Wrap dig, delv, rndc and other commands in shell function that strips \r if necessary

bin/tests/system/addzone/tests.sh

@@ -12,15 +12,20 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+dig_with_opts() {
+    $DIG +tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" | sed -b -e 's/\r$//'
+}
 
 status=0
 n=0
 
 echo_i "checking normally loaded zone ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+dig_with_opts @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -31,7 +36,7 @@ status=`expr $status + $ret`
 # NZF to NZD occurs during named startup
 echo_i "checking previously added zone ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
+dig_with_opts @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -48,8 +53,8 @@ fi
 
 echo_i "adding new zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -58,7 +63,7 @@ status=`expr $status + $ret`
 
 echo_i "checking addzone errors are logged correctly"
 ret=0
-$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
 grep "addzone: 'mister' unexpected" ns2/named.run >/dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -66,7 +71,7 @@ status=`expr $status + $ret`
 
 echo_i "checking modzone errors are logged correctly"
 ret=0
-$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
 grep "modzone: 'mister' unexpected" ns2/named.run >/dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -74,8 +79,8 @@ status=`expr $status + $ret`
 
 echo_i "adding a zone that requires quotes ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -84,8 +89,8 @@ status=`expr $status + $ret`
 
 echo_i "adding a zone with a quote in the name ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -94,11 +99,11 @@ status=`expr $status + $ret`
 
 echo_i "adding new zone with missing master file ($n)"
 ret=0
-$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
+dig_with_opts +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
 grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n
 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
-$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
+dig_with_opts +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
 grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
 digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
 n=`expr $n + 1`
@@ -117,7 +122,7 @@ fi
 
 echo_i "checking rndc showzone with previously added zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
 expected='zone "previous.example" { type master; file "previous.db"; };'
 [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
 n=`expr $n + 1`
@@ -134,8 +139,8 @@ fi
 
 echo_i "deleting previously added zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n
+rndc_with_opts 10.53.0.2 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 a.previous.example a > dig.out.ns2.$n
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.previous.example' dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -166,8 +171,8 @@ fi
 
 echo_i "deleting newly added zone added.example ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n
+rndc_with_opts 10.53.0.2 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 a.added.example a > dig.out.ns2.$n
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -176,8 +181,8 @@ status=`expr $status + $ret`
 
 echo_i "deleting newly added zone with escaped quote ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n
+rndc_with_opts 10.53.0.2 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -186,7 +191,7 @@ status=`expr $status + $ret`
 
 echo_i "checking rndc showzone with a normally-loaded zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
 expected='zone "normal.example" { type master; file "normal.db"; };'
 [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
 n=`expr $n + 1`
@@ -195,7 +200,7 @@ status=`expr $status + $ret`
 
 echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
 expected='zone "finaldot.example." { type master; file "normal.db"; };'
 [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
 n=`expr $n + 1`
@@ -204,7 +209,7 @@ status=`expr $status + $ret`
 
 echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
+rndc_with_opts 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
 expected='zone "." { type redirect; file "redirect.db"; };'
 [ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1
 n=`expr $n + 1`
@@ -213,7 +218,7 @@ status=`expr $status + $ret`
 
 echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
+rndc_with_opts 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
 grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1
 grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -224,8 +229,8 @@ echo_i "checking rndc reload with a normally-loaded redirect zone ($n)"
 ret=0
 sleep 1
 cp -f ns1/redirect.db.2 ns1/redirect.db
-$RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n
-$RNDCCMD 10.53.0.1 zonestatus -redirect > zonestatus.out.ns1.$n
+rndc_with_opts 10.53.0.1 reload -redirect > rndc.out.ns1.$n
+rndc_with_opts 10.53.0.1 zonestatus -redirect > zonestatus.out.ns1.$n
 grep "type: redirect" zonestatus.out.ns1.$n > /dev/null || ret=1
 grep "serial: 1" zonestatus.out.ns1.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -234,8 +239,8 @@ status=`expr $status + $ret`
 
 echo_i "delete a normally-loaded zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone normal.example > rndc.out.ns2.$n 2>&1
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n
+rndc_with_opts 10.53.0.2 delzone normal.example > rndc.out.ns2.$n 2>&1
+dig_with_opts @10.53.0.2 a.normal.example a > dig.out.ns2.$n
 grep "is no longer active and will be deleted" rndc.out.ns2.$n > /dev/null || ret=1
 grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n > /dev/null || ret=1
 grep "must also be removed from named.conf." rndc.out.ns2.$n > /dev/null || ret=1
@@ -246,11 +251,11 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "attempting to add master zone with inline signing ($n)"
-$RNDCCMD 10.53.0.2 addzone 'inline.example { type master; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 addzone 'inline.example { type master; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
 for i in 1 2 3 4 5
 do
 ret=0
-$DIG $DIGOPTS @10.53.0.2 a.inline.example a > dig.out.ns2.$n || ret=1
+dig_with_opts @10.53.0.2 a.inline.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.inline.example' dig.out.ns2.$n > /dev/null || ret=1
 [ $ret = 0 ] && break
@@ -262,18 +267,18 @@ status=`expr $status + $ret`
 
 echo_i "attempting to add master zone with inline signing and missing master ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type master; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 addzone 'inlinemissing.example { type master; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "attempting to add slave zone with inline signing ($n)"
-$RNDCCMD 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
 for i in 1 2 3 4 5
 do
 ret=0
-$DIG $DIGOPTS @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
+dig_with_opts @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1
 [ $ret = 0 ] && break
@@ -290,7 +295,7 @@ do
 	test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break
 	sleep 1
 done
-$RNDCCMD 10.53.0.2 delzone inlineslave.example 2>&1 > rndc.out2.test$n
+rndc_with_opts 10.53.0.2 delzone inlineslave.example 2>&1 > rndc.out2.test$n
 test -f inlineslave.bk ||
 grep '^inlineslave.bk$' rndc.out2.test$n > /dev/null || {
 	echo_i "failed to report inlineslave.bk"; ret=1;
@@ -303,11 +308,11 @@ n=`expr $n + 1`
 status=`expr $status + $ret`
 
 echo_i "restoring slave zone with inline signing ($n)"
-$RNDCCMD 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
 for i in 1 2 3 4 5
 do
 ret=0
-$DIG $DIGOPTS @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
+dig_with_opts @10.53.0.2 a.inlineslave.example a > dig.out.ns2.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1
 [ $ret = 0 ] && break
@@ -324,7 +329,7 @@ do
 	test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break
 	sleep 1
 done
-$RNDCCMD 10.53.0.2 delzone -clean inlineslave.example 2>&1 > /dev/null
+rndc_with_opts 10.53.0.2 delzone -clean inlineslave.example 2>&1 > /dev/null
 for i in 0 1 2 3 4 5 6 7 8 9
 do
         ret=0
@@ -337,36 +342,36 @@ status=`expr $status + $ret`
 
 echo_i "modifying zone configuration ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'mod.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.1.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone 'mod.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 mod.example ns > dig.out.ns2.1.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 modzone 'mod.example { type master; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
-$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 modzone 'mod.example { type master; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
+rndc_with_opts 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "check that adding a 'stub' zone works ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "check that adding a 'static-stub' zone works ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "check that adding a 'master redirect' zone works ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 || ret=1
-$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1
 grep "type redirect;" showzone.out.ns2.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1
 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -376,8 +381,8 @@ echo_i "check that reloading a added 'master redirect' zone works ($n)"
 ret=0
 sleep 1
 cp -f ns2/redirect.db.2 ns2/redirect.db
-$RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n
-$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 reload -redirect > rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1
 grep "serial: 1" zonestatus.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -385,26 +390,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 
 echo_i "check that retransfer of a added 'master redirect' zone fails ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
+rndc_with_opts 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 
 echo_i "check that deleting a 'master redirect' zone works ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
-$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1
+rndc_with_opts 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1
 grep 'not found' showzone.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-echo_i "check that adding a 'slave redirect' zone works ($n)"
-ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type redirect; masters { 10.53.0.3;}; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
-$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 addzone '"." { type redirect; masters { 10.53.0.3;}; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1
 grep "type redirect;" showzone.out.ns2.$n > /dev/null || ret=1
 sleep 1
-$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1
 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -414,11 +413,11 @@ status=`expr $status + $ret`
 echo_i "check that retransfering a added 'slave redirect' zone works ($n)"
 ret=0
 cp -f ns3/redirect.db.2 ns3/redirect.db
-$RNDCCMD 10.53.0.3 reload . > showzone.out.ns3.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 reload . > showzone.out.ns3.$n 2>&1 || ret=1
 sleep 1
-$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 || ret=1
 sleep 1
-$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1
 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1
 grep "serial: 1" zonestatus.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -427,8 +426,8 @@ status=`expr $status + $ret`
 
 echo_i "check that deleting a 'slave redirect' zone works ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
-$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1
+rndc_with_opts 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1
 grep 'not found' showzone.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -436,7 +435,7 @@ status=`expr $status + $ret`
 
 echo_i "check that zone type 'hint' is properly rejected ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+rndc_with_opts 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -444,7 +443,7 @@ status=`expr $status + $ret`
 
 echo_i "check that zone type 'forward' is properly rejected ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
+rndc_with_opts 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -452,7 +451,7 @@ status=`expr $status + $ret`
 
 echo_i "check that zone type 'delegation-only' is properly rejected ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
+rndc_with_opts 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -460,7 +459,7 @@ status=`expr $status + $ret`
 
 echo_i "check that 'in-view' zones are properly rejected ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+rndc_with_opts 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -469,7 +468,7 @@ status=`expr $status + $ret`
 echo_i "reconfiguring server with multiple views"
 rm -f ns2/named.conf
 copy_setports ns2/named2.conf.in ns2/named.conf
-$RNDCCMD 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /'
 sleep 5
 
 echo_i "adding new zone to external view ($n)"
@@ -480,14 +479,14 @@ echo_i "adding new zone to external view ($n)"
 # the zone does not exist because a) it has not yet been loaded, b)
 # it failed to load, or c) it has been deleted.
 ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -515,10 +514,10 @@ fi
 
 echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
+rndc_with_opts 10.53.0.2 reload 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -530,7 +529,7 @@ echo_i "checking rndc showzone with newly added zone ($n)"
 # loaded from the NZDB at this point.
 for try in 0 1 2 3 4 5; do
     ret=0
-$RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null
+rndc_with_opts 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null
     if [ -z "$NZD" ]; then
       expected='zone "added.example" in external { type master; file "added.db"; };'
     else
@@ -546,8 +545,8 @@ status=`expr $status + $ret`
 
 echo_i "deleting newly added zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -556,13 +555,13 @@ status=`expr $status + $ret`
 
 echo_i "attempting to add zone to internal view ($n)"
 ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n
+rndc_with_opts 10.53.0.2 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n
 grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
+dig_with_opts @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -570,7 +569,7 @@ status=`expr $status + $ret`
 
 echo_i "attempting to delete a policy zone ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
+rndc_with_opts 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
 grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -578,10 +577,10 @@ status=`expr $status + $ret`
 
 echo_i "adding new zone again to external view ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -591,12 +590,12 @@ status=`expr $status + $ret`
 echo_i "reconfiguring server with multiple views and new-zones-directory"
 rm -f ns2/named.conf
 copy_setports ns2/named3.conf.in ns2/named.conf
-$RNDCCMD 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /'
 sleep 5
 
 echo_i "checking new zone is still loaded after dir change ($n)"
 ret=0
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -605,8 +604,8 @@ status=`expr $status + $ret`
 
 echo_i "deleting newly added zone from external ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -615,18 +614,18 @@ status=`expr $status + $ret`
 
 echo_i "adding new zone to directory view ($n)"
 ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dirpre.$n || ret=1
+dig_with_opts +norec @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dirpre.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.dirpre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'added.example in directory { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
+rndc_with_opts 10.53.0.2 addzone 'added.example in directory { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts +norec @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
+dig_with_opts +norec @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
+dig_with_opts +norec @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
 grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -640,7 +639,7 @@ else
     echo_i "checking NZF file was created in new-zones-directory ($n)"
     expect=ns2/new-zones/directory.nzf
 fi
-$RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
+rndc_with_opts 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
 sleep 2
 [ -e "$expect" ] || ret=1
 n=`expr $n + 1`
@@ -649,8 +648,8 @@ status=`expr $status + $ret`
 
 echo_i "deleting newly added zone from directory ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
+rndc_with_opts 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
+dig_with_opts @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -659,20 +658,20 @@ status=`expr $status + $ret`
 
 echo_i "ensure the configuration context is cleaned up correctly ($n)"
 ret=0
-$RNDCCMD 10.53.0.2 reconfig > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 reconfig > /dev/null 2>&1 || ret=1
 sleep 5
-$RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.2 status > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 echo_i "check delzone after reconfig failure ($n)"
 ret=0
-$RNDCCMD 10.53.0.3 addzone 'inlineslave.example. IN { type slave; file "inlineslave.db"; masterfile-format text; masters { testmaster; }; };' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 addzone 'inlineslave.example. IN { type slave; file "inlineslave.db"; masterfile-format text; masters { testmaster; }; };' > /dev/null 2>&1 || ret=1
 copy_setports ns3/named2.conf.in ns3/named.conf
-$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1 && ret=1
+rndc_with_opts 10.53.0.3 reconfig > /dev/null 2>&1 && ret=1
 sleep 5
-$RNDCCMD 10.53.0.3 delzone inlineslave.example > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 delzone inlineslave.example > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -681,10 +680,10 @@ if ! $FEATURETEST --with-lmdb
 then
     echo_i "check that addzone is fully reversed on failure (--with-lmdb=no) ($n)"
     ret=0
-    $RNDCCMD 10.53.0.3 addzone "test1.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
-    $RNDCCMD 10.53.0.3 addzone "test2.baz" '{ type master; file "dne.db"; };' > /dev/null 2>&1 && ret=1
-    $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
-    $RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
+    rndc_with_opts 10.53.0.3 addzone "test1.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+    rndc_with_opts 10.53.0.3 addzone "test2.baz" '{ type master; file "dne.db"; };' > /dev/null 2>&1 && ret=1
+    rndc_with_opts 10.53.0.3 addzone "test3.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+    rndc_with_opts 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
     grep test2.baz ns3/_default.nzf > /dev/null && ret=1
     n=`expr $n + 1`
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -693,11 +692,11 @@ fi
 
 echo_i "check that named restarts with multiple added zones ($n)"
 ret=0
-$RNDCCMD 10.53.0.3 addzone "test4.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone "test5.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 addzone "test4.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 addzone "test5.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
 $PERL $SYSTEMTESTTOP/stop.pl addzone ns3
 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} addzone ns3 || ret=1
-$DIG $DIGOPTS @10.53.0.3 version.bind txt ch > dig.out.test$n || ret=1
+dig_with_opts @10.53.0.3 version.bind txt ch > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/autosign/tests.sh

@@ -15,13 +15,18 @@ SYSTEMTESTTOP=..
 status=0
 n=0
 
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+dig_with_opts() {
+    $DIG +tcp +noadd +nosea +nostat +nocmd +dnssec -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" | sed -b -e 's/\r$//'
+}
 
 # convert private-type records to readable form
 showprivate () {
     echo "-- $@ --"
-    $DIG $DIGOPTS +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' |
+    dig_with_opts +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' |
         while read record; do
             $PERL -e 'my $rdata = pack("H*", @ARGV[0]);
                 die "invalid record" unless length($rdata) == 5;
@@ -64,22 +69,22 @@ do
 	#
 	# Wait for the root DNSKEY RRset to be fully signed.
 	#
-	$DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
+	dig_with_opts . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
 	grep "ANSWER: 10," dig.out.ns1.test$n > /dev/null || ret=1
 	for z in .
 	do
-		$DIG $DIGOPTS $z @10.53.0.1 nsec > dig.out.ns1.test$n || ret=1
+		dig_with_opts $z @10.53.0.1 nsec > dig.out.ns1.test$n || ret=1
 		grep "NS SOA" dig.out.ns1.test$n > /dev/null || ret=1
 	done
 	for z in bar. example. private.secure.example.
 	do
-		$DIG $DIGOPTS $z @10.53.0.2 nsec > dig.out.ns2.test$n || ret=1
+		dig_with_opts $z @10.53.0.2 nsec > dig.out.ns2.test$n || ret=1
 		grep "NS SOA" dig.out.ns2.test$n > /dev/null || ret=1
 	done
 	for z in bar. example. inacksk2.example. inacksk3.example \
 		 inaczsk2.example. inaczsk3.example
 	do
-		$DIG $DIGOPTS $z @10.53.0.3 nsec > dig.out.ns3.test$n || ret=1
+		dig_with_opts $z @10.53.0.3 nsec > dig.out.ns3.test$n || ret=1
 		grep "NS SOA" dig.out.ns3.test$n > /dev/null || ret=1
 	done
 	i=`expr $i + 1`
@@ -95,17 +100,17 @@ echo_i "Initial counts of RRSIG expiry fields values for auto signed zones"
 for z in .
 do
 	echo_i zone $z
-	$DIG $DIGOPTS $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+	dig_with_opts $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
 done
 for z in bar. example. private.secure.example.
 do
 	echo_i zone $z
-	$DIG $DIGOPTS $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+	dig_with_opts $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
 done
 for z in inacksk2.example. inacksk3.example inaczsk2.example. inaczsk3.example
 do
 	echo_i zone $z
-	$DIG $DIGOPTS $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+	dig_with_opts $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
 done
 
 #
@@ -116,7 +121,7 @@ echo_i "  resigned after the active KSK is deleted - stage 1: Verify that DNSKEY
 echo_i "  is initially signed with a KSK and not a ZSK. ($n)"
 ret=0
 
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
 
 zskid=`awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
        $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}'`
@@ -139,7 +144,7 @@ awk='$4 == "RRSIG" && $5 == "DNSKEY" { printf "%05u\n", $11 }'
 id=`awk "${awk}" dig.out.ns3.test$n`
 
 $SETTIME -D now+5 ns3/Kinacksk3.example.+007+${id} > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 loadkeys inacksk3.example 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys inacksk3.example 2>&1 | sed 's/^/ns3 /' | cat_i
 
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -152,7 +157,7 @@ echo_i "check that zone with active and inactive ZSK and active KSK is properly"
 echo_i "  resigned after the active ZSK is deleted - stage 1: Verify that zone"
 echo_i "  is initially signed with a ZSK and not a KSK. ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
 kskid=`awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n |
        $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}' `
 grep "CNAME 7 3 " dig.out.ns3.test$n > /dev/null || ret=1
@@ -167,7 +172,7 @@ count=`awk 'BEGIN { count = 0 }
 test $count -eq 3 || ret=1
 id=`awk '$4 == "RRSIG" && $5 == "CNAME" { printf "%05u\n", $11 }' dig.out.ns3.test$n`
 $SETTIME -D now+5 ns3/Kinaczsk3.example.+007+${id} > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 loadkeys inaczsk3.example 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys inaczsk3.example 2>&1 | sed 's/^/ns3 /' | cat_i
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -175,9 +180,9 @@ status=`expr $status + $ret`
 echo_i "checking NSEC->NSEC3 conversion prerequisites ($n)"
 ret=0
 # these commands should result in an empty file:
-$DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
+dig_with_opts +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.1.test$n > /dev/null && ret=1
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
+dig_with_opts +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.2.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -185,7 +190,7 @@ status=`expr $status + $ret`
 
 echo_i "checking NSEC3->NSEC conversion prerequisites ($n)"
 ret=0
-$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -228,7 +233,7 @@ END
 
 echo_i "checking for nsec3param in unsigned zone ($n)"
 ret=0
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -236,7 +241,7 @@ status=`expr $status + $ret`
 
 echo_i "checking for nsec3param signing record ($n)"
 ret=0
-$RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
+rndc_with_opts 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
 grep "Pending NSEC3 chain 1 0 20 DEAF" signing.out.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -244,11 +249,11 @@ status=`expr $status + $ret`
 
 echo_i "resetting nsec3param via rndc signing ($n)"
 ret=0
-$RNDCCMD 10.53.0.3 signing -clear all autonsec3.example. > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 beef autonsec3.example. > /dev/null 2>&1
+rndc_with_opts 10.53.0.3 signing -clear all autonsec3.example. > /dev/null 2>&1
+rndc_with_opts 10.53.0.3 signing -nsec3param 1 1 10 beef autonsec3.example. > /dev/null 2>&1
 for i in 0 1 2 3 4 5 6 7 8 9; do
 	ret=0
-	$RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
+	rndc_with_opts 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
 	grep "Pending NSEC3 chain 1 1 10 BEEF" signing.out.test$n > /dev/null || ret=1
 	num=`grep "Pending " signing.out.test$n | wc -l`
 	[ $num -eq 1 ] || ret=1
@@ -265,7 +270,7 @@ zsk=`cat autozsk.key`
 ksk=`cat autoksk.key`
 $SETTIME -K ns3 -P now -A now $zsk > /dev/null 2>&1
 $SETTIME -K ns3 -P now -A now $ksk > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 loadkeys autonsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys autonsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i
 
 echo_i "waiting for changes to take effect"
 sleep 3
@@ -318,16 +323,16 @@ status=`expr $status + $ret`
 # Send rndc sync command to ns1, ns2 and ns3, to force the dynamically
 # signed zones to be dumped to their zone files
 echo_i "dumping zone files"
-$RNDCCMD 10.53.0.1 sync 2>&1 | sed 's/^/ns1 /' | cat_i
-$RNDCCMD 10.53.0.2 sync 2>&1 | sed 's/^/ns2 /' | cat_i
-$RNDCCMD 10.53.0.3 sync 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.1 sync 2>&1 | sed 's/^/ns1 /' | cat_i
+rndc_with_opts 10.53.0.2 sync 2>&1 | sed 's/^/ns2 /' | cat_i
+rndc_with_opts 10.53.0.3 sync 2>&1 | sed 's/^/ns3 /' | cat_i
 
 echo_i "checking expired signatures were updated ($n)"
 for i in 1 2 3 4 5 6 7 8 9
 do
 	ret=0
-	$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-	$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+	dig_with_opts +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+	dig_with_opts +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
         digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 	grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 	[ $ret = 0 ] && break
@@ -338,10 +343,10 @@ status=`expr $status + $ret`
 
 echo_i "checking NSEC->NSEC3 conversion succeeded ($n)"
 ret=0
-$DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
+dig_with_opts nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.ok.test$n > /dev/null || ret=1
-$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth q.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth q.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -351,11 +356,11 @@ status=`expr $status + $ret`
 
 echo_i "checking direct NSEC3 autosigning succeeded ($n)"
 ret=0
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
+dig_with_opts +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
 [ -s  dig.out.ns3.ok.test$n ] || ret=1
 grep "NSEC3PARAM" dig.out.ns3.ok.test$n > /dev/null || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -373,10 +378,10 @@ status=`expr $status + $ret`
 echo_i "checking NSEC3->NSEC conversion succeeded ($n)"
 ret=0
 # this command should result in an empty file:
-$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1
+dig_with_opts +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.nx.test$n > /dev/null && ret=1
-$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth q.nsec3-to-nsec.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth q.nsec3-to-nsec.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -386,13 +391,13 @@ status=`expr $status + $ret`
 
 echo_i "checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' ($n)"
 ret=0
-$RNDCCMD 10.53.0.3 signing -nsec3param none autonsec3.example. > /dev/null 2>&1
+rndc_with_opts 10.53.0.3 signing -nsec3param none autonsec3.example. > /dev/null 2>&1
 sleep 2
 # this command should result in an empty file:
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1
+dig_with_opts +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1
 grep "NSEC3PARAM" dig.out.ns3.nx.test$n > /dev/null && ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -402,7 +407,7 @@ status=`expr $status + $ret`
 
 echo_i "checking TTLs of imported DNSKEYs (no default) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 [ -s dig.out.ns3.test$n ] || ret=1
 awk 'BEGIN {r=0} $2 != 300 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 | cat_i
 n=`expr $n + 1`
@@ -411,7 +416,7 @@ status=`expr $status + $ret`
 
 echo_i "checking TTLs of imported DNSKEYs (with default) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 [ -s dig.out.ns3.test$n ] || ret=1
 awk 'BEGIN {r=0} $2 != 60 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 | cat_i
 n=`expr $n + 1`
@@ -420,7 +425,7 @@ status=`expr $status + $ret`
 
 echo_i "checking TTLs of imported DNSKEYs (mismatched) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 [ -s dig.out.ns3.test$n ] || ret=1
 awk 'BEGIN {r=0} $2 != 30 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 | cat_i
 n=`expr $n + 1`
@@ -429,7 +434,7 @@ status=`expr $status + $ret`
 
 echo_i "checking TTLs of imported DNSKEYs (existing RRset) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 [ -s dig.out.ns3.test$n ] || ret=1
 awk 'BEGIN {r=0} $2 != 30 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 | cat_i
 n=`expr $n + 1`
@@ -438,8 +443,8 @@ status=`expr $status + $ret`
 
 echo_i "checking positive validation NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -448,9 +453,9 @@ status=`expr $status + $ret`
 
 echo_i "checking positive validation NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
@@ -460,9 +465,9 @@ status=`expr $status + $ret`
 
 echo_i "checking positive validation OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
@@ -472,8 +477,8 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NXDOMAIN NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -483,9 +488,9 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NXDOMAIN NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth q.nsec3.example. \
+dig_with_opts +noauth q.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.nsec3.example. \
+dig_with_opts +noauth q.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
@@ -496,9 +501,9 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NXDOMAIN OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth q.optout.example. \
+dig_with_opts +noauth q.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.optout.example. \
+dig_with_opts +noauth q.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -510,8 +515,8 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NODATA NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
+dig_with_opts +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -522,9 +527,9 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NODATA NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.3 txt > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.4 txt > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
@@ -536,9 +541,9 @@ status=`expr $status + $ret`
 
 echo_i "checking negative validation NODATA OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.3 txt > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.4 txt > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
@@ -552,8 +557,8 @@ status=`expr $status + $ret`
 
 echo_i "checking 1-server insecurity proof NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 # Note - this is looking for failure, hence the &&
@@ -564,9 +569,9 @@ status=`expr $status + $ret`
 
 echo_i "checking 1-server negative insecurity proof NSEC ($n)"
 ret=0
-$DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \
+dig_with_opts q.insecure.example. a @10.53.0.3 \
 	> dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS q.insecure.example. a @10.53.0.4 \
+dig_with_opts q.insecure.example. a @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -580,9 +585,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC/NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.secure.example. \
+dig_with_opts +noauth a.secure.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.secure.example. \
+dig_with_opts +noauth a.secure.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -593,9 +598,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC/NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.nsec3.example. \
+dig_with_opts +noauth a.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -606,9 +611,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC/OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.optout.example. \
+dig_with_opts +noauth a.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -619,9 +624,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC3/NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
+dig_with_opts +noauth a.secure.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
+dig_with_opts +noauth a.secure.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -632,9 +637,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC3/NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
+dig_with_opts +noauth a.nsec3.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
+dig_with_opts +noauth a.nsec3.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -645,9 +650,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation NSEC3/OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
+dig_with_opts +noauth a.optout.nsec3.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
+dig_with_opts +noauth a.optout.nsec3.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -658,9 +663,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation OPTOUT/NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.secure.optout.example. \
+dig_with_opts +noauth a.secure.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.secure.optout.example. \
+dig_with_opts +noauth a.secure.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -671,9 +676,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation OPTOUT/NSEC3 ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
+dig_with_opts +noauth a.nsec3.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
+dig_with_opts +noauth a.nsec3.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -684,9 +689,9 @@ status=`expr $status + $ret`
 
 echo_i "checking multi-stage positive validation OPTOUT/OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.optout.optout.example. \
+dig_with_opts +noauth a.optout.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.optout.optout.example. \
+dig_with_opts +noauth a.optout.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -697,9 +702,9 @@ status=`expr $status + $ret`
 
 echo_i "checking empty NODATA OPTOUT ($n)"
 ret=0
-$DIG $DIGOPTS +noauth empty.optout.example. \
+dig_with_opts +noauth empty.optout.example. \
 	@10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth empty.optout.example. \
+dig_with_opts +noauth empty.optout.example. \
 	@10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -712,9 +717,9 @@ status=`expr $status + $ret`
 
 echo_i "checking 2-server insecurity proof ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \
+dig_with_opts +noauth a.insecure.secure.example. @10.53.0.2 a \
 	> dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.4 a \
+dig_with_opts +noauth a.insecure.secure.example. @10.53.0.4 a \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -728,9 +733,9 @@ status=`expr $status + $ret`
 
 echo_i "checking 2-server insecurity proof with a negative answer ($n)"
 ret=0
-$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
+dig_with_opts q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
 	|| ret=1
-$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
+dig_with_opts q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
 	|| ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -742,7 +747,7 @@ status=`expr $status + $ret`
 
 echo_i "checking security root query ($n)"
 ret=0
-$DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1
+dig_with_opts . @10.53.0.4 key > dig.out.ns4.test$n || ret=1
 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -751,8 +756,8 @@ status=`expr $status + $ret`
 
 echo_i "checking positive validation RSASHA256 NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth a.rsasha256.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth a.rsasha256.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -761,8 +766,8 @@ status=`expr $status + $ret`
 
 echo_i "checking positive validation RSASHA512 NSEC ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth a.rsasha512.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts +noauth a.rsasha512.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -771,9 +776,9 @@ status=`expr $status + $ret`
 
 echo_i "checking that positive validation in a privately secure zone works ($n)"
 ret=0
-$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.2 \
+dig_with_opts +noauth a.private.secure.example. a @10.53.0.2 \
 	> dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.4 \
+dig_with_opts +noauth a.private.secure.example. a @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
@@ -784,9 +789,9 @@ status=`expr $status + $ret`
 
 echo_i "checking that negative validation in a privately secure zone works ($n)"
 ret=0
-$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.2 \
+dig_with_opts +noauth q.private.secure.example. a @10.53.0.2 \
 	> dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.4 \
+dig_with_opts +noauth q.private.secure.example. a @10.53.0.4 \
 	> dig.out.ns4.test$n || ret=1
 digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
@@ -798,7 +803,7 @@ status=`expr $status + $ret`
 
 echo_i "checking privately secure to nxdomain works ($n)"
 ret=0
-$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1
+dig_with_opts +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1
 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -810,7 +815,7 @@ status=`expr $status + $ret`
 
 echo_i "checking that validation returns insecure due to revoked trusted key ($n)"
 ret=0
-$DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "flags:.*; QUERY" dig.out.ns5.test$n > /dev/null || ret=1
 grep "flags:.* ad.*; QUERY" dig.out.ns5.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -820,7 +825,7 @@ status=`expr $status + $ret`
 echo_i "checking that revoked key is present ($n)"
 ret=0
 id=`cat rev.key`
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -829,7 +834,7 @@ status=`expr $status + $ret`
 echo_i "checking that revoked key self-signs ($n)"
 ret=0
 id=`cat rev.key`
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -838,7 +843,7 @@ status=`expr $status + $ret`
 echo_i "checking for unpublished key ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < unpub.key`
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -847,7 +852,7 @@ status=`expr $status + $ret`
 echo_i "checking for activated but unpublished key ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < activate-now-publish-1day.key`
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -856,7 +861,7 @@ status=`expr $status + $ret`
 echo_i "checking that standby key does not sign records ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key`
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -865,7 +870,7 @@ status=`expr $status + $ret`
 echo_i "checking that deactivated key does not sign records  ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < inact.key`
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -884,7 +889,7 @@ update add $keydata
 send
 END
 sleep 1
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -893,7 +898,7 @@ status=`expr $status + $ret`
 echo_i "checking key deletion ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < del.key`
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -909,7 +914,7 @@ send
 END
 for i in 0 1 2 3 4 5 6 7 8 9; do
 	ret=0
-	$DIG $DIGOPTS axfr secure-to-insecure.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+	dig_with_opts axfr secure-to-insecure.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
 	egrep '(RRSIG|DNSKEY|NSEC)' dig.out.ns3.test$n > /dev/null && ret=1
 	[ $ret -eq 0 ] && break
 	echo_i "waiting ... ($i)"
@@ -925,10 +930,10 @@ file="ns3/`cat del1.key`.key"
 $SETTIME -I now -D now $file > /dev/null
 file="ns3/`cat del2.key`.key"
 $SETTIME -I now -D now $file > /dev/null
-$RNDCCMD 10.53.0.3 sign secure-to-insecure2.example. 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 sign secure-to-insecure2.example. 2>&1 | sed 's/^/ns3 /' | cat_i
 for i in 0 1 2 3 4 5 6 7 8 9; do
 	ret=0
-	$DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+	dig_with_opts axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
 	egrep '(RRSIG|DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1
 	[ $ret -eq 0 ] && break
 	echo_i "waiting ... ($i)"
@@ -940,22 +945,22 @@ status=`expr $status + $ret`
 
 echo_i "checking that serial number and RRSIGs are both updated (rt21045) ($n)"
 ret=0
-oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`
-oldinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
+oldserial=`dig_with_opts +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`
+oldinception=`dig_with_opts +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
 
 $KEYGEN -a rsasha1 -3 -q -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
 
-$RNDCCMD 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/ns1 /' | cat_i
+rndc_with_opts 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/ns1 /' | cat_i
 newserial=$oldserial
 try=0
 while [ $oldserial -eq $newserial -a $try -lt 42 ]
 do
-	newserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 |
+	newserial=`dig_with_opts +short soa prepub.example @10.53.0.3 |
 		 awk '$0 !~ /SOA/ {print $3}'`
 	sleep 1
 	try=`expr $try + 1`
 done
-newinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
+newinception=`dig_with_opts +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
 #echo "$oldserial : $newserial"
 #echo "$oldinception : $newinception"
 
@@ -980,22 +985,22 @@ $SETTIME -K ns1 -I now+2s -D now+25 $oldfile > /dev/null
 $SETTIME -K ns1 -i 0 -S $oldfile $newfile > /dev/null
 
 # note previous zone serial number
-oldserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'`
+oldserial=`dig_with_opts +short soa . @10.53.0.1 | awk '{print $3}'`
 
-$RNDCCMD 10.53.0.1 loadkeys . 2>&1 | sed 's/^/ns1 /' | cat_i
+rndc_with_opts 10.53.0.1 loadkeys . 2>&1 | sed 's/^/ns1 /' | cat_i
 sleep 4
 
 echo_i "revoking key to duplicated key ID"
 $SETTIME -R now -K ns2 Kbar.+005+30676.key > /dev/null 2>&1
 
-$RNDCCMD 10.53.0.2 loadkeys bar. 2>&1 | sed 's/^/ns2 /' | cat_i
+rndc_with_opts 10.53.0.2 loadkeys bar. 2>&1 | sed 's/^/ns2 /' | cat_i
 
 echo_i "waiting for changes to take effect"
 sleep 5
 
 echo_i "checking former standby key is now active ($n)"
 ret=0
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1003,7 +1008,7 @@ status=`expr $status + $ret`
 
 echo_i "checking former standby key has only signed incrementally ($n)"
 ret=0
-$DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 grep 'RRSIG.*'" $oldid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -1041,14 +1046,14 @@ n=`expr $n + 1`
 status=`expr $status + $ret`
 
 echo_i "forcing full sign"
-$RNDCCMD 10.53.0.1 sign . 2>&1 | sed 's/^/ns1 /' | cat_i
+rndc_with_opts 10.53.0.1 sign . 2>&1 | sed 's/^/ns1 /' | cat_i
 
 echo_i "waiting for change to take effect"
 sleep 5
 
 echo_i "checking former standby key has now signed fully ($n)"
 ret=0
-$DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1056,7 +1061,7 @@ status=`expr $status + $ret`
 
 echo_i "checking SOA serial number has been incremented ($n)"
 ret=0
-newserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'`
+newserial=`dig_with_opts +short soa . @10.53.0.1 | awk '{print $3}'`
 [ "$newserial" != "$oldserial" ] || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1069,7 +1074,7 @@ ksk=`cat delayksk.key`
 # publication and activation times should be unset
 $SETTIME -K ns3 -pA -pP $zsk | grep -v UNSET > /dev/null 2>&1 && ret=1
 $SETTIME -K ns3 -pA -pP $ksk | grep -v UNSET > /dev/null 2>&1 && ret=1
-$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 # DNSKEY not expected:
 awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n && ret=1
 n=`expr $n + 1`
@@ -1080,12 +1085,12 @@ echo_i "checking scheduled key publication, not activation ($n)"
 ret=0
 $SETTIME -K ns3 -P now+3s -A none $zsk > /dev/null 2>&1
 $SETTIME -K ns3 -P now+3s -A none $ksk > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i
 
 echo_i "waiting for changes to take effect"
 sleep 5
 
-$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
 # DNSKEY expected:
 awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n || ret=1
 # RRSIG not expected:
@@ -1098,17 +1103,17 @@ echo_i "checking scheduled key activation ($n)"
 ret=0
 $SETTIME -K ns3 -A now+3s $zsk > /dev/null 2>&1
 $SETTIME -K ns3 -A now+3s $ksk > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i
 
 echo_i "waiting for changes to take effect"
 sleep 5
 
-$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
+dig_with_opts +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
 # DNSKEY expected:
 awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.1.test$n || ret=1
 # RRSIG expected:
 awk 'BEGIN {r=1} $4=="RRSIG" {r=0} END {exit r}' dig.out.ns3.1.test$n || ret=1
-$DIG $DIGOPTS +noall +answer a a.delay.example. @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
+dig_with_opts +noall +answer a a.delay.example. @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
 # A expected:
 awk 'BEGIN {r=1} $4=="A" {r=0} END {exit r}' dig.out.ns3.2.test$n || ret=1
 # RRSIG expected:
@@ -1129,7 +1134,7 @@ case $sleep in
 *) echo_i "waiting for timer to have activated"; sleep $sleep;;
 esac
 ret=0
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$oldid"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1138,7 +1143,7 @@ status=`expr $status + $ret`
 echo_i "checking private key file removal caused no immediate harm ($n)"
 ret=0
 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < vanishing.key`
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1147,9 +1152,9 @@ status=`expr $status + $ret`
 echo_i "checking revoked key with duplicate key ID (failure expected) ($n)"
 lret=0
 id=30676
-$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || lret=1
+dig_with_opts +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || lret=1
 grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null || lret=1
-$DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || lret=1
+dig_with_opts dnskey bar @10.53.0.4 > dig.out.ns4.test$n || lret=1
 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || lret=1
 n=`expr $n + 1`
 if [ $lret != 0 ]; then echo_i "not yet implemented"; fi
@@ -1212,8 +1217,8 @@ status=`expr $status + $ret`
 echo_i "forcing full sign with unreadable keys ($n)"
 ret=0
 chmod 0 ns1/K.+*+*.key ns1/K.+*+*.private || ret=1
-$RNDCCMD 10.53.0.1 sign . 2>&1 | sed 's/^/ns1 /' | cat_i
-$DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
+rndc_with_opts 10.53.0.1 sign . 2>&1 | sed 's/^/ns1 /' | cat_i
+dig_with_opts . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1222,12 +1227,12 @@ status=`expr $status + $ret`
 echo_i "test turning on auto-dnssec during reconfig ($n)"
 ret=0
 # first create a zone that doesn't have auto-dnssec
-$RNDCCMD 10.53.0.3 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/ns3 /' | cat_i
 rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
 [ "$rekey_calls" -eq 0 ] || ret=1
 # ...then we add auto-dnssec and reconfigure
-$RNDCCMD 10.53.0.3 modzone reconf.example '{ type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' 2>&1 | sed 's/^/ns3 /' | cat_i
-$RNDCCMD 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 modzone reconf.example '{ type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i
 for i in 0 1 2 3 4 5 6 7 8 9; do
     lret=0
     rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
@@ -1243,8 +1248,8 @@ status=`expr $status + $ret`
 
 echo_i "test CDS and CDNSKEY auto generation ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
+dig_with_opts @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
+dig_with_opts @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
 grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n > /dev/null || ret=1
 grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n > /dev/null || ret=1
 n=`expr $n + 1`
@@ -1254,9 +1259,9 @@ status=`expr $status + $ret`
 
 echo_i "test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example dnskey > dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
+dig_with_opts @10.53.0.3 sync.example dnskey > dig.out.ns3.dnskeytest$n
+dig_with_opts @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
+dig_with_opts @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
 lines=`awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l`
 test ${lines:-0} -eq 2 || ret=1
 lines=`awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l`
@@ -1269,9 +1274,9 @@ status=`expr $status + $ret`
 
 echo_i "test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey > dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey > dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cds > dig.out.ns3.cdstest$n
+dig_with_opts @10.53.0.3 kskonly.example dnskey > dig.out.ns3.dnskeytest$n
+dig_with_opts @10.53.0.3 kskonly.example cdnskey > dig.out.ns3.cdnskeytest$n
+dig_with_opts @10.53.0.3 kskonly.example cds > dig.out.ns3.cdstest$n
 lines=`awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l`
 test ${lines:-0} -eq 1 || ret=1
 lines=`awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l`
@@ -1284,14 +1289,14 @@ status=`expr $status + $ret`
 
 echo_i "setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'"
 $SETTIME -D sync now+2 `cat sync.key` > /dev/null
-$RNDCCMD 10.53.0.3 loadkeys sync.example | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys sync.example | sed 's/^/ns3 /' | cat_i
 echo_i "waiting for deletion to occur"
 sleep 3
 
 echo_i "checking that the CDS and CDNSKEY are deleted ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
+dig_with_opts @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
+dig_with_opts @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
 grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n > /dev/null && ret=1
 grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -1319,7 +1324,7 @@ status=`expr $status + $ret`
 
 echo_i "check that zone with inactive KSK and active ZSK is properly autosigned ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inacksk2.example > dig.out.ns3.test$n
 
 zskid=`awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
        $DSFROMKEY -A -2 -f - inacksk2.example | awk '{ print $4}' `
@@ -1337,7 +1342,7 @@ status=`expr $status + $ret`
 
 echo_i "check that zone with inactive ZSK and active KSK is properly autosigned ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inaczsk2.example > dig.out.ns3.test$n
 grep "SOA 7 2" dig.out.ns3.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1351,7 +1356,7 @@ echo_i "  resigned after the active KSK is deleted - stage 2: Verify that DNSKEY
 echo_i "  is now signed with the ZSK. ($n)"
 ret=0
 
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
 
 zskid=`awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
        $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}' `
@@ -1379,7 +1384,7 @@ echo_i "check that zone with active and inactive ZSK and active KSK is properly"
 echo_i "  resigned after the active ZSK is deleted - stage 2: Verify that zone"
 echo_i "  is now signed with the KSK. ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
 kskid=`awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n |
        $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}' `
 grep "CNAME 7 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n > /dev/null || ret=1
@@ -1398,10 +1403,10 @@ status=`expr $status + $ret`
 echo_i "checking for out-of-zone NSEC3 records after ZSK removal ($n)"
 ret=0
 # Switch the zone over to NSEC3 and wait until the transition is complete.
-$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. > signing.out.1.test$n 2>&1 || ret=1
+rndc_with_opts 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. > signing.out.1.test$n 2>&1 || ret=1
 for i in 0 1 2 3 4 5 6 7 8 9; do
 	_ret=1
-	$DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
+	dig_with_opts delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
 	grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		_ret=0
@@ -1417,10 +1422,10 @@ fi
 file="ns3/`cat delzsk.key`.key"
 $SETTIME -D now-1h $file > settime.out.test$n 2>&1 || ret=1
 # Trigger removal of the inactive ZSK and wait until its completion.
-$RNDCCMD 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i
+rndc_with_opts 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i
 for i in 0 1 2 3 4 5 6 7 8 9; do
 	_ret=1
-	$RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
+	rndc_with_opts 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
 	grep "Signing " signing.out.2.test$n > /dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		if [ `cat signing.out.2.test$n | wc -l` -eq 2 ]; then
@@ -1443,7 +1448,7 @@ fi
 #     $ nsec3hash 12345678 1 10 ns.sub.delzsk.example.
 #     589R358VSPJUFVAJU949JPVF74D9PTGH (salt=12345678, hash=1, iterations=10)
 #
-$DIG $DIGOPTS delzsk.example AXFR @10.53.0.3 > dig.out.ns3.3.test$n || ret=1
+dig_with_opts delzsk.example AXFR @10.53.0.3 > dig.out.ns3.3.test$n || ret=1
 grep "589R358VSPJUFVAJU949JPVF74D9PTGH" dig.out.ns3.3.test$n > /dev/null 2>&1 && ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1451,7 +1456,7 @@ status=`expr $status + $ret`
 
 echo_i "check that DNAME at apex with NSEC3 is correctly signed (auto-dnssec maintain) ($n)"
 ret=0
-$DIG $DIGOPTS txt dname-at-apex-nsec3.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+dig_with_opts txt dname-at-apex-nsec3.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
 grep "RRSIG NSEC3 7 3 3600" dig.out.ns3.test$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1459,9 +1464,9 @@ status=`expr $status + $ret`
 
 echo_i "checking that DNAME is not treated as a delegation when signing ($n)"
 ret=0
-$DIG $DIGOPTS dname-and-txt.secure.example. DNAME @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
+dig_with_opts dname-and-txt.secure.example. DNAME @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
 grep "dname-and-txt.secure.example.*RRSIG.*DNAME" dig.out.ns3.1.test$n > /dev/null 2>&1 || ret=1
-$DIG $DIGOPTS dname-and-txt.secure.example. TXT @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
+dig_with_opts dname-and-txt.secure.example. TXT @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
 grep "dname-and-txt.secure.example.*RRSIG.*TXT" dig.out.ns3.2.test$n > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/cacheclean/tests.sh

@@ -15,17 +15,25 @@ SYSTEMTESTTOP=..
 status=0
 n=0
 
-RNDCOPTS="-c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT}"
-DIGOPTS="+nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm \
-         +nostat @10.53.0.2 -p ${PORT}"
+dig_without_opts() {
+    $DIG "$@" | sed -b -e 's/\r$//'
+}
+
+dig_with_opts() {
+    $DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat @10.53.0.2 -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -s 10.53.0.2 -p "${CONTROLPORT}" "$@" | sed -b -e 's/\r$//'
+}
 
 # fill the cache with nodes from flushtest.example zone
 load_cache () {
         # empty all existing cache data
-        $RNDC $RNDCOPTS flush
+        rndc_with_opts flush
 
 	# load the positive cache entries
-	$DIG $DIGOPTS -f - << EOF > /dev/null 2>&1
+	dig_with_opts -f - << EOF > /dev/null 2>&1
 txt top1.flushtest.example
 txt second1.top1.flushtest.example
 txt third1.second1.top1.flushtest.example
@@ -46,18 +54,18 @@ EOF
 
 	# load the negative cache entries
         # nxrrset:
-	$DIG $DIGOPTS a third1.second1.top1.flushtest.example > /dev/null
+	dig_with_opts a third1.second1.top1.flushtest.example > /dev/null
         # nxdomain:
-	$DIG $DIGOPTS txt top4.flushtest.example > /dev/null
+	dig_with_opts txt top4.flushtest.example > /dev/null
         # empty nonterminal:
-	$DIG $DIGOPTS txt second2.top3.flushtest.example > /dev/null
+	dig_with_opts txt second2.top3.flushtest.example > /dev/null
 
 	# sleep 2 seconds ensure the TTLs will be lower on cached data
 	sleep 2
 }
 
 dump_cache () {
-        $RNDC $RNDCOPTS dumpdb -cache _default
+        rndc_with_opts dumpdb -cache _default
         for i in 0 1 2 3 4 5 6 7 8 9
         do
                 grep '^; Dump complete$' ns2/named_dump.db > /dev/null && break
@@ -67,13 +75,13 @@ dump_cache () {
 }
 
 clear_cache () {
-        $RNDC $RNDCOPTS flush
+        rndc_with_opts flush
 }
 
 in_cache () {
-        ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'`
+        ttl=`dig_with_opts "$@" | awk '{print $2}'`
         [ -z "$ttl" ] && {
-                ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'`
+                ttl=`dig_with_opts +noanswer +auth "$@" | awk '{print $2}'`
                 [ "$ttl" -ge 3599 ] && return 1
                 return 0
         }
@@ -98,7 +106,7 @@ filter_tree () {
 
 n=`expr $n + 1`
 echo_i "check correctness of routine cache cleaning ($n)"
-$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1
+dig_with_opts +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1
 
 digcomp --lc dig.out.ns2 knowngood.dig.out || status=1
 
@@ -135,7 +143,7 @@ clear_cache
 load_cache
 # interior node
 in_cache txt top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushname top1.flushtest.example
+rndc_with_opts flushname top1.flushtest.example
 in_cache txt top1.flushtest.example && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -145,7 +153,7 @@ echo_i "check flushing of individual nodes (leaf node, under the interior node)
 ret=0
 # leaf node, under the interior node (should still exist)
 in_cache txt third2.second1.top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example
+rndc_with_opts flushname third2.second1.top1.flushtest.example
 in_cache txt third2.second1.top1.flushtest.example && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -156,7 +164,7 @@ ret=0
 # another leaf node, with both positive and negative cache entries
 in_cache a third1.second1.top1.flushtest.example || ret=1
 in_cache txt third1.second1.top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example
+rndc_with_opts flushname third1.second1.top1.flushtest.example
 in_cache a third1.second1.top1.flushtest.example && ret=1
 in_cache txt third1.second1.top1.flushtest.example && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -165,7 +173,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check flushing a nonexistent name ($n)"
 ret=0
-$RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1
+rndc_with_opts flushname fake.flushtest.example || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -177,19 +185,19 @@ load_cache
 # flushing leaf node should leave the interior node:
 in_cache txt third1.second1.top1.flushtest.example || ret=1
 in_cache txt top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushtree third1.second1.top1.flushtest.example
+rndc_with_opts flushtree third1.second1.top1.flushtest.example
 in_cache txt third1.second1.top1.flushtest.example && ret=1
 in_cache txt top1.flushtest.example || ret=1
 in_cache txt second1.top1.flushtest.example || ret=1
 in_cache txt third2.second1.top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushtree second1.top1.flushtest.example
+rndc_with_opts flushtree second1.top1.flushtest.example
 in_cache txt top1.flushtest.example || ret=1
 in_cache txt second1.top1.flushtest.example && ret=1
 in_cache txt third2.second1.top1.flushtest.example && ret=1
 
 # flushing from an empty node should still remove all its children
 in_cache txt second1.top2.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushtree top2.flushtest.example
+rndc_with_opts flushtree top2.flushtest.example
 in_cache txt second1.top2.flushtest.example && ret=1
 in_cache txt second2.top2.flushtest.example && ret=1
 in_cache txt second3.top2.flushtest.example && ret=1
@@ -199,7 +207,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check flushing a nonexistent namespace ($n)"
 ret=0
-$RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1
+rndc_with_opts flushtree fake.flushtest.example || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -216,7 +224,7 @@ n=`expr $n + 1`
 echo_i "check the check that flushname of a partial match works ($n)"
 ret=0
 in_cache txt second2.top1.flushtest.example || ret=1
-$RNDC $RNDCOPTS flushtree example
+rndc_with_opts flushtree example
 in_cache txt second2.top1.flushtest.example && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -241,7 +249,7 @@ sed -n '/plain success\/timeout/,/Unassociated entries/p' \
 grep 'plain success/timeout' sed.out.$n.a > /dev/null 2>&1 || ret=1
 grep 'Unassociated entries' sed.out.$n.a > /dev/null 2>&1 || ret=1
 grep 'ns.flushtest.example' sed.out.$n.a > /dev/null 2>&1 || ret=1
-$RNDC $RNDCOPTS flushtree flushtest.example || ret=1
+rndc_with_opts flushtree flushtest.example || ret=1
 dump_cache
 mv ns2/named_dump.db.$n ns2/named_dump.db.$n.b
 sed -n '/plain success\/timeout/,/Unassociated entries/p' \
@@ -255,7 +263,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check expire option returned from master zone ($n)"
 ret=0
-$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
+dig_without_opts @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
 grep EXPIRE: dig.out.expire > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -263,7 +271,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check expire option returned from slave zone ($n)"
 ret=0
-$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
+dig_without_opts @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
 grep EXPIRE: dig.out.expire > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

bin/tests/system/chain/tests.sh

@@ -10,8 +10,12 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGOPTS="-p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+dig_with_opts() {
+    $DIG -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" | sed -b -e 's/\r$//'
+}
 SEND="$PERL $SYSTEMTESTTOP/send.pl 10.53.0.4 ${EXTRAPORT1}"
 status=0
 n=0
@@ -19,7 +23,7 @@ n=0
 n=`expr $n + 1`
 echo_i "checking short DNAME from authoritative ($n)"
 ret=0
-$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1
+dig_with_opts a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1
 grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -27,8 +31,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking short DNAME from recursive ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1
 grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -36,7 +40,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking long DNAME from authoritative ($n)"
 ret=0
-$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1
+dig_with_opts a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1
 grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -44,8 +48,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking long DNAME from recursive ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1
 grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -53,7 +57,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking (too) long DNAME from authoritative ($n)"
 ret=0
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1
+dig_with_opts 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1
 grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -61,8 +65,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a > dig.out.ns4.cachedtoolong || ret=1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a > dig.out.ns4.cachedtoolong || ret=1
 grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
 grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -71,8 +75,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a > dig.out.ns4.uncachedtoolong || ret=1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a > dig.out.ns4.uncachedtoolong || ret=1
 grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
 grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -81,7 +85,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to DNAME from authoritative ($n)"
 ret=0
-$DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname
+dig_with_opts cname.example @10.53.0.2 a > dig.out.ns2.cname
 grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -89,8 +93,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to DNAME from recursive"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS cname.example @10.53.0.7 a > dig.out.ns4.cname
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts cname.example @10.53.0.7 a > dig.out.ns4.cname
 grep "status: NOERROR" dig.out.ns4.cname > /dev/null || ret=1
 grep '^cname.example.' dig.out.ns4.cname > /dev/null || ret=1
 grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
@@ -102,8 +106,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 name.synth-then-dname.example.broken A > dig.out.test$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 name.synth-then-dname.example.broken A > dig.out.test$n
 grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
 grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
 grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
@@ -113,8 +117,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 cname-to-synth2-then-dname.example.broken A > dig.out.test$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 cname-to-synth2-then-dname.example.broken A > dig.out.test$n
 grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
 grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-dname\.example\.broken.$' dig.out.test$n > /dev/null || ret=1
 grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
@@ -125,8 +129,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME loops are detected ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 loop.example > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -135,8 +139,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to external delegated zones is handled ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 a.example > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -145,8 +149,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to internal delegated zones is handled ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 b.example > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -155,8 +159,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to signed external delgation is handled ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 c.example > dig.out.$n
 grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i " failed"; fi
 status=`expr $status + $ret`
@@ -164,8 +168,8 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME to signed internal delgation is handled ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 d.example > dig.out.$n
 grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i " failed"; fi
 status=`expr $status + $ret`
@@ -173,39 +177,39 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME chains in various orders ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|1,1,2,2,3,4,s4,s3,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|2,1,3,4,s3,s1,s2,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
 grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.3.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 4 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 4 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.4.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.4.$n 2>&1
 grep 'status: NOERROR' dig.out.4.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.4.$n > /dev/null 2>&1 || ret=1
 echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND
-$RNDCCMD 10.53.0.7 null --- start test$n - step 5 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.5.$n 2>&1
+rndc_with_opts 10.53.0.7 null --- start test$n - step 5 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.5.$n 2>&1
 grep 'status: NOERROR' dig.out.5.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.5.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 6 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 6 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|4,3,3,3,s1,s1,1,3,4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1
 grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -214,12 +218,12 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking that only the initial CNAME is cached ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
 sleep 1
-$DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1
+dig_with_opts +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1
 ttl=`awk '{print $2}' dig.out.2.$n`
 [ "$ttl" -eq 86400 ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -228,56 +232,56 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking DNAME chains in various orders ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 3' dig.out.1.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 3' dig.out.2.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "dname,dname|2,3,s1,s2,s3,s4,1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
 grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking external CNAME/DNAME chains in various orders ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "xname,dname|1,2,3,4,s1,s2,s3,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "xname,dname|s2,2,s1,1,4,s4,3" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
 grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 echo "xname,dname|s2,2,2,2" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
+dig_with_opts @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
 grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "checking explicit DNAME query ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1
 grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -285,9 +289,9 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking DNAME via ANY query ($n)"
 ret=0
-$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1
+rndc_with_opts 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
+dig_with_opts @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1
 grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

bin/tests/system/digdelv/tests.sh

@@ -22,16 +22,16 @@ sendcmd() {
 }
 
 dig_with_opts() {
-    "$DIG" -p "$PORT" "$@"
+    "$DIG" -p "$PORT" "$@" | sed -b -e 's/\r$//'
 }
 
 mdig_with_opts() {
-    "$MDIG" -p "$PORT" "$@"
+    "$MDIG" -p "$PORT" "$@" | sed -b -e 's/\r$//'
 }
 
 # using delv insecure mode as not testing dnssec here
 delv_with_opts() {
-    "$DELV" -i -p "$PORT" "$@"
+    "$DELV" -i -p "$PORT" "$@" | sed -b -e 's/\r$//'
 }
 
 KEYID="$(cat ns2/keyid)"

bin/tests/system/notify/tests.sh

@@ -12,8 +12,17 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+tcp_dig() {
+    $DIG +tcp -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+dig_with_opts() {
+    $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" | sed -b -e 's/\r$//'
+}
 
 status=0
 n=0
@@ -24,10 +33,10 @@ n=0
 for i in 1 2 3 4 5 6 7 8 9 10
 do
 	ret=0
-	$DIG +tcp -p ${PORT} example @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+	tcp_dig example @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
 	grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
 	grep "flags:.* aa[ ;]" dig.out.ns2.test$n > /dev/null || ret=1
-	$DIG +tcp -p ${PORT} example @10.53.0.3 soa > dig.out.ns3.test$n || ret=1
+	tcp_dig example @10.53.0.3 soa > dig.out.ns3.test$n || ret=1
 	grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 	grep "flags:.* aa[ ;]" dig.out.ns3.test$n > /dev/null || ret=1
         nr=`grep 'x[0-9].*sending notify to' ns2/named.run | wc -l`
@@ -39,10 +48,10 @@ done
 n=`expr $n + 1`
 echo_i "checking initial status ($n)"
 ret=0
-$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
 grep "10.0.0.1" dig.out.ns2.test$n > /dev/null || ret=1
 
-$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
 grep "10.0.0.1" dig.out.ns3.test$n > /dev/null || ret=1
 
 digcomp dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
@@ -116,7 +125,7 @@ status=`expr $ret + $status`
 n=`expr $n + 1`
 echo_i "checking example2 loaded ($n)"
 ret=0
-$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
 grep "10.0.0.2" dig.out.ns2.test$n > /dev/null || ret=1
 
 [ $ret = 0 ] || echo_i "failed"
@@ -125,10 +134,10 @@ status=`expr $ret + $status`
 n=`expr $n + 1`
 echo_i "checking example2 contents have been transferred after HUP reload ($n)"
 ret=0
-$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
 grep "10.0.0.2" dig.out.ns2.test$n > /dev/null || ret=1
 
-$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
 grep "10.0.0.2" dig.out.ns3.test$n > /dev/null || ret=1
 
 digcomp dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
@@ -163,7 +172,7 @@ status=`expr $ret + $status`
 n=`expr $n + 1`
 echo_i "checking example4 loaded ($n)"
 ret=0
-$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
 grep "10.0.0.4" dig.out.ns2.test$n > /dev/null || ret=1
 
 [ $ret = 0 ] || echo_i "failed"
@@ -172,10 +181,10 @@ status=`expr $ret + $status`
 n=`expr $n + 1`
 echo_i "checking example4 contents have been transfered after restart ($n)"
 ret=0
-$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+dig_with_opts a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
 grep "10.0.0.4" dig.out.ns2.test$n > /dev/null || ret=1
 
-$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+dig_with_opts a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
 grep "10.0.0.4" dig.out.ns3.test$n > /dev/null || ret=1
 
 digcomp dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
@@ -193,7 +202,7 @@ send
 EOF
 for i in 1 2 3 4 5 6 7 8 9
 do
-	$DIG $DIGOPTS added.x21. @10.53.0.4 txt -p $EXTRAPORT1 > dig.out.ns4.test$n || ret=1
+	dig_with_opts added.x21. @10.53.0.4 txt -p $EXTRAPORT1 > dig.out.ns4.test$n || ret=1
 	grep "test string" dig.out.ns4.test$n > /dev/null && break
 	sleep 1
 done
@@ -215,9 +224,9 @@ EOF
 
 for i in 1 2 3 4 5 6 7 8 9
 do
-	$DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
+	dig_with_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
 		txt > dig.out.b.ns5.test$n || ret=1
-	$DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
+	dig_with_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
 		txt > dig.out.c.ns5.test$n || ret=1
 	grep "test string" dig.out.b.ns5.test$n > /dev/null &&
 	grep "test string" dig.out.c.ns5.test$n > /dev/null &&

bin/tests/system/resolver/tests.sh

@@ -13,9 +13,17 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 echo .
 
-DIGOPTS="-p ${PORT}"
-RESOLVOPTS="-p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+dig_with_opts() {
+    $DIG -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+resolve_with_opts() {
+    $RESOLVE -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
+
+rndc_with_opts() {
+    $RNDC -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@" | sed -b -e 's/\r$//'
+}
 
 status=0
 n=0
@@ -23,7 +31,7 @@ n=0
 n=`expr $n + 1`
 echo_i "checking non-cachable NXDOMAIN response handling ($n)"
 ret=0
-$DIG $DIGOPTS +tcp nxdomain.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp nxdomain.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -32,7 +40,7 @@ if [ -x ${RESOLVE} ] ; then
    n=`expr $n + 1`
    echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)"
    ret=0
-   $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
+   resolve_with_opts -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
    grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
    if [ $ret != 0 ]; then echo_i "failed"; fi
    status=`expr $status + $ret`
@@ -59,7 +67,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking non-cachable NODATA response handling ($n)"
 ret=0
-$DIG $DIGOPTS +tcp nodata.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp nodata.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -68,7 +76,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking non-cachable NODATA response handling using dns_client ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
     grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=`expr $status + $ret`
@@ -77,13 +85,13 @@ fi
 n=`expr $n + 1`
 echo_i "checking handling of bogus referrals ($n)"
 # If the server has the "INSIST(!external)" bug, this query will kill it.
-$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
+dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
 
 if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking handling of bogus referrals using dns_client ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
     grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=`expr $status + $ret`
@@ -91,20 +99,20 @@ fi
 
 n=`expr $n + 1`
 echo_i "check handling of cname + other data / 1 ($n)"
-$DIG $DIGOPTS +tcp cname1.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
+dig_with_opts +tcp cname1.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
 
 n=`expr $n + 1`
 echo_i "check handling of cname + other data / 2 ($n)"
-$DIG $DIGOPTS +tcp cname2.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
+dig_with_opts +tcp cname2.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
 
 n=`expr $n + 1`
 echo_i "check that server is still running ($n)"
-$DIG $DIGOPTS +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
+dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=`expr $status + 1`; }
 
 n=`expr $n + 1`
 echo_i "checking answer IPv4 address filtering (deny) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp www.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -112,7 +120,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking answer IPv6 address filtering (deny) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp www.example.net @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp www.example.net @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
 grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -120,7 +128,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking answer IPv4 address filtering (accept) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp www.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -130,7 +138,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
     grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=`expr $status + $ret`
@@ -139,7 +147,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking answer IPv6 address filtering (accept) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp www.example.org @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp www.example.org @10.53.0.1 aaaa > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -148,7 +156,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
     grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=`expr $status + $ret`
@@ -157,7 +165,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking CNAME target filtering (deny) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp badcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp badcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -165,7 +173,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking CNAME target filtering (accept) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp goodcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp goodcname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -174,7 +182,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking CNAME target filtering using dns_client (accept) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
     grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
     grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -184,7 +192,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking CNAME target filtering (accept due to subdomain) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp cname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp cname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -193,7 +201,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
     grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
     grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -203,7 +211,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking DNAME target filtering (deny) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "DNAME target foo.baddname.example.org denied for foo.baddname.example.net/IN" ns1/named.run >/dev/null || ret=1
 grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -212,7 +220,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking DNAME target filtering (accept) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp foo.gooddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp foo.gooddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -221,7 +229,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking DNAME target filtering using dns_client (accept) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
     grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
     grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -231,7 +239,7 @@ fi
 n=`expr $n + 1`
 echo_i "checking DNAME target filtering (accept due to subdomain) ($n)"
 ret=0
-$DIG $DIGOPTS +tcp www.dname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
+dig_with_opts +tcp www.dname.sub.example.org @10.53.0.1 a > dig.out.ns1.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -240,7 +248,7 @@ if [ -x ${RESOLVE} ] ; then
     n=`expr $n + 1`
     echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
     ret=0
-    $RESOLVE $RESOLVOPTS -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
+    resolve_with_opts -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
     grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
     grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -250,7 +258,7 @@ fi
 n=`expr $n + 1`
 echo_i "check that the resolver accepts a referral response with a non-empty ANSWER section ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
+dig_with_opts @10.53.0.1 foo.glue-in-answer.example.org. A > dig.ns1.out.${n} || ret=1
 grep "status: NOERROR" dig.ns1.out.${n} > /dev/null || ret=1
 grep "foo.glue-in-answer.example.org.*192.0.2.1" dig.ns1.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -260,7 +268,7 @@ n=`expr $n + 1`
 echo_i "RT21594 regression test check setup ($n)"
 ret=0
 # Check that "aa" is not being set by the authoritative server.
-$DIG $DIGOPTS +tcp . @10.53.0.4 soa > dig.ns4.out.${n} || ret=1
+dig_with_opts +tcp . @10.53.0.4 soa > dig.ns4.out.${n} || ret=1
 grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -269,7 +277,7 @@ n=`expr $n + 1`
 echo_i "RT21594 regression test positive answers ($n)"
 ret=0
 # Check that resolver accepts the non-authoritative positive answers.
-$DIG $DIGOPTS +tcp . @10.53.0.5 soa > dig.ns5.out.${n} || ret=1
+dig_with_opts +tcp . @10.53.0.5 soa > dig.ns5.out.${n} || ret=1
 grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -278,7 +286,7 @@ n=`expr $n + 1`
 echo_i "RT21594 regression test NODATA answers ($n)"
 ret=0
 # Check that resolver accepts the non-authoritative nodata answers.
-$DIG $DIGOPTS +tcp . @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
+dig_with_opts +tcp . @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
 grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -287,7 +295,7 @@ n=`expr $n + 1`
 echo_i "RT21594 regression test NXDOMAIN answers ($n)"
 ret=0
 # Check that resolver accepts the non-authoritative positive answers.
-$DIG $DIGOPTS +tcp noexistant @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
+dig_with_opts +tcp noexistant @10.53.0.5 txt > dig.ns5.out.${n} || ret=1
 grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -295,7 +303,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
 ret=0
-$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=1
+dig_with_opts +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=1
 grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
 if [ $ret = 1 ]; then echo_i "mx priming failed"; fi
 $NSUPDATE << EOF
@@ -305,13 +313,13 @@ update delete mail.example.net A
 update add mail.example.net 0 AAAA ::1
 send
 EOF
-$DIG $DIGOPTS +tcp a mail.example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
+dig_with_opts +tcp a mail.example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
 grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
 grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
 if [ $ret = 2 ]; then echo_i "ncache priming failed"; fi
-$DIG $DIGOPTS +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=3
+dig_with_opts +tcp mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=3
 grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
-$DIG $DIGOPTS +tcp rrsig mail.example.net +norec @10.53.0.7 > dig.ns7.out.${n}  || ret=4
+dig_with_opts +tcp rrsig mail.example.net +norec @10.53.0.7 > dig.ns7.out.${n}  || ret=4
 grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
 grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
@@ -323,7 +331,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking that update a nameservers address has immediate effects ($n)"
 ret=0
-$DIG $DIGOPTS +tcp TXT foo.moves @10.53.0.7 > dig.ns7.foo.${n} || ret=1
+dig_with_opts +tcp TXT foo.moves @10.53.0.7 > dig.ns7.foo.${n} || ret=1
 grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
 $NSUPDATE << EOF
 server 10.53.0.7 ${PORT}
@@ -333,7 +341,7 @@ update add ns.server 300 A 10.53.0.4
 send
 EOF
 sleep 1
-$DIG $DIGOPTS +tcp TXT bar.moves @10.53.0.7 > dig.ns7.bar.${n} || ret=1
+dig_with_opts +tcp TXT bar.moves @10.53.0.7 > dig.ns7.bar.${n} || ret=1
 grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
 
 if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
@@ -341,7 +349,7 @@ if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
 n=`expr $n + 1`
 echo_i "checking that update a nameservers glue has immediate effects ($n)"
 ret=0
-$DIG $DIGOPTS +tcp TXT foo.child.server @10.53.0.7 > dig.ns7.foo.${n} || ret=1
+dig_with_opts +tcp TXT foo.child.server @10.53.0.7 > dig.ns7.foo.${n} || ret=1
 grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1
 $NSUPDATE << EOF
 server 10.53.0.7 ${PORT}
@@ -351,7 +359,7 @@ update add ns.child.server 300 A 10.53.0.4
 send
 EOF
 sleep 1
-$DIG $DIGOPTS +tcp TXT bar.child.server @10.53.0.7 > dig.ns7.bar.${n} || ret=1
+dig_with_opts +tcp TXT bar.child.server @10.53.0.7 > dig.ns7.bar.${n} || ret=1
 grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1
 
 if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
@@ -361,59 +369,59 @@ echo_i "checking empty RFC 1918 reverse zones ($n)"
 ret=0
 # Check that "aa" is being set by the resolver for RFC 1918 zones
 # except the one that has been deliberately disabled
-$DIG $DIGOPTS @10.53.0.7 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.7 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
 grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
 # but this one should NOT be authoritative
-$DIG $DIGOPTS @10.53.0.7 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
+dig_with_opts @10.53.0.7 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
 grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
 
 n=`expr $n + 1`
 echo_i "checking that removal of a delegation is honoured ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
+dig_with_opts @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
 grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo_i "priming failed"; }
 cp ns4/tld2.db ns4/tld.db
-($RNDCCMD 10.53.0.4 reload tld 2>&1 ) |
+(rndc_with_opts 10.53.0.4 reload tld 2>&1 ) |
 sed -e '/reload queued/d' -e 's/^/ns4 /' | cat_i
 old=
 for i in 0 1 2 3 4 5 6 7 8 9
 do
 	foo=0
-	$DIG $DIGOPTS @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
-	$DIG $DIGOPTS @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
+	dig_with_opts @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
+	dig_with_opts @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
 	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
 	[ $foo = 0 ] && break
 	$NSUPDATE << EOF
@@ -432,18 +440,18 @@ if [ $ret != 0 ]; then echo_i "failed"; status=1; fi
 n=`expr $n + 1`
 echo_i "check for improved error message with SOA mismatch ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.1 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
+dig_with_opts @10.53.0.1 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
 grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 copy_setports ns7/named2.conf.in ns7/named.conf
-$RNDCCMD 10.53.0.7 reconfig 2>&1 | sed 's/^/ns7 /' | cat_i
+rndc_with_opts 10.53.0.7 reconfig 2>&1 | sed 's/^/ns7 /' | cat_i
 
 n=`expr $n + 1`
 echo_i "check resolution on the listening port ($n)"
 ret=0
-$DIG $DIGOPTS +tcp +tries=2 +time=5 mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
+dig_with_opts +tcp +tries=2 +time=5 mx example.net @10.53.0.7 > dig.ns7.out.${n} || ret=2
 grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
 grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
@@ -452,16 +460,16 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check prefetch (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.1.${n} || ret=1
 ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
 # sleep so we are in prefetch range
 sleep ${ttl1:-0}
 # trigger prefetch
-$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.2.${n} || ret=1
 ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
 sleep 1
 # check that prefetch occured
-$DIG $DIGOPTS @10.53.0.5 fetch.tld txt > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 fetch.tld txt > dig.out.3.${n} || ret=1
 ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}`
 test ${ttl:-0} -gt ${ttl2:-1} || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -470,16 +478,16 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check prefetch of validated DS's RRSIG TTL is updated (${n})"
 ret=0
-$DIG $DIGOPTS +dnssec @10.53.0.5 ds.example.net ds > dig.out.1.${n} || ret=1
+dig_with_opts +dnssec @10.53.0.5 ds.example.net ds > dig.out.1.${n} || ret=1
 ttl1=`awk '$4 == "DS" && $7 == "1" { print $2 - 2 }' dig.out.1.${n}`
 # sleep so we are in prefetch range
 sleep ${ttl1:-0}
 # trigger prefetch
-$DIG $DIGOPTS @10.53.0.5 ds.example.net ds > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 ds.example.net ds > dig.out.2.${n} || ret=1
 ttl1=`awk '$4 == "DS" && $7 == "1" { print $2 }' dig.out.2.${n}`
 sleep 1
 # check that prefetch occured
-$DIG $DIGOPTS @10.53.0.5 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
 dsttl=`awk '$4 == "DS" && $7 == "1" { print $2 }' dig.out.3.${n}`
 sigttl=`awk '$4 == "RRSIG" && $5 == "DS" { print $2 }' dig.out.3.${n}`
 test ${dsttl:-0} -gt ${ttl2:-1} || ret=1
@@ -491,7 +499,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check prefetch disabled (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 fetch.example.net txt > dig.out.1.${n} || ret=1
 ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
 # sleep so we are in expire range
 sleep ${ttl1:-0}
@@ -499,7 +507,7 @@ sleep ${ttl1:-0}
 zerotonine="0 1 2 3 4 5 6 7 8 9"
 for i in $zerotonine $zerotonine $zerotonine $zerotonine
 do
-	$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.2.${n} || ret=1
+	dig_with_opts @10.53.0.7 fetch.example.net txt > dig.out.2.${n} || ret=1
 	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
 	test ${ttl2:-2} -eq 1 && break
 	$PERL -e 'select(undef, undef, undef, 0.05);'
@@ -508,7 +516,7 @@ test ${ttl2:-2} -eq 1 || ret=1
 # delay so that any prefetched record will have a lower ttl than expected
 sleep 3
 # check that prefetch has not occured
-$DIG $DIGOPTS @10.53.0.7 fetch.example.net txt > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.7 fetch.example.net txt > dig.out.3.${n} || ret=1
 ttl=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.3.${n}`
 test ${ttl:-0} -eq ${ttl1:-1} || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -517,25 +525,25 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check prefetch qtype * (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.1.${n} || ret=1
 ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
 # sleep so we are in prefetch range
 sleep ${ttl1:-0}
 # trigger prefetch
-$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.2.${n} || ret=1
 ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
 sleep 1
 # check that the nameserver is still alive
-$DIG $DIGOPTS @10.53.0.5 fetchall.tld any > dig.out.3.${n} || ret=1
+dig_with_opts @10.53.0.5 fetchall.tld any > dig.out.3.${n} || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 n=`expr $n + 1`
 echo_i "check that E was logged on EDNS queries in the query log (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
 grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.5 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
 grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
 grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -545,9 +553,9 @@ n=`expr $n + 1`
 echo_i "check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
 ret=0
 echo "-t aaaa" > .digrc
-env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . > dig.out.1.${n} || ret=1
-env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 . A > dig.out.2.${n} || ret=1
-env HOME=`pwd` $DIG $DIGOPTS @10.53.0.4 -x 127.0.0.1 > dig.out.3.${n} || ret=1
+env HOME=`pwd` dig_with_opts @10.53.0.4 . > dig.out.1.${n} || ret=1
+env HOME=`pwd` dig_with_opts @10.53.0.4 . A > dig.out.2.${n} || ret=1
+env HOME=`pwd` dig_with_opts @10.53.0.4 -x 127.0.0.1 > dig.out.3.${n} || ret=1
 grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
 grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
 grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
@@ -560,10 +568,10 @@ edns=`$FEATURETEST --edns-version`
 n=`expr $n + 1`
 echo_i "check that EDNS version is logged (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
+dig_with_opts @10.53.0.5 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
 grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run > /dev/null || ret=1
 if test ${edns:-0} != 0; then
-    $DIG $DIGOPTS @10.53.0.5 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
+    dig_with_opts @10.53.0.5 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
     grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run > /dev/null || ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -573,9 +581,9 @@ if test ${edns:-0} != 0; then
     n=`expr $n + 1`
     echo_i "check that edns-version is honoured (${n})"
     ret=0
-    $DIG $DIGOPTS @10.53.0.5 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
+    dig_with_opts @10.53.0.5 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
     grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run > /dev/null || ret=1
-    $DIG $DIGOPTS @10.53.0.5 +edns edns-version.tld > dig.out.2.${n} || ret=1
+    dig_with_opts @10.53.0.5 +edns edns-version.tld > dig.out.2.${n} || ret=1
     grep "query: edns-version.tld IN A -E(0)" ns7/named.run > /dev/null || ret=1
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=`expr $status + $ret`
@@ -584,7 +592,7 @@ fi
 n=`expr $n + 1`
 echo_i "check that CNAME nameserver is logged correctly (${n})"
 ret=0
-$DIG $DIGOPTS soa all-cnames @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts soa all-cnames @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -593,7 +601,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that unexpected opcodes are handled correctly (${n})"
 ret=0
-$DIG $DIGOPTS soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
+dig_with_opts soa all-cnames @10.53.0.5 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
 grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
@@ -608,7 +616,7 @@ n=`expr $n + 1`
 echo_i "check that EDNS client subnet with non-zeroed bits is handled correctly (${n})"
 ret=0
 # 0001 (IPv4) 1f (31 significant bits) 00 (0) ffffffff (255.255.255.255)
-$DIG $DIGOPTS soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
+dig_with_opts soa . @10.53.0.5 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
 grep "status: FORMERR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "; EDNS: version:" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -617,7 +625,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that dig +subnet zeros address bits correctly (${n})"
 ret=0
-$DIG $DIGOPTS soa . @10.53.0.5 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
+dig_with_opts soa . @10.53.0.5 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -626,7 +634,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that SOA query returns data for delegation-only apex (${n})"
 ret=0
-$DIG $DIGOPTS soa delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts soa delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -636,7 +644,7 @@ n=`expr $n + 1`
 n=`expr $n + 1`
 echo_i "check that NS query returns data for delegation-only apex (${n})"
 ret=0
-$DIG $DIGOPTS ns delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts ns delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -645,7 +653,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that A query returns data for delegation-only A apex (${n})"
 ret=0
-$DIG $DIGOPTS a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -654,7 +662,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that CDS query returns data for delegation-only apex (${n})"
 ret=0
-$DIG $DIGOPTS cds delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts cds delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -663,7 +671,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that AAAA query returns data for delegation-only AAAA apex (${n})"
 ret=0
-$DIG $DIGOPTS a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts a delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -672,7 +680,7 @@ n=`expr $n + 1`
 
 echo_i "check that DNSKEY query returns data for delegation-only apex (${n})"
 ret=0
-$DIG $DIGOPTS dnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts dnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -681,7 +689,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that CDNSKEY query returns data for delegation-only apex (${n})"
 ret=0
-$DIG $DIGOPTS cdnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts cdnskey delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -690,7 +698,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that NXDOMAIN is returned for delegation-only non-apex A data (${n})"
 ret=0
-$DIG $DIGOPTS a a.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts a a.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -698,7 +706,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that NXDOMAIN is returned for delegation-only non-apex CDS data (${n})"
 ret=0
-$DIG $DIGOPTS cds cds.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts cds cds.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -706,7 +714,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that NXDOMAIN is returned for delegation-only non-apex AAAA data (${n})"
 ret=0
-$DIG $DIGOPTS aaaa aaaa.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts aaaa aaaa.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -714,7 +722,7 @@ n=`expr $n + 1`
 
 echo_i "check that NXDOMAIN is returned for delegation-only non-apex CDNSKEY data (${n})"
 ret=0
-$DIG $DIGOPTS cdnskey cdnskey.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
+dig_with_opts cdnskey cdnskey.delegation-only @10.53.0.5 > dig.out.ns5.test${n} || ret=1
 grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -723,7 +731,7 @@ n=`expr $n + 1`
 echo_i "check zero ttl not returned for learnt non zero ttl records (${n})"
 ret=0
 # use prefetch disabled server
-$DIG $DIGOPTS @10.53.0.7 non-zero.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 non-zero.example.net txt > dig.out.1.${n} || ret=1
 ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
 # sleep so we are in expire range
 sleep ${ttl1:-0}
@@ -732,7 +740,7 @@ zerotonine="0 1 2 3 4 5 6 7 8 9"
 zerotonine="$zerotonine $zerotonine $zerotonine"
 for i in $zerotonine $zerotonine $zerotonine $zerotonine
 do
-	$DIG $DIGOPTS @10.53.0.7 non-zero.example.net txt > dig.out.2.${n} || ret=1
+	dig_with_opts @10.53.0.7 non-zero.example.net txt > dig.out.2.${n} || ret=1
 	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
 	test ${ttl2:-1} -eq 0 && break
 	test ${ttl2:-1} -ge ${ttl1:-0} && break
@@ -746,7 +754,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check zero ttl is returned for learnt zero ttl records (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.7 zero.example.net txt > dig.out.1.${n} || ret=1
+dig_with_opts @10.53.0.7 zero.example.net txt > dig.out.1.${n} || ret=1
 ttl=`awk '/"A" "zero" "ttl"/ { print $2 }' dig.out.1.${n}`
 test ${ttl:-1} -eq 0 || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -755,7 +763,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +ad (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.6 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec > dig.out.$n
+dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec > dig.out.$n
 grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -763,7 +771,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +dnssec (${n})"
 ret=0
-$DIG $DIGOPTS @10.53.0.6 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec > dig.out.$n
+dig_with_opts @10.53.0.6 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec > dig.out.$n
 grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -771,7 +779,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that the resolver accepts a reply with empty question section with TC=1 and retries over TCP ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 truncated.no-questions. a > dig.ns5.out.${n} || ret=1
+dig_with_opts @10.53.0.5 truncated.no-questions. a > dig.ns5.out.${n} || ret=1
 grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
 grep "ANSWER: 1," dig.ns5.out.${n} > /dev/null || ret=1
 grep "1.2.3.4" dig.ns5.out.${n} > /dev/null || ret=1
@@ -781,7 +789,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check that the resolver rejects a reply with empty question section with TC=0 ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 not-truncated.no-questions. a > dig.ns5.out.${n} || ret=1
+dig_with_opts @10.53.0.5 not-truncated.no-questions. a > dig.ns5.out.${n} || ret=1
 grep "status: NOERROR" dig.ns5.out.${n} > /dev/null && ret=1
 grep "ANSWER: 1," dig.ns5.out.${n} > /dev/null && ret=1
 grep "1.2.3.4" dig.ns5.out.${n} > /dev/null && ret=1
@@ -791,7 +799,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "checking SERVFAIL is returned when all authoritative servers return FORMERR ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.5 ns.formerr-to-all. a > dig.ns5.out.${n} || ret=1
+dig_with_opts @10.53.0.5 ns.formerr-to-all. a > dig.ns5.out.${n} || ret=1
 grep "status: SERVFAIL" dig.ns5.out.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

bin/tests/system/rootkeysentinel/tests.sh

@@ -17,7 +17,9 @@ n=0
 
 rm -f dig.out.*
 
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
+dig_with_opts() {
+    $DIG +tcp +noadd +nosea +nostat +nocmd +dnssec -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
 
 newtest() {
 	n=`expr $n + 1`
@@ -34,7 +36,7 @@ newtest() {
 }
 
 newtest "get test ids"
-$DIG $DIGOPTS . dnskey +short +rrcomm @10.53.0.1 > dig.out.ns1.test$n || ret=1
+dig_with_opts . dnskey +short +rrcomm @10.53.0.1 > dig.out.ns1.test$n || ret=1
 oldid=`sed -n 's/.*key id = //p' < dig.out.ns1.test$n`
 oldid=`expr "0000${oldid}" : '.*\(.....\)$'`
 newid=`expr \( ${oldid} + 1000 \) % 65536`
@@ -48,243 +50,243 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check authoritative server (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.2 example SOA > dig.out.ns2.test$n
+dig_with_opts @10.53.0.2 example SOA > dig.out.ns2.test$n
 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check test zone resolves with 'root-key-sentinel yes;'" " (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 example SOA > dig.out.ns3.test$n
+dig_with_opts @10.53.0.3 example SOA > dig.out.ns3.test$n
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with old ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with new ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1
 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with bad ta, CD=1 and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
 grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1
+dig_with_opts @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
 grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check test zone resolves with 'root-key-sentinel no;'" " (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 example SOA > dig.out.ns4.test$n
+dig_with_opts @10.53.0.4 example SOA > dig.out.ns4.test$n
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)"
-$DIG $DIGOPTS @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
 newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)"
-$DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1
+dig_with_opts @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
 grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/sortlist/tests.sh

@@ -12,7 +12,9 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGOPTS="+tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd -p ${PORT}"
+dig_with_opts() {
+    $DIG +tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd -p "${PORT}" "$@" | sed -b -e 's/\r$//'
+}
 
 status=0
 
@@ -26,7 +28,7 @@ a.example.		300	IN	A	1.1.1.3
 a.example.		300	IN	A	1.1.1.2
 a.example.		300	IN	A	1.1.1.4
 EOF
-$DIG $DIGOPTS a.example. @10.53.0.1 -b 10.53.0.1 >test1.dig
+dig_with_opts a.example. @10.53.0.1 -b 10.53.0.1 >test1.dig
 # Note that this can't use digcomp.pl because here, the ordering of the
 # result RRs is significant.
 $DIFF test1.dig test1.good || status=1
@@ -36,13 +38,13 @@ echo_i "test 1-element sortlist statement and undocumented BIND 8 features"
 b.example.		300	IN	A	10.53.0.$n
 EOF
 
-$DIG $DIGOPTS b.example. @10.53.0.1 -b 10.53.0.2 | sed 1q | \
+dig_with_opts b.example. @10.53.0.1 -b 10.53.0.2 | sed 1q | \
         egrep '10.53.0.(2|3)$' > test2.out &&
-$DIG $DIGOPTS b.example. @10.53.0.1 -b 10.53.0.3 | sed 1q | \
+dig_with_opts b.example. @10.53.0.1 -b 10.53.0.3 | sed 1q | \
         egrep '10.53.0.(2|3)$' >> test2.out &&
-$DIG $DIGOPTS b.example. @10.53.0.1 -b 10.53.0.4 | sed 1q | \
+dig_with_opts b.example. @10.53.0.1 -b 10.53.0.4 | sed 1q | \
         egrep '10.53.0.4$' >> test2.out &&
-$DIG $DIGOPTS b.example. @10.53.0.1 -b 10.53.0.5 | sed 1q | \
+dig_with_opts b.example. @10.53.0.1 -b 10.53.0.5 | sed 1q | \
         egrep '10.53.0.5$' >> test2.out || status=1
 
 echo_i "exit status: $status"