summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/redirect
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:41:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-08 16:41:29 +0000
commite2fc8e037ea6bb5de92b25ec9c12a624737ac5ca (patch)
tree65e6bbf5e12c3fe09b43e577f8d1786d06bcd559 /bin/tests/system/redirect
parentReleasing progress-linux version 1:9.18.19-1~deb12u1progress7u1. (diff)
downloadbind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.tar.xz
bind9-e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca.zip
Merging upstream version 1:9.18.24.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/redirect')
-rw-r--r--bin/tests/system/redirect/ns1/sign.sh8
-rw-r--r--bin/tests/system/redirect/ns2/named.conf.in2
-rw-r--r--bin/tests/system/redirect/ns3/sign.sh8
-rw-r--r--bin/tests/system/redirect/ns5/sign.sh16
-rw-r--r--bin/tests/system/redirect/setup.sh6
-rw-r--r--bin/tests/system/redirect/tests.sh382
6 files changed, 210 insertions, 212 deletions
diff --git a/bin/tests/system/redirect/ns1/sign.sh b/bin/tests/system/redirect/ns1/sign.sh
index 974e6ca..4b1b092 100644
--- a/bin/tests/system/redirect/ns1/sign.sh
+++ b/bin/tests/system/redirect/ns1/sign.sh
@@ -20,9 +20,9 @@ zonefile=signed.db
key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $zone)
-cat $infile $key1.key $key2.key > $zonefile
+cat $infile $key1.key $key2.key >$zonefile
-$SIGNER -P -g -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile >/dev/null
zone=nsec3
infile=example.db
@@ -31,6 +31,6 @@ zonefile=nsec3.db
key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -3 $zone)
key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -3 -fk $zone)
-cat $infile $key1.key $key2.key > $zonefile
+cat $infile $key1.key $key2.key >$zonefile
-$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null
+$SIGNER -P -3 - -g -o $zone $zonefile >/dev/null
diff --git a/bin/tests/system/redirect/ns2/named.conf.in b/bin/tests/system/redirect/ns2/named.conf.in
index 9b88736..881a81f 100644
--- a/bin/tests/system/redirect/ns2/named.conf.in
+++ b/bin/tests/system/redirect/ns2/named.conf.in
@@ -42,7 +42,7 @@ controls {
zone "." {
type hint;
- file "../../common/root.hint";
+ file "../../_common/root.hint";
};
zone "." {
diff --git a/bin/tests/system/redirect/ns3/sign.sh b/bin/tests/system/redirect/ns3/sign.sh
index 974e6ca..4b1b092 100644
--- a/bin/tests/system/redirect/ns3/sign.sh
+++ b/bin/tests/system/redirect/ns3/sign.sh
@@ -20,9 +20,9 @@ zonefile=signed.db
key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $zone)
-cat $infile $key1.key $key2.key > $zonefile
+cat $infile $key1.key $key2.key >$zonefile
-$SIGNER -P -g -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile >/dev/null
zone=nsec3
infile=example.db
@@ -31,6 +31,6 @@ zonefile=nsec3.db
key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -3 $zone)
key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -3 -fk $zone)
-cat $infile $key1.key $key2.key > $zonefile
+cat $infile $key1.key $key2.key >$zonefile
-$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null
+$SIGNER -P -3 - -g -o $zone $zonefile >/dev/null
diff --git a/bin/tests/system/redirect/ns5/sign.sh b/bin/tests/system/redirect/ns5/sign.sh
index ffe4e13..0818d67 100644
--- a/bin/tests/system/redirect/ns5/sign.sh
+++ b/bin/tests/system/redirect/ns5/sign.sh
@@ -21,12 +21,12 @@ zone=signed.
infile=signed.db.in
zonefile=signed.db
-key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null)
-key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null)
+key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2>/dev/null)
+key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2>/dev/null)
-cat $infile $key1.key $key2.key > $zonefile
+cat $infile $key1.key $key2.key >$zonefile
-$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out
+$SIGNER -P -g -O full -o $zone $zonefile >sign.ns5.signed.out
cp signed.db.signed ../ns6
@@ -35,10 +35,10 @@ zone=.
infile=root.db.in
zonefile=root.db
-key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null)
-key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null)
+key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2>/dev/null)
+key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2>/dev/null)
# cat $infile $key1.key $key2.key > $zonefile
-cat $infile dsset-signed. $key1.key $key2.key > $zonefile
+cat $infile dsset-signed. $key1.key $key2.key >$zonefile
-$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out
+$SIGNER -P -g -O full -o $zone $zonefile >sign.ns5.root.out
diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh
index d182469..5022a83 100644
--- a/bin/tests/system/redirect/setup.sh
+++ b/bin/tests/system/redirect/setup.sh
@@ -22,8 +22,8 @@ copy_setports ns6/named.conf.in ns6/named.conf
cp ns2/redirect.db.in ns2/redirect.db
cp ns2/example.db.in ns2/example.db
-( cd ns1 && $SHELL sign.sh )
+(cd ns1 && $SHELL sign.sh)
cp ns4/example.db.in ns4/example.db
-( cd ns3 && $SHELL sign.sh )
-( cd ns5 && $SHELL sign.sh )
+(cd ns3 && $SHELL sign.sh)
+(cd ns5 && $SHELL sign.sh)
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 83b90ad..09d40cf 100644
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -21,33 +21,31 @@ n=1
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
-RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
-
-for conf in conf/good*.conf
-do
- echo_i "checking that $conf is accepted ($n)"
- ret=0
- $CHECKCONF "$conf" || ret=1
- n=$((n + 1))
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s"
+
+for conf in conf/good*.conf; do
+ echo_i "checking that $conf is accepted ($n)"
+ ret=0
+ $CHECKCONF "$conf" || ret=1
+ n=$((n + 1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
done
-for conf in conf/bad*.conf
-do
- echo_i "checking that $conf is rejected ($n)"
- ret=0
- $CHECKCONF "$conf" >/dev/null && ret=1
- n=$((n + 1))
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status + ret))
+for conf in conf/bad*.conf; do
+ echo_i "checking that $conf is rejected ($n)"
+ ret=0
+ $CHECKCONF "$conf" >/dev/null && ret=1
+ n=$((n + 1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
done
echo_i "checking A zone redirect works for nonexist ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -57,7 +55,7 @@ ret=0
rm -f ns2/named.stats 2>/dev/null
$RNDCCMD 10.53.0.2 stats || ret=1
PRE=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats)
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1
rm -f ns2/named.stats 2>/dev/null
$RNDCCMD 10.53.0.2 stats || ret=1
POST=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats)
@@ -68,285 +66,285 @@ status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any >dig.out.ns2.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns2.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect works for nonexist authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect works for nonexist authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect works for nonexist authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect doesn't work for acl miss authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect works for signed nonexist, DO=0 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
-grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any >dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n >/dev/null || ret=1
+grep "100.100.100.2" dig.out.ns1.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking zone redirect works (with noerror) when qtype is not found ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1
-grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt >dig.out.ns2.test$n || ret=1
+grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -354,19 +352,19 @@ status=$((status + ret))
echo_i "checking that redirect zones reload correctly"
ret=0
sleep 1 # ensure file mtime will have changed
-cat ns2/example.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' > ns2/example.db
-cat ns2/redirect.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' > ns2/redirect.db
+cat ns2/example.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' >ns2/example.db
+cat ns2/redirect.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' >ns2/redirect.db
rndc_reload ns2 10.53.0.2
for i in 1 2 3 4 5 6 7 8 9; do
- tmp=0
- $DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || tmp=1
- set -- $(cat dig.out.ns1.test$n)
- [ $3 = 1 ] || tmp=1
- $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || tmp=1
- grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || tmp=1
- grep "100.100.100.2" dig.out.ns2.test$n > /dev/null || tmp=1
- [ $tmp -eq 0 ] && break
- sleep 1
+ tmp=0
+ $DIG $DIGOPTS +short @10.53.0.2 soa example.nil >dig.out.ns1.test$n || tmp=1
+ set -- $(cat dig.out.ns1.test$n)
+ [ $3 = 1 ] || tmp=1
+ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a >dig.out.ns2.test$n || tmp=1
+ grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || tmp=1
+ grep "100.100.100.2" dig.out.ns2.test$n >/dev/null || tmp=1
+ [ $tmp -eq 0 ] && break
+ sleep 1
done
[ $tmp -eq 1 ] && ret=1
n=$((n + 1))
@@ -375,9 +373,9 @@ status=$((status + ret))
echo_i "checking A nxdomain-redirect works for nonexist ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -388,9 +386,9 @@ rm -f ns4/named.stats 2>/dev/null
$RNDCCMD 10.53.0.4 stats || ret=1
PRE_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats)
PRE_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats)
-$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -409,138 +407,138 @@ status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for nonexist ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect works for signed nonexist, DO=0 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
+$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking A nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking AAAA nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking ANY nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)"
ret=0
-$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1
-grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1
-grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 any >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "100.100.100.1" dig.out.ns4.test$n >/dev/null && ret=1
+grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n >/dev/null && ret=1
+grep "IN.NSEC3" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking nxdomain-redirect works (with noerror) when qtype is not found ($n)"
ret=0
-$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking nxdomain-redirect against authoritative zone ($n)"
ret=0
-$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a >dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf >dig.out.ns6.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns6.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking extended error is not set on allow-recursion ($n)"
ret=0
-$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
-grep "EDE" dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
+grep "EDE" dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-14 05:41:39 +0000