From: Arthur Gautier <baloo@gandi.net>
Date: Mon, 10 Apr 2017 20:34:18 +0000 (+0000)
Subject: Implement test for #5083
X-Git-Tag: rec-4.1.0-alpha1~115^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3adde0d28e84b90ca628209e8fb4dc065b8d857f;p=pdns

Implement test for #5083

Signed-off-by: Arthur Gautier <baloo@gandi.net>
---

diff --git a/regression-tests.nobackend/.gitignore b/regression-tests.nobackend/.gitignore
index bf0986a18..3a3a1babc 100644
--- a/regression-tests.nobackend/.gitignore
+++ b/regression-tests.nobackend/.gitignore
@@ -13,3 +13,8 @@ real_result
 /pdns-gsqlite3-slave.conf
 /slave.db
 /named.conf
+dnssec.sqlite3
+pdns-bind.conf
+pdns-gsqlite3.conf
+pdns-gsqlite3.pid
+pdns.sqlite3
diff --git a/regression-tests.nobackend/rectify-axfr/command b/regression-tests.nobackend/rectify-axfr/command
new file mode 100755
index 000000000..8e0fc874b
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/command
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+MAKE=${MAKE:-make}
+source ../regression-tests/common
+
+rm -f pdns*.pid pdns-gsqlite3.conf pdns.sqlite3 named.conf
+
+sed '/directory/ { s@./zones@../regression-tests/zones@ }' ../regression-tests/named.conf > ./named.conf
+
+cat > pdns-gsqlite3.conf << __EOF__
+launch=gsqlite3
+gsqlite3-database=pdns.sqlite3
+gsqlite3-dnssec
+module-dir=../regression-tests/modules
+__EOF__
+
+ARGS="--config-dir=. --config-name=gsqlite3"
+
+port=5501
+nameserver=localhost
+
+sqlite3 pdns.sqlite3 < ../modules/gsqlite3backend/schema.sqlite3.sql
+tosql gsqlite | sqlite3 pdns.sqlite3
+echo ANALYZE\; | sqlite3 pdns.sqlite3
+
+for zone in $(grep 'zone ' named.conf | cut -f2 -d\")
+do
+	$PDNSUTIL $ARGS set-nsec3 $zone "1 1 1 abcd" >&2
+	$PDNSUTIL $ARGS add-zone-key $zone rsasha256 1024 zsk active >&2
+done
+
+$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./          \
+        $ARGS \
+        --allow-axfr-ips=127.0.0.1 \
+        --cache-ttl=60 --module-dir=../regression-tests/modules >&2 &
+
+check_process
+
+set +e
+
+# Add skipreason to not have full zone output
+# There is a bug in ldns-verify-zone on travis that will make
+# it fail on dnssec-parent.com
+skipreasons='nsec3'
+
+. ../regression-tests/tests/verify-dnssec-zone/command
+
+kill $(cat pdns-gsqlite3.pid)
diff --git a/regression-tests.nobackend/rectify-axfr/description b/regression-tests.nobackend/rectify-axfr/description
new file mode 100644
index 000000000..70e744ced
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/description
@@ -0,0 +1 @@
+Make sure pdns rectifies the zones when processing AXFR
diff --git a/regression-tests.nobackend/rectify-axfr/expected_result b/regression-tests.nobackend/rectify-axfr/expected_result
new file mode 100644
index 000000000..082b76a6d
--- /dev/null
+++ b/regression-tests.nobackend/rectify-axfr/expected_result
@@ -0,0 +1,138 @@
+--- ldns-verify-zone -V2 test.com
+RETVAL: 0
+
+--- jdnssec-verifyzone test.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone test.com
+zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA)
+zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA)
+zone test.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 test.dyndns
+RETVAL: 0
+
+--- jdnssec-verifyzone test.dyndns
+zone verified.
+RETVAL: 0
+
+--- named-checkzone test.dyndns
+zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 wtest.com
+RETVAL: 0
+
+--- jdnssec-verifyzone wtest.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone wtest.com
+zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal)
+zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 dnssec-parent.com
+Error: there is no NSEC(3) for ent.auth-ent.dnssec-parent.com.
+Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com.
+There were errors in the zone
+RETVAL: 11
+
+--- jdnssec-verifyzone dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone dnssec-parent.com
+zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 delegated.dnssec-parent.com
+RETVAL: 0
+
+--- jdnssec-verifyzone delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone delegated.dnssec-parent.com
+zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com
+RETVAL: 0
+
+--- jdnssec-verifyzone secure-delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone secure-delegated.dnssec-parent.com
+zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 minimal.com
+RETVAL: 0
+
+--- jdnssec-verifyzone minimal.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone minimal.com
+zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 tsig.com
+RETVAL: 0
+
+--- jdnssec-verifyzone tsig.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone tsig.com
+zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 stest.com
+RETVAL: 0
+
+--- jdnssec-verifyzone stest.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone stest.com
+zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 cdnskey-cds-test.com
+RETVAL: 0
+
+--- jdnssec-verifyzone cdnskey-cds-test.com
+zone verified.
+RETVAL: 0
+
+--- named-checkzone cdnskey-cds-test.com
+zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed)
+OK
+RETVAL: 0
+
+--- ldns-verify-zone -V2 2.0.192.in-addr.arpa
+RETVAL: 0
+
+--- jdnssec-verifyzone 2.0.192.in-addr.arpa
+zone verified.
+RETVAL: 0
+
+--- named-checkzone 2.0.192.in-addr.arpa
+zone 2.0.192.in-addr.arpa/IN: loaded serial 2000081501 (DNSSEC signed)
+OK
+RETVAL: 0
+
diff --git a/regression-tests/common b/regression-tests/common
new file mode 100644
index 000000000..0c3c7d3d0
--- /dev/null
+++ b/regression-tests/common
@@ -0,0 +1,30 @@
+tosql ()
+{
+	if echo $ZONE2SQL | grep -q '../pdns'; then
+		${MAKE} -C ../pdns zone2sql > /dev/null
+	fi
+	$ZONE2SQL --transactions --$1 --named-conf=./named.conf
+}
+
+check_process ()
+{
+	set +e
+	loopcount=0
+	while [ $loopcount -lt 5 ]; do
+		sleep 1
+		pids=$(cat pdns*.pid 2>/dev/null)
+		if [ ! -z "$pids" ]
+		then
+			kill -0 $pids >/dev/null 2>&1
+			if [ $? -eq 0 ]
+			then
+				set -e
+				return
+			fi
+		fi
+	let loopcount=loopcount+1
+	done
+	echo "PowerDNS did not start"
+	exit
+}
+
diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index 42e3e008a..5155d56fe 100755
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -28,13 +28,7 @@ export KEY
 
 trap "kill_process 2" EXIT INT TERM
 
-tosql ()
-{
-	if echo $ZONE2SQL | grep -q '../pdns'; then
-		${MAKE} -C ../pdns zone2sql > /dev/null
-	fi
-	$ZONE2SQL --transactions --$1 --named-conf=./named.conf
-}
+source ../regression-tests/common
 
 bindwait ()
 {
@@ -103,28 +97,6 @@ securezone ()
 	fi
 }
 
-check_process ()
-{
-	set +e
-	loopcount=0
-	while [ $loopcount -lt 5 ]; do
-		sleep 1
-		pids=$(cat pdns*.pid 2>/dev/null)
-		if [ ! -z "$pids" ]
-		then
-			kill -0 $pids >/dev/null 2>&1
-			if [ $? -eq 0 ]
-			then
-				set -e
-				return
-			fi
-		fi
-	let loopcount=loopcount+1
-	done
-	echo "PowerDNS did not start"
-	exit
-}
-
 kill_process ()
 {
 	set +e