ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
2bb454182bb499990e191e098a8a33082c672a94
bind9/bin/tests/system/conf.sh.in
Matthijs Mekking 56262db9cd Add checkds system test 
Add a Pytest based system test for the 'checkds' feature. There is
one nameserver (ns9, because it should be started the latest) that
has configured several zones with dnssec-policy. The zones are set
in such a state that they are waiting for DS publication or DS
withdrawal.

Then several other name servers act as parent servers that either have
the DS for these published, or not. Also one server in the mix is
to test a badly configured parental-agent.

There are tests for DS publication, DS publication error handling,
DS withdrawal and DS withdrawal error handling.

The tests ensures that the zone is DNSSEC valid, and that the
DSPublish/DSRemoved key metadata is set (or not in case of the error
handling).

It does not test if the rollover continues, this is already tested in
the kasp system test (that uses 'rndc -dnssec checkds' to set the
DSPublish/DSRemoved key metadata).
2021-06-30 17:28:48 +02:00

149 lines
4.2 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
#
# Common configuration data for system tests, to be sourced into
# other shell scripts.
#
# Find the top of the BIND9 tree.
TOP_BUILDDIR=@abs_top_builddir@
TOP_SRCDIR=@abs_top_srcdir@
# Provide TMPDIR variable for tests that need it.
TMPDIR=${TMPDIR:-/tmp}
# This is not the windows build.
CYGWIN=""
# Load common values
. $TOP_SRCDIR/bin/tests/system/conf.sh.common
ARPANAME=$TOP_BUILDDIR/bin/tools/arpaname
CDS=$TOP_BUILDDIR/bin/dnssec/dnssec-cds
CHECKCONF=$TOP_BUILDDIR/bin/check/named-checkconf
CHECKZONE=$TOP_BUILDDIR/bin/check/named-checkzone
DELV=$TOP_BUILDDIR/bin/delv/delv
DIG=$TOP_BUILDDIR/bin/dig/dig
DNSTAPREAD=$TOP_BUILDDIR/bin/tools/dnstap-read
DSFROMKEY=$TOP_BUILDDIR/bin/dnssec/dnssec-dsfromkey
FEATURETEST=$TOP_BUILDDIR/bin/tests/system/feature-test
FSTRM_CAPTURE=@FSTRM_CAPTURE@
HOST=$TOP_BUILDDIR/bin/dig/host
IMPORTKEY=$TOP_BUILDDIR/bin/dnssec/dnssec-importkey
JOURNALPRINT=$TOP_BUILDDIR/bin/tools/named-journalprint
KEYFRLAB=$TOP_BUILDDIR/bin/dnssec/dnssec-keyfromlabel
KEYGEN=$TOP_BUILDDIR/bin/dnssec/dnssec-keygen
MDIG=$TOP_BUILDDIR/bin/tools/mdig
NAMED=$TOP_BUILDDIR/bin/named/named
NSEC3HASH=$TOP_BUILDDIR/bin/tools/nsec3hash
NSLOOKUP=$TOP_BUILDDIR/bin/dig/nslookup
NSUPDATE=$TOP_BUILDDIR/bin/nsupdate/nsupdate
NZD2NZF=$TOP_BUILDDIR/bin/tools/named-nzd2nzf
PK11DEL="$TOP_BUILDDIR/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
PK11GEN="$TOP_BUILDDIR/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
PK11LIST="$TOP_BUILDDIR/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
RESOLVE=$TOP_BUILDDIR/bin/tests/system/resolve
REVOKE=$TOP_BUILDDIR/bin/dnssec/dnssec-revoke
RNDC=$TOP_BUILDDIR/bin/rndc/rndc
RNDCCONFGEN=$TOP_BUILDDIR/bin/confgen/rndc-confgen
RRCHECKER=$TOP_BUILDDIR/bin/tools/named-rrchecker
SETTIME=$TOP_BUILDDIR/bin/dnssec/dnssec-settime
SIGNER=$TOP_BUILDDIR/bin/dnssec/dnssec-signzone
TSIGKEYGEN=$TOP_BUILDDIR/bin/confgen/tsig-keygen
VERIFY=$TOP_BUILDDIR/bin/dnssec/dnssec-verify
WIRETEST=$TOP_BUILDDIR/bin/tests/wire_test
BIGKEY=$TOP_BUILDDIR/bin/tests/system/rsabigexponent/bigkey
GENCHECK=$TOP_BUILDDIR/bin/tests/system/rndc/gencheck
KEYCREATE=$TOP_BUILDDIR/bin/tests/system/tkey/keycreate
KEYDELETE=$TOP_BUILDDIR/bin/tests/system/tkey/keydelete
MAKEJOURNAL=$TOP_BUILDDIR/bin/tests/system/makejournal
PIPEQUERIES=$TOP_BUILDDIR/bin/tests/system/pipelined/pipequeries
# we don't want a KRB5_CONFIG setting breaking the tests
KRB5_CONFIG=/dev/null
# use local keytab instead of default /etc/krb5.keytab
KRB5_KTNAME=dns.keytab
#
# Construct the lists of tests to run
#
SEQUENTIAL_UNIX="@PKCS11_TEST@"
SEQUENTIALDIRS="$SEQUENTIAL_COMMON $SEQUENTIAL_UNIX"
PARALLEL_UNIX="@DNSTAP@
chain
checkds
cookie
dlzexternal
dnssec
dyndb
filter-aaaa
kasp
keymgr2kasp
legacy
logfileconfig
nzd2nzf
pipelined
qmin
shutdown
tcp"
PARALLELDIRS="$PARALLEL_COMMON $PARALLEL_UNIX"
SUBDIRS="$SEQUENTIALDIRS $PARALLELDIRS"
# Things that are different on Windows
KILL=kill
DIFF=diff
DOS2UNIX=true
# There's no trailing period on Windows
TP=.
# Use the CONFIG_SHELL detected by configure for tests
SHELL=@SHELL@
# CURL will be empty if no program was found by configure
CURL=@CURL@
# XMLLINT will be empty if no program was found by configure
XMLLINT=@XMLLINT@
# XSLTPROC will be empty if no program was found by configure
XSLTPROC=@XSLTPROC@
# PERL will be an empty string if no perl interpreter was found.
PERL=$(command -v "@PERL@")
# Windows process management leave empty
PSSUSPEND=
PYTHON=$(command -v "@PYTHON@" || true)
PYTEST=@PYTEST@
#
# Determine if we support various optional features.
#
LIBXML2_LIBS="@LIBXML2_LIBS@"
HAVEXMLSTATS=${LIBXML2_LIBS:+1}
JSON_C_LIBS="@JSON_C_LIBS@"
HAVEJSONSTATS=${JSON_C_LIBS:+1}
MAXMINDDB_LIBS="@MAXMINDDB_LIBS@"
HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
ZLIB_LIBS="@ZLIB_LIBS@"
HAVEZLIB=${ZLIB_LIBS:+1}
LMDB_LIBS="@LMDB_LIBS@"
NZD=${LMDB_LIBS:+1}
CRYPTO=@CRYPTO@
export HAVEXMLSTATS HAVEJSONSTATS
View Git Blame Copy Permalink