diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-08 16:41:29 +0000 |
commit | e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca (patch) | |
tree | 65e6bbf5e12c3fe09b43e577f8d1786d06bcd559 /bin/tests/system/redirect/tests.sh | |
parent | Releasing progress-linux version 1:9.18.19-1~deb12u1progress7u1. (diff) | |
download | bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.tar.xz bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.zip |
Merging upstream version 1:9.18.24.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/redirect/tests.sh')
-rw-r--r-- | bin/tests/system/redirect/tests.sh | 382 |
1 files changed, 190 insertions, 192 deletions
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh index 83b90ad..09d40cf 100644 --- a/bin/tests/system/redirect/tests.sh +++ b/bin/tests/system/redirect/tests.sh @@ -21,33 +21,31 @@ n=1 rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" -RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" - -for conf in conf/good*.conf -do - echo_i "checking that $conf is accepted ($n)" - ret=0 - $CHECKCONF "$conf" || ret=1 - n=$((n + 1)) - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status + ret)) +RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s" + +for conf in conf/good*.conf; do + echo_i "checking that $conf is accepted ($n)" + ret=0 + $CHECKCONF "$conf" || ret=1 + n=$((n + 1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) done -for conf in conf/bad*.conf -do - echo_i "checking that $conf is rejected ($n)" - ret=0 - $CHECKCONF "$conf" >/dev/null && ret=1 - n=$((n + 1)) - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status + ret)) +for conf in conf/bad*.conf; do + echo_i "checking that $conf is rejected ($n)" + ret=0 + $CHECKCONF "$conf" >/dev/null && ret=1 + n=$((n + 1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) done echo_i "checking A zone redirect works for nonexist ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -57,7 +55,7 @@ ret=0 rm -f ns2/named.stats 2>/dev/null $RNDCCMD 10.53.0.2 stats || ret=1 PRE=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats) -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1 rm -f ns2/named.stats 2>/dev/null $RNDCCMD 10.53.0.2 stats || ret=1 POST=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats) @@ -68,285 +66,285 @@ status=$((status + ret)) echo_i "checking AAAA zone redirect works for nonexist ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect works for nonexist ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect doesn't work for acl miss ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect doesn't work for acl miss ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect doesn't work for acl miss ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect works for nonexist authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect works for nonexist authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect works for nonexist authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect doesn't work for acl miss authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect doesn't work for acl miss authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect doesn't work for acl miss authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 -grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking zone redirect works (with noerror) when qtype is not found ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1 -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt >dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -354,19 +352,19 @@ status=$((status + ret)) echo_i "checking that redirect zones reload correctly" ret=0 sleep 1 # ensure file mtime will have changed -cat ns2/example.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' > ns2/example.db -cat ns2/redirect.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' > ns2/redirect.db +cat ns2/example.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' >ns2/example.db +cat ns2/redirect.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' >ns2/redirect.db rndc_reload ns2 10.53.0.2 for i in 1 2 3 4 5 6 7 8 9; do - tmp=0 - $DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || tmp=1 - set -- $(cat dig.out.ns1.test$n) - [ $3 = 1 ] || tmp=1 - $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || tmp=1 - grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || tmp=1 - grep "100.100.100.2" dig.out.ns2.test$n > /dev/null || tmp=1 - [ $tmp -eq 0 ] && break - sleep 1 + tmp=0 + $DIG $DIGOPTS +short @10.53.0.2 soa example.nil >dig.out.ns1.test$n || tmp=1 + set -- $(cat dig.out.ns1.test$n) + [ $3 = 1 ] || tmp=1 + $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || tmp=1 + grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || tmp=1 + grep "100.100.100.2" dig.out.ns2.test$n >/dev/null || tmp=1 + [ $tmp -eq 0 ] && break + sleep 1 done [ $tmp -eq 1 ] && ret=1 n=$((n + 1)) @@ -375,9 +373,9 @@ status=$((status + ret)) echo_i "checking A nxdomain-redirect works for nonexist ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -388,9 +386,9 @@ rm -f ns4/named.stats 2>/dev/null $RNDCCMD 10.53.0.4 stats || ret=1 PRE_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats) PRE_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats) -$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -409,138 +407,138 @@ status=$((status + ret)) echo_i "checking ANY nxdomain-redirect works for nonexist ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking A nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking ANY nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 -$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 -grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 -grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking nxdomain-redirect works (with noerror) when qtype is not found ($n)" ret=0 -$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking nxdomain-redirect against authoritative zone ($n)" ret=0 -$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking tld nxdomain-redirect against signed root zone ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns5.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf >dig.out.ns6.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns6.test$n >/dev/null || ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) echo_i "checking extended error is not set on allow-recursion ($n)" ret=0 -$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa > dig.out.ns1.test$n || ret=1 -grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -grep "EDE" dig.out.ns1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa >dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1 +grep "EDE" dig.out.ns1.test$n >/dev/null && ret=1 n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) |