&1
+                       if [ $? -eq 0 ]
+                       then
+                               set -e
+                               return
+                       fi
+               fi
+       let loopcount=loopcount+1
+       done
+       echo "PowerDNS did not start"
+       exit
+}
+

diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index 42e3e008a2c114f3c1f98d3b5b0df2befd4c67f0..5155d56fea51d2c8c59d92bf1417d902acc1272b 100755 (executable)
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -28,13 +28,7 @@ export KEY
 
 trap "kill_process 2" EXIT INT TERM
 
-tosql ()
-{
-       if echo $ZONE2SQL | grep -q '../pdns'; then
-               ${MAKE} -C ../pdns zone2sql > /dev/null
-       fi
-       $ZONE2SQL --transactions --$1 --named-conf=./named.conf
-}
+source ../regression-tests/common
 
 bindwait ()
 {
@@ -103,28 +97,6 @@ securezone ()
        fi
 }
 
-check_process ()
-{
-       set +e
-       loopcount=0
-       while [ $loopcount -lt 5 ]; do
-               sleep 1
-               pids=$(cat pdns*.pid 2>/dev/null)
-               if [ ! -z "$pids" ]
-               then
-                       kill -0 $pids >/dev/null 2>&1
-                       if [ $? -eq 0 ]
-                       then
-                               set -e
-                               return
-                       fi
-               fi
-       let loopcount=loopcount+1
-       done
-       echo "PowerDNS did not start"
-       exit
-}
-
 kill_process ()
 {
        set +e