You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.7 KiB
97 lines
2.7 KiB
#! /usr/bin/env bats
|
|
|
|
load '/bats-support/load.bash'
|
|
load '/bats-assert/load.bash'
|
|
load '/getssl/test/test_helper.bash'
|
|
|
|
|
|
# This is run for every test
|
|
setup() {
|
|
[ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure"
|
|
cp /etc/resolv.conf /etc/resolv.conf.getssl
|
|
cat <<- EOF > /etc/resolv.conf
|
|
nameserver 8.8.8.8
|
|
options ndots:0
|
|
EOF
|
|
|
|
for app in drill host nslookup
|
|
do
|
|
if [ -f /usr/bin/${app} ]; then
|
|
mv /usr/bin/${app} /usr/bin/${app}.getssl.bak
|
|
fi
|
|
done
|
|
|
|
. /getssl/getssl --source
|
|
find_dns_utils
|
|
_USE_DEBUG=1
|
|
}
|
|
|
|
|
|
teardown() {
|
|
[ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
|
|
cat /etc/resolv.conf.getssl > /etc/resolv.conf
|
|
for app in drill host nslookup
|
|
do
|
|
if [ -f /usr/bin/${app}.getssl.bak ]; then
|
|
mv /usr/bin/${app}.getssl.bak /usr/bin/${app}
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
@test "Check get_auth_dns doesn't include root servers (dig NS)" {
|
|
# Test that get_auth_dns() handles scenario where NS query returns root servers
|
|
# Issue #617
|
|
#
|
|
# Log output was:
|
|
# Verifying example.com
|
|
# checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again
|
|
# ... (retried until max attempts then failed)
|
|
|
|
# Disable SOA and CNAME check
|
|
_TEST_SKIP_CNAME_CALL=1
|
|
_TEST_SKIP_SOA_CALL=1
|
|
|
|
PUBLIC_DNS_SERVER=
|
|
CHECK_PUBLIC_DNS_SERVER=false
|
|
CHECK_ALL_AUTH_DNS=true
|
|
|
|
run get_auth_dns example.com
|
|
|
|
# Assert that we've found the primary_ns server
|
|
assert_output --regexp 'set primary_ns = '
|
|
# Assert that we had to use dig NS
|
|
assert_line --regexp 'Using dig.* NS'
|
|
|
|
# Check we didn't include any root servers
|
|
refute_line --partial 'root-servers.net'
|
|
}
|
|
|
|
|
|
@test "Check get_auth_dns doesn't include root servers (dig SOA)" {
|
|
# Test that get_auth_dns() handles scenario where NS query returns root servers
|
|
# Issue #617
|
|
#
|
|
# Log output was:
|
|
# Verifying example.com
|
|
# checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again
|
|
# ... (retried until max attempts then failed)
|
|
|
|
# Disable CNAME check, ensure SOA check is enabled
|
|
_TEST_SKIP_CNAME_CALL=1
|
|
_TEST_SKIP_SOA_CALL=0
|
|
|
|
PUBLIC_DNS_SERVER=
|
|
CHECK_PUBLIC_DNS_SERVER=false
|
|
CHECK_ALL_AUTH_DNS=true
|
|
|
|
run get_auth_dns example.com
|
|
|
|
# Assert that we've found the primary_ns server
|
|
assert_output --regexp 'set primary_ns = '
|
|
# Assert that we had to use dig SOA
|
|
assert_line --regexp 'Using dig.* SOA'
|
|
|
|
# Check we didn't include any root servers
|
|
refute_line --partial 'root-servers.net'
|
|
}
|