ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Check that a zone in the process of being signed resolves

Browse Source 
ans10 simulates a local anycast server which has both signed and
unsigned instances of a zone.  'A' queries get answered from the
signed instance.  Everything else gets answered from the unsigned
instance.  The resulting answer should be insecure.

(cherry picked from commit d7840f4b93)
This commit is contained in:
Mark Andrews
2020-10-28 16:40:36 +11:00
parent 903c1136ef
commit 939e735e2c
6 changed files with 173 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bin/tests/system/dnssec/tests.sh
View File

@@ -4264,5 +4264,15 @@ n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
echo_i "checking validation succeeds during transition to signed ($n)"
ret=0
dig_with_opts @10.53.0.4 inprogress A > dig.out.ns4.test$n || ret=1
grep "flags: qr rd ra;" dig.out.ns4.test$n >/dev/null || ret=1
grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
grep 'A.10\.53\.0\.10' dig.out.ns4.test$n >/dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1