diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2010-10-08 08:23:38 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2010-10-08 08:24:41 -0600 |
| commit | 274f3a9719ec6152a42ab768cbec525395b61a93 (patch) | |
| tree | 8fd52a0aa04ffb14aff08ada57c1d966aec7a43c /bin/tests/system/dnssec/tests.sh | |
| parent | 15e215d7ab303000218156146c6d2e39f1b57b35 (diff) | |
| download | bind9-274f3a9719ec6152a42ab768cbec525395b61a93.tar.gz | |
v9.7.2b1
Diffstat (limited to 'bin/tests/system/dnssec/tests.sh')
| -rw-r--r-- | bin/tests/system/dnssec/tests.sh | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 2389fe57..76bdf4e6 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.55.32.3.8.3 2010/07/15 01:38:15 jinmei Exp $ +# $Id: tests.sh,v 1.55.32.11 2010/07/15 01:26:10 jinmei Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -928,6 +928,48 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking that we can sign a zone with out-of-zone records ($n)" +ret=0 +( +cd signer +RANDFILE=../random.data +zone=example +key1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` +cat example.db.in $key1.key $key2.key > example.db +$SIGNER -o example -f example.db example.db > /dev/null 2>&1 +) || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that we can sign a zone (NSEC3) with out-of-zone records ($n)" +ret=0 +( +cd signer +RANDFILE=../random.data +zone=example +key1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` +cat example.db.in $key1.key $key2.key > example.db +$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1 +grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM" example.db > /dev/null +) || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +# Test that "rndc secroots" is able to dump trusted keys +echo "I:checking rndc secroots ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 secroots 2>&1 | sed 's/^/I:ns1 /' +keyid=`cat ns1/managed.key.id` +linecount=`grep "./RSAMD5/$keyid ; trusted" ns4/named.secroots | wc -l` +[ "$linecount" -eq 1 ] || ret=1 +linecount=`cat ns4/named.secroots | wc -l` +[ "$linecount" -eq 5 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + # Run a minimal update test if possible. This is really just # a regression test for RT #2399; more tests should be added. |