Run the dnssec system tests with set -e enabled
This commit is contained in:
Ondřej Surý
@@ -9,6 +9,8 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
set -e
|
||||
|
||||
rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed
|
||||
rm -f ./*/example.bk
|
||||
rm -f ./*/named.conf
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
@@ -31,7 +33,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
keyfile_to_trusted_keys "$keyname" > trusted.conf
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=example.
|
||||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
@@ -35,7 +37,7 @@ keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zo
|
||||
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# lower/uppercase the signature bits with the exception of the last characters
|
||||
@@ -96,7 +98,7 @@ keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KS
|
||||
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
@@ -108,7 +110,7 @@ privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zon
|
||||
|
||||
cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1
|
||||
|
||||
# Sign the DLV secure zone.
|
||||
|
||||
@@ -121,7 +123,7 @@ dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone
|
||||
|
||||
cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1
|
||||
|
||||
# Sign the badparam secure file
|
||||
|
||||
@@ -134,7 +136,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
|
||||
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
|
||||
|
||||
sed -e 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' "$zonefile.signed" > "$zonefile.bad"
|
||||
|
||||
@@ -149,7 +151,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
|
||||
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# algroll has just has the old DNSKEY records removed and is waiting
|
||||
@@ -167,7 +169,7 @@ keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keynew1.key" "$keynew2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null
|
||||
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Make a zone big enough that it takes several seconds to generate a new
|
||||
@@ -189,7 +191,7 @@ done >> "$zonefile"
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$key1.key" "$key2.key" >> "$zonefile"
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null 2>&1
|
||||
|
||||
zone=cds.secure
|
||||
infile=cds.secure.db.in
|
||||
@@ -198,7 +200,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cds-x.secure
|
||||
infile=cds.secure.db.in
|
||||
@@ -208,7 +210,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
|
||||
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
"$DSFROMKEY" -C "$key2.key" > "$key2.cds"
|
||||
cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cds-update.secure
|
||||
infile=cds-update.secure.db.in
|
||||
@@ -216,7 +218,7 @@ zonefile=cds-update.secure.db
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cds-kskonly.secure
|
||||
infile=cds-kskonly.secure.db.in
|
||||
@@ -224,7 +226,7 @@ zonefile=cds-kskonly.secure.db
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cds-auto.secure
|
||||
infile=cds-auto.secure.db.in
|
||||
@@ -241,7 +243,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cdnskey-x.secure
|
||||
infile=cdnskey.secure.db.in
|
||||
@@ -251,7 +253,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
|
||||
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cdnskey-update.secure
|
||||
infile=cdnskey-update.secure.db.in
|
||||
@@ -259,7 +261,7 @@ zonefile=cdnskey-update.secure.db
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cdnskey-kskonly.secure
|
||||
infile=cdnskey-kskonly.secure.db.in
|
||||
@@ -267,7 +269,7 @@ zonefile=cdnskey-kskonly.secure.db
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
zone=cdnskey-auto.secure
|
||||
infile=cdnskey-auto.secure.db.in
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=secure.example.
|
||||
infile=secure.example.db.in
|
||||
zonefile=secure.example.db
|
||||
@@ -400,7 +402,7 @@ cp "$infile" "$zonefile"
|
||||
# shellcheck disable=SC2016
|
||||
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
|
||||
: > "$signedfile"
|
||||
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, but no private key to replace them
|
||||
@@ -427,7 +429,7 @@ signedfile="upper.example.db.signed"
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>/dev/null
|
||||
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1
|
||||
$CHECKZONE -D upper.example $lower 2>/dev/null | \
|
||||
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=.
|
||||
infile=../ns1/root.db.in
|
||||
zonefile=root.db.signed
|
||||
@@ -26,7 +28,7 @@ keyfile_to_managed_keys "$keyname" > revoked.conf
|
||||
# create a current set of keys, and sign the root zone
|
||||
"$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" $zone > /dev/null
|
||||
"$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK $zone > /dev/null
|
||||
"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null
|
||||
"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
|
||||
|
||||
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=optout-tld
|
||||
infile=optout-tld.db.in
|
||||
zonefile=optout-tld.db
|
||||
@@ -20,4 +22,4 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
zone=split-rrsig
|
||||
infile=split-rrsig.db.in
|
||||
zonefile=split-rrsig.db
|
||||
@@ -21,7 +23,7 @@ k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat "$infile" "$k1.key" "$k2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null
|
||||
"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null 2>&1
|
||||
awk 'BEGIN { r = ""; }
|
||||
$4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
|
||||
{ print }
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
if "$PERL" -e 'use Net::DNS;' 2>/dev/null
|
||||
then
|
||||
# shellcheck disable=SC2016
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
set -e
|
||||
|
||||
status=0
|
||||
n=1
|
||||
|
||||
@@ -1696,7 +1698,7 @@ ret=0
|
||||
rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
|
||||
keyid=$(cat ns1/managed.key.id)
|
||||
cp ns4/named.secroots named.secroots.test$n
|
||||
linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n)
|
||||
linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n || true)
|
||||
[ "$linecount" -eq 1 ] || ret=1
|
||||
linecount=$(< named.secroots.test$n wc -l)
|
||||
[ "$linecount" -eq 10 ] || ret=1
|
||||
@@ -1893,7 +1895,7 @@ ret=0
|
||||
$PERL -e 'my $delay = '"$start"' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
# check nta table
|
||||
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n._11
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n._11)
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n._11 || true)
|
||||
[ "$lines" -le 2 ] || ret=1
|
||||
grep "bogus.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null || ret=1
|
||||
grep "badds.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null && ret=1
|
||||
@@ -1923,7 +1925,7 @@ dig_with_opts c.bogus.example. a @10.53.0.4 > dig.out.ns4.test$n.15 || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns4.test$n.15 > /dev/null || ret=1
|
||||
# check nta table has been cleaned up now
|
||||
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.3
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.3)
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.3 || true)
|
||||
[ "$lines" -eq 0 ] || ret=1
|
||||
n=$((n+1))
|
||||
if [ "$ret" -ne 0 ]; then echo_i "failed - checking that all nta's have been lifted"; fi
|
||||
@@ -1959,21 +1961,21 @@ ret=0
|
||||
n=$((n+1))
|
||||
echo_i "testing NTA with bogus lifetimes ($n)"
|
||||
echo_i "check with no nta lifetime specified"
|
||||
rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1
|
||||
rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 || true
|
||||
grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.1 > /dev/null || ret=1
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
ret=0
|
||||
|
||||
echo_i "check with bad nta lifetime"
|
||||
rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1
|
||||
rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 || true
|
||||
grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.2 > /dev/null || ret=1
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
ret=0
|
||||
|
||||
echo_i "check with too long nta lifetime"
|
||||
rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1
|
||||
rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 || true
|
||||
grep "'nta' failed: out of range" rndc.out.ns4.test$n.3 > /dev/null || ret=1
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
@@ -1985,12 +1987,12 @@ ret=0
|
||||
n=$((n+1))
|
||||
echo_i "testing NTA persistence across restarts ($n)"
|
||||
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.1)
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.1 || true)
|
||||
[ "$lines" -eq 0 ] || ret=1
|
||||
rndccmd 10.53.0.4 nta -f -l 30s bogus.example 2>&1 | sed 's/^/ns4 /' | cat_i
|
||||
rndccmd 10.53.0.4 nta -f -l 10s badds.example 2>&1 | sed 's/^/ns4 /' | cat_i
|
||||
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.2
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.2)
|
||||
lines=$(grep -c " expiry " rndc.out.ns4.test$n.2 || true)
|
||||
[ "$lines" -eq 2 ] || ret=1
|
||||
# shellcheck disable=SC2016
|
||||
start=$($PERL -e 'print time()."\n";')
|
||||
@@ -2961,7 +2963,7 @@ status=$((status+ret))
|
||||
|
||||
echo_i "check that named doesn't loop when all private keys are not available ($n)"
|
||||
ret=0
|
||||
lines=$(grep -c "reading private key file expiring.example" ns3/named.run)
|
||||
lines=$(grep -c "reading private key file expiring.example" ns3/named.run || true)
|
||||
test "${lines:-1000}" -lt 15 || ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
@@ -2970,11 +2972,11 @@ status=$((status+ret))
|
||||
echo_i "check against against missing nearest provable proof ($n)"
|
||||
dig_with_opts +norec b.c.d.optout-tld. \
|
||||
@10.53.0.6 ds > dig.out.ds.ns6.test$n || ret=1
|
||||
nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n)
|
||||
nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n || true)
|
||||
[ "$nsec3" -eq 2 ] || ret=1
|
||||
dig_with_opts +norec b.c.d.optout-tld. \
|
||||
@10.53.0.6 A > dig.out.ns6.test$n || ret=1
|
||||
nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n)
|
||||
nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n || true)
|
||||
[ "$nsec3" -eq 1 ] || ret=1
|
||||
dig_with_opts optout-tld. \
|
||||
@10.53.0.4 SOA > dig.out.soa.ns4.test$n || ret=1
|
||||
@@ -3041,7 +3043,7 @@ test "$cnt" -gt 120 && break
|
||||
sleep 1
|
||||
done
|
||||
test "$keys" -gt 2 || ret=1
|
||||
sigs=$(grep -c RRSIG dig.out.ns3.test$n)
|
||||
sigs=$(grep -c RRSIG dig.out.ns3.test$n || true)
|
||||
n=$((n+1))
|
||||
test "$sigs" -eq 2 || ret=1
|
||||
if test "$ret" -ne 0 ; then echo_i "failed"; fi
|
||||
@@ -3161,10 +3163,10 @@ do
|
||||
alg=$((alg+1))
|
||||
continue;;
|
||||
1|5|7|8|10) # RSA algorithms
|
||||
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err)
|
||||
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
|
||||
;;
|
||||
*)
|
||||
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err)
|
||||
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
|
||||
esac
|
||||
if grep "unsupported algorithm" keygen.err > /dev/null
|
||||
then
|
||||
@@ -3241,7 +3243,7 @@ grep "DNSKEY.257" | sed 's/DNSKEY.257/DNSKEY 258/' |
|
||||
$DSFROMKEY -C -A -f - -T 1 cds-update.secure |
|
||||
sed "s/^/update add /"
|
||||
echo send
|
||||
) | $NSUPDATE > nsupdate.out.test$n 2>&1
|
||||
) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
dig_with_opts +noall +answer @10.53.0.2 cds cds-update.secure > dig.out.test$n
|
||||
lines=$(awk '$4 == "CDS" {print}' dig.out.test$n | wc -l)
|
||||
@@ -3401,7 +3403,7 @@ echo send
|
||||
dig_with_opts +noall +answer @10.53.0.2 dnskey cdnskey-update.secure |
|
||||
sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 258/p'
|
||||
echo send
|
||||
) | $NSUPDATE > nsupdate.out.test$n 2>&1
|
||||
) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true
|
||||
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
|
||||
dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-update.secure > dig.out.test$n
|
||||
lines=$(awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
|
||||
|
||||
Reference in New Issue
Block a user