diff options
Diffstat (limited to 'bin/tests/system/inline/tests.sh')
| -rw-r--r-- | bin/tests/system/inline/tests.sh | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index dd653cda..27a1329a 100644 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -25,6 +25,24 @@ RANDFILE=random.data status=0 n=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - nsec3 + +for i in 1 2 3 4 5 6 7 8 9 0 +do + nsec3param=`$DIG +short @10.53.0.3 -p 5300 nsec3param nsec3.` + test -n "$nsec3param" && break + sleep 1 +done + +n=`expr $n + 1` +echo "I:checking that rrsigs are replaced with ksk only" +ret=0 +$DIG @10.53.0.3 -p 5300 axfr nsec3. | + awk '/RRSIG NSEC3/ {a[$1]++} END { for (i in a) {if (a[i] != 1) exit (1)}}' || ret=1 +#$DIG @10.53.0.3 -p 5300 axfr nsec3. | grep -w NSEC | grep -v "IN.RRSIG.NSEC" +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + n=`expr $n + 1` echo "I:checking that the zone is signed on initial transfer ($n)" ret=0 @@ -103,6 +121,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo "I:checking negative private type response was properly signed ($n)" ret=0 +sleep 1 $DIG $DIGOPTS @10.53.0.6 -p 5300 bits TYPE65534 > dig.out.ns6.test$n grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns6.test$n > /dev/null || ret=1 @@ -760,6 +779,7 @@ $PERL ../start.pl --noclean --restart . ns3 || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` echo "I:updates to SOA parameters other than serial while stopped are reflected in signed zone ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 @@ -775,4 +795,21 @@ done if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo "I:test add/del zone combinations ($n)" +ret=0 +for zone in a b c d e f g h i j k l m n o p q r s t u v w x y z +do +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone test-$zone \ + '{ type master; file "bits.db.in"; allow-transfer { any; }; };' +$DIG $DIGOPTS @10.53.0.2 -p 5300 test-$zone SOA > dig.out.ns2.$zone.test$n +grep "status: NOERROR," dig.out.ns2.$zone.test$n > /dev/null || { ret=1; cat dig.out.ns2.$zone.test$n; } +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone test-$zone \ + '{ type slave; masters { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone test-$zone +done + +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status |