diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2011-05-13 01:02:51 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2011-05-13 01:02:51 -0600 |
| commit | 7e7a7183d2b2c4678f8860b6ec97189a2d9e66d0 (patch) | |
| tree | 6fe61de6039179f0844294249ff91e8df9eac7af /bin/tests/system/dnssec/tests.sh | |
| parent | bd475077adb782c3be3b8aff9c7db976a252c607 (diff) | |
| download | bind9-7e7a7183d2b2c4678f8860b6ec97189a2d9e66d0.tar.gz | |
9.8.0
Diffstat (limited to 'bin/tests/system/dnssec/tests.sh')
| -rw-r--r-- | bin/tests/system/dnssec/tests.sh | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 7d223e31..c6518249 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,13 +15,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.73.14.1 2011-02-08 03:44:07 marka Exp $ +# $Id: tests.sh,v 1.73.14.3 2011-02-15 22:06:27 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 -n=0 +n=1 rm -f dig.out.* @@ -1115,5 +1115,45 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking that the NSEC3 record for the apex is properly signed when a DNSKEY is added via UPDATE ($n)" +ret=0 +( +cd ns3 +kskname=`$KEYGEN -q -3 -r ../random.data -fk update-nsec3.example` +( +echo zone update-nsec3.example +echo server 10.53.0.3 5300 +grep DNSKEY ${kskname}.key | sed -e 's/^/update add /' -e 's/IN/300 IN/' +echo send +) | $NSUPDATE +) +$DIG $DIGOPTS +dnssec a update-nsec3.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 +grep "NSEC3 .* TYPE65534" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that the NSEC record is properly generated when DNSKEY are added via auto-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +dnssec a auto-nsec.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 +grep "IN.NSEC[^3].* TYPE65534" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that the NSEC3 record is properly generated when DNSKEY are added via auto-dnssec ($n)" +ret=0 +$DIG $DIGOPTS +dnssec a auto-nsec3.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 +grep "IN.NSEC3 .* TYPE65534" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status |