summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/rndc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/tests/system/rndc/clean.sh33
-rw-r--r--bin/tests/system/rndc/gencheck.c90
-rw-r--r--bin/tests/system/rndc/ns2/incl.db13
-rw-r--r--bin/tests/system/rndc/ns2/named.conf.in65
-rw-r--r--bin/tests/system/rndc/ns2/secondkey.conf21
-rw-r--r--bin/tests/system/rndc/ns3/named.conf.in49
-rw-r--r--bin/tests/system/rndc/ns4/named.conf.in38
-rw-r--r--bin/tests/system/rndc/ns5/named.conf.in35
-rw-r--r--bin/tests/system/rndc/ns6/named.args3
-rw-r--r--bin/tests/system/rndc/ns6/named.conf.in30
-rw-r--r--bin/tests/system/rndc/ns7/include.db.in16
-rw-r--r--bin/tests/system/rndc/ns7/include2.db.in16
-rw-r--r--bin/tests/system/rndc/ns7/named.conf.in58
-rw-r--r--bin/tests/system/rndc/ns7/test.db.in13
-rw-r--r--bin/tests/system/rndc/setup.sh64
-rw-r--r--bin/tests/system/rndc/tests.sh814
-rw-r--r--bin/tests/system/rndc/tests_sh_rndc.py14
17 files changed, 1372 insertions, 0 deletions
diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh
new file mode 100644
index 0000000..d18b5a5
--- /dev/null
+++ b/bin/tests/system/rndc/clean.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+rm -f dig.out.*.test*
+rm -f ns*/named.lock
+rm -f ns*/named.memstats
+rm -f ns*/named.run ns*/named.run.prev
+rm -f ns2/named.stats
+rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl
+rm -f ns2/session.key
+rm -f ns3/named_dump.db*
+rm -f ns4/*.nta
+rm -f ns4/example.db ns4/example.db.jnl
+rm -f ns4/key?.conf
+rm -f ns6/huge.zone.db
+rm -f ns7/include.db ns7/test.db ns7/*.jnl
+rm -f ns7/named_dump.db*
+rm -f ns*/named.conf
+rm -f nsupdate.out.*.test*
+rm -f python.out.*.test*
+rm -f rndc.out.*.test*
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f ns*/*.nta
diff --git a/bin/tests/system/rndc/gencheck.c b/bin/tests/system/rndc/gencheck.c
new file mode 100644
index 0000000..7949b66
--- /dev/null
+++ b/bin/tests/system/rndc/gencheck.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <isc/print.h>
+
+#define USAGE "usage: gencheck <filename>\n"
+
+static int
+check(const char *buf, ssize_t count, size_t *start) {
+ const char chars[] = "abcdefghijklmnopqrstuvwxyz0123456789";
+ ssize_t i;
+
+ for (i = 0; i < count; i++, *start = (*start + 1) % (sizeof(chars) - 1))
+ {
+ /* Just ignore the trailing newline */
+ if (buf[i] == '\n') {
+ continue;
+ }
+ if (buf[i] != chars[*start]) {
+ return (0);
+ }
+ }
+
+ return (1);
+}
+
+int
+main(int argc, char **argv) {
+ int ret;
+ int fd;
+ ssize_t count;
+ char buf[1024];
+ size_t start;
+ size_t length;
+
+ ret = EXIT_FAILURE;
+ fd = -1;
+ length = 0;
+
+ if (argc != 2) {
+ fprintf(stderr, USAGE);
+ goto out;
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd == -1) {
+ goto out;
+ }
+
+ start = 0;
+ while ((count = read(fd, buf, sizeof(buf))) != 0) {
+ if (count < 0) {
+ goto out;
+ }
+
+ if (!check(buf, count, &start)) {
+ goto out;
+ }
+
+ length += count;
+ }
+
+ ret = EXIT_SUCCESS;
+
+out:
+ printf("%lu\n", (unsigned long)length);
+
+ if (fd != -1) {
+ close(fd);
+ }
+
+ return (ret);
+}
diff --git a/bin/tests/system/rndc/ns2/incl.db b/bin/tests/system/rndc/ns2/incl.db
new file mode 100644
index 0000000..bb8b343
--- /dev/null
+++ b/bin/tests/system/rndc/ns2/incl.db
@@ -0,0 +1,13 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; Used for testing $INCLUDE
+$INCLUDE "static.db"
diff --git a/bin/tests/system/rndc/ns2/named.conf.in b/bin/tests/system/rndc/ns2/named.conf.in
new file mode 100644
index 0000000..c3ce3eb
--- /dev/null
+++ b/bin/tests/system/rndc/ns2/named.conf.in
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ session-keyfile "session.key";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ dnssec-validation no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+key secondkey {
+ secret "abcd1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; secondkey; };
+};
+
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "nil" {
+ type primary;
+ update-policy local;
+ file "nil.db";
+ ixfr-from-differences yes;
+};
+
+zone "other" {
+ type primary;
+ update-policy local;
+ file "other.db";
+};
+
+zone "static" {
+ type primary;
+ file "static.db";
+};
+
+zone "incl" {
+ type primary;
+ file "incl.db";
+};
diff --git a/bin/tests/system/rndc/ns2/secondkey.conf b/bin/tests/system/rndc/ns2/secondkey.conf
new file mode 100644
index 0000000..1b6af7b
--- /dev/null
+++ b/bin/tests/system/rndc/ns2/secondkey.conf
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ default-key "secondkey";
+};
+
+key secondkey {
+ secret "abcd1234abcd8765";
+ algorithm hmac-sha256;
+};
diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in
new file mode 100644
index 0000000..ed159b4
--- /dev/null
+++ b/bin/tests/system/rndc/ns3/named.conf.in
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ dnssec-validation no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+key secondkey {
+ secret "abcd1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+view all {
+ match-clients { any; };
+
+ recursion no;
+
+ zone "." {
+ type hint;
+ file "../../common/root.hint";
+ };
+};
+
+view none {
+ match-clients { none; };
+};
diff --git a/bin/tests/system/rndc/ns4/named.conf.in b/bin/tests/system/rndc/ns4/named.conf.in
new file mode 100644
index 0000000..6dc37ec
--- /dev/null
+++ b/bin/tests/system/rndc/ns4/named.conf.in
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.4; };
+ listen-on-v6 { none; };
+ recursion yes;
+ dnssec-validation yes;
+};
+
+view normal {
+ match-clients { any; };
+
+ zone example {
+ type primary;
+ file "example.db";
+ allow-update { any; };
+ };
+};
+
+view "view with a space" {
+ match-clients { none; };
+ zone example {
+ in-view normal;
+ };
+};
diff --git a/bin/tests/system/rndc/ns5/named.conf.in b/bin/tests/system/rndc/ns5/named.conf.in
new file mode 100644
index 0000000..e32fa49
--- /dev/null
+++ b/bin/tests/system/rndc/ns5/named.conf.in
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ recursion no;
+ dnssec-validation no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+ inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; } read-only yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
diff --git a/bin/tests/system/rndc/ns6/named.args b/bin/tests/system/rndc/ns6/named.args
new file mode 100644
index 0000000..331f7f4
--- /dev/null
+++ b/bin/tests/system/rndc/ns6/named.args
@@ -0,0 +1,3 @@
+# teardown of a huge zone with tracing enabled takes way too long
+# -m none is set so that stop.pl does not timeout
+-D rndc-ns6 -X named.lock -m none -c named.conf -d 99 -g -U 4 -T maxcachesize=2097152
diff --git a/bin/tests/system/rndc/ns6/named.conf.in b/bin/tests/system/rndc/ns6/named.conf.in
new file mode 100644
index 0000000..a465a20
--- /dev/null
+++ b/bin/tests/system/rndc/ns6/named.conf.in
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.6; };
+ listen-on-v6 { none; };
+ recursion no;
+ dnssec-validation no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+ inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
diff --git a/bin/tests/system/rndc/ns7/include.db.in b/bin/tests/system/rndc/ns7/include.db.in
new file mode 100644
index 0000000..011997b
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/include.db.in
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 86400 IN SOA ns7 hostmaster 1 5 5 1814400 3600
+@ NS ns7
+ns7 A 10.53.0.7
+
+text1 TXT "include 1"
diff --git a/bin/tests/system/rndc/ns7/include2.db.in b/bin/tests/system/rndc/ns7/include2.db.in
new file mode 100644
index 0000000..e5d1981
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/include2.db.in
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 86400 IN SOA ns7 hostmaster 4 5 5 1814400 3600
+@ NS ns7
+ns7 A 10.53.0.7
+
+text1 TXT "include 2"
diff --git a/bin/tests/system/rndc/ns7/named.conf.in b/bin/tests/system/rndc/ns7/named.conf.in
new file mode 100644
index 0000000..2d4bf7f
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/named.conf.in
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.7; };
+ listen-on-v6 { none; };
+ dnssec-validation no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+key int {
+ algorithm @DEFAULT_HMAC@;
+ secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+};
+
+key ext {
+ algorithm @DEFAULT_HMAC@;
+ secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+};
+
+controls {
+ inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+view internal {
+ match-clients { key "int"; };
+
+ zone "test" {
+ type primary;
+ update-policy { grant int zonesub any; };
+ file "test.db";
+ ixfr-from-differences yes;
+ };
+};
+
+view external {
+ match-clients { key "ext"; };
+
+ zone "test" {
+ in-view internal;
+ };
+};
diff --git a/bin/tests/system/rndc/ns7/test.db.in b/bin/tests/system/rndc/ns7/test.db.in
new file mode 100644
index 0000000..0bff14e
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/test.db.in
@@ -0,0 +1,13 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+$INCLUDE "include.db"
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
new file mode 100644
index 0000000..85d6b73
--- /dev/null
+++ b/bin/tests/system/rndc/setup.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+. ../conf.sh
+
+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/nil.db
+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/other.db
+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/static.db
+
+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db
+
+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db
+
+cp ns7/test.db.in ns7/test.db
+cp ns7/include.db.in ns7/include.db
+
+# we make the huge zone less huge if we're running under
+# TSAN, to give the test a fighting chance not to time out.
+size=1000000
+if $FEATURETEST --tsan; then
+ size=250000
+fi
+awk 'END { for (i = 1; i <= '${size}'; i++)
+ printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db
+
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+copy_setports ns4/named.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
+copy_setports ns7/named.conf.in ns7/named.conf
+
+make_key () {
+ $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
+ > ns4/key${1}.conf 2> /dev/null
+ grep -E -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \
+ sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
+}
+
+$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
+make_key 2 ${EXTRAPORT2} hmac-sha1
+make_key 3 ${EXTRAPORT3} hmac-sha224
+make_key 4 ${EXTRAPORT4} hmac-sha256
+make_key 5 ${EXTRAPORT5} hmac-sha384
+make_key 6 ${EXTRAPORT6} hmac-sha512
+
+cat >> ns4/named.conf <<- EOF
+
+controls {
+ inet 10.53.0.4 port ${EXTRAPORT7}
+ allow { any; } keys { "key1"; "key2"; "key3";
+ "key4"; "key5"; "key6"; };
+};
+EOF
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
new file mode 100644
index 0000000..2afaf8c
--- /dev/null
+++ b/bin/tests/system/rndc/tests.sh
@@ -0,0 +1,814 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+
+. ../conf.sh
+
+DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
+DIGOPTS=""
+DIGCMD="$DIG $DIGOPTS -p ${PORT}"
+RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s"
+
+status=0
+n=0
+
+n=$((n+1))
+echo_i "preparing ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text1.nil. 600 IN TXT "addition 1"
+send
+zone other.
+update add text1.other. 600 IN TXT "addition 1"
+send
+END
+[ -s ns2/nil.db.jnl ] || {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+[ -s ns2/other.db.jnl ] || {
+ echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "rndc freeze"
+$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i
+
+n=$((n+1))
+echo_i "checking zone was dumped ($n)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+ grep "addition 1" ns2/nil.db > /dev/null && break
+ sleep 1
+done
+grep "addition 1" ns2/nil.db > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking journal file is still present ($n)"
+ret=0
+[ -s ns2/nil.db.jnl ] || {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking zone not writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END && ret=1
+server 10.53.0.2
+zone nil.
+update add text2.nil. 600 IN TXT "addition 2"
+send
+END
+
+$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n || ret=1
+grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "rndc thaw"
+$RNDCCMD 10.53.0.2 thaw | sed 's/^/ns2 /' | cat_i
+
+n=$((n+1))
+echo_i "checking zone now writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text3.nil. 600 IN TXT "addition 3"
+send
+END
+$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n || ret=1
+grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "rndc sync"
+ret=0
+$RNDCCMD 10.53.0.2 sync nil | sed 's/^/ns2 /' | cat_i
+
+n=$((n+1))
+echo_i "checking zone was dumped ($n)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+ grep "addition 3" ns2/nil.db > /dev/null && break
+ sleep 1
+done
+grep "addition 3" ns2/nil.db > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking journal file is still present ($n)"
+ret=0
+[ -s ns2/nil.db.jnl ] || {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking zone is still writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text4.nil. 600 IN TXT "addition 4"
+send
+END
+
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1
+grep 'addition 4' dig.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "rndc sync -clean"
+ret=0
+$RNDCCMD 10.53.0.2 sync -clean nil | sed 's/^/ns2 /' | cat_i
+
+n=$((n+1))
+echo_i "checking zone was dumped ($n)"
+ret=0
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+ grep "addition 4" ns2/nil.db > /dev/null && break
+ sleep 1
+done
+grep "addition 4" ns2/nil.db > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking journal file is deleted ($n)"
+ret=0
+[ -s ns2/nil.db.jnl ] && {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking zone is still writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > /dev/null 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text5.nil. 600 IN TXT "addition 5"
+send
+END
+
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1
+grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking other journal files not removed ($n)"
+ret=0
+[ -s ns2/other.db.jnl ] || {
+ echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "cleaning all zones ($n)"
+$RNDCCMD 10.53.0.2 sync -clean | sed 's/^/ns2 /' | cat_i
+
+n=$((n+1))
+echo_i "checking all journals removed ($n)"
+ret=0
+[ -s ns2/nil.db.jnl ] && {
+ echo_i "'test -s ns2/nil.db.jnl' succeeded when it shouldn't have"; ret=1;
+}
+[ -s ns2/other.db.jnl ] && {
+ echo_i "'test -s ns2/other.db.jnl' succeeded when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking that freezing static zones is not allowed ($n)"
+ret=0
+$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1 && ret=1
+grep 'not dynamic' rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking that journal is removed when serial is changed before thaw ($n)"
+ret=0
+sleep 1
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone other.
+update add text6.other. 600 IN TXT "addition 6"
+send
+END
+[ -s ns2/other.db.jnl ] || {
+ echo_i "'test -s ns2/other.db.jnl' failed when it shouldn't have"; ret=1;
+}
+$RNDCCMD 10.53.0.2 freeze other 2>&1 | sed 's/^/ns2 /' | cat_i
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+ grep "addition 6" ns2/other.db > /dev/null && break
+ sleep 1
+done
+serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db)
+newserial=$((serial + 1))
+sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new
+echo 'frozen TXT "frozen addition"' >> ns2/other.db.new
+mv -f ns2/other.db.new ns2/other.db
+$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i
+sleep 1
+[ -f ns2/other.db.jnl ] && {
+ echo_i "'test -f ns2/other.db.jnl' succeeded when it shouldn't have"; ret=1;
+}
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.2.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone other.
+update add text7.other. 600 IN TXT "addition 7"
+send
+END
+$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n || ret=1
+grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1
+$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n || ret=1
+grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1
+$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n || ret=1
+grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking that journal is kept when ixfr-from-differences is in use ($n)"
+ret=0
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.1.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text6.nil. 600 IN TXT "addition 6"
+send
+END
+[ -s ns2/nil.db.jnl ] || {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+$RNDCCMD 10.53.0.2 freeze nil 2>&1 | sed 's/^/ns2 /' | cat_i
+for i in 1 2 3 4 5 6 7 8 9 10
+do
+ grep "addition 6" ns2/nil.db > /dev/null && break
+ sleep 1
+done
+serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db)
+newserial=$((serial + 1))
+sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new
+echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new
+mv -f ns2/nil.db.new ns2/nil.db
+$RNDCCMD 10.53.0.2 thaw 2>&1 | sed 's/^/ns2 /' | cat_i
+sleep 1
+[ -s ns2/nil.db.jnl ] || {
+ echo_i "'test -s ns2/nil.db.jnl' failed when it shouldn't have"; ret=1;
+}
+$NSUPDATE -p ${PORT} -k ns2/session.key > nsupdate.out.2.test$n 2>&1 <<END || ret=1
+server 10.53.0.2
+zone nil.
+update add text7.nil. 600 IN TXT "addition 7"
+send
+END
+$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n || ret=1
+grep 'addition 6' dig.out.1.test$n > /dev/null || ret=1
+$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n || ret=1
+grep 'addition 7' dig.out.2.test$n > /dev/null || ret=1
+$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n || ret=1
+grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+# temp test
+echo_i "dumping stats ($n)"
+$RNDCCMD 10.53.0.2 stats
+n=$((n+1))
+echo_i "verifying adb records in named.stats ($n)"
+grep "ADB stats" ns2/named.stats > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test using second key ($n)"
+ret=0
+$RNDC -s 10.53.0.2 -p ${CONTROLPORT} -c ns2/secondkey.conf status > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test 'rndc dumpdb' on a empty cache ($n)"
+ret=0
+rndc_dumpdb ns3 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test 'rndc reload' on a zone with include files ($n)"
+ret=0
+grep "incl/IN: skipping load" ns2/named.run > /dev/null && ret=1
+loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
+[ "$loads" -eq 1 ] || ret=1
+$RNDCCMD 10.53.0.2 reload > /dev/null || ret=1
+for i in 1 2 3 4 5 6 7 8 9
+do
+ tmp=0
+ grep "incl/IN: skipping load" ns2/named.run > /dev/null || tmp=1
+ [ $tmp -eq 0 ] && break
+ sleep 1
+done
+[ $tmp -eq 1 ] && ret=1
+touch ns2/static.db
+$RNDCCMD 10.53.0.2 reload > /dev/null || ret=1
+for i in 1 2 3 4 5 6 7 8 9
+do
+ tmp=0
+ loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l)
+ [ "$loads" -eq 2 ] || tmp=1
+ [ $tmp -eq 0 ] && break
+ sleep 1
+done
+[ $tmp -eq 1 ] && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+if $FEATURETEST --md5; then
+ echo_i "testing rndc with hmac-md5 ($n)"
+ ret=0
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
+ for i in 2 3 4 5 6
+ do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+ done
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+else
+ echo_i "skipping rndc with hmac-md5 ($n)"
+fi
+
+n=$((n+1))
+echo_i "testing rndc with hmac-sha1 ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key2.conf status > /dev/null 2>&1 || ret=1
+for i in 1 3 4 5 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT2} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with hmac-sha224 ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key3.conf status > /dev/null 2>&1 || ret=1
+for i in 1 2 4 5 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT3} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with hmac-sha256 ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key4.conf status > /dev/null 2>&1 || ret=1
+for i in 1 2 3 5 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT4} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with hmac-sha384 ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key5.conf status > /dev/null 2>&1 || ret=1
+for i in 1 2 3 4 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT5} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with hmac-sha512 ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > /dev/null 2>&1 || ret=1
+for i in 1 2 3 4 5
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key${i}.conf status > /dev/null 2>&1 2>&1 && ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing single control channel with multiple algorithms ($n)"
+ret=0
+for i in 1 2 3 4 5 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing automatic zones are reported ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n || ret=1
+grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with null command ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with unknown control channel command ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf obviouslynotacommand >/dev/null 2>&1 && ret=1
+# rndc: 'obviouslynotacommand' failed: unknown command
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with querylog command ($n)"
+ret=0
+# first enable it with querylog on option
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog on >/dev/null 2>&1 || ret=1
+grep "query logging is now on" ns4/named.run > /dev/null || ret=1
+# query for builtin and check if query was logged (without +subnet)
+$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo12345.bind +qr > dig.out.1.test$n 2>&1 || ret=1
+grep "query: foo12345.bind CH TXT.*(.*)$" ns4/named.run > /dev/null || ret=1
+# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1)
+$DIG +subnet=127.0.0.1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12346.bind +qr > dig.out.2.test$n 2>&1 || ret=1
+grep "query: foo12346.bind CH TXT.*\[ECS 127\.0\.0\.1/32/0]" ns4/named.run > /dev/null || ret=1
+# query for another builtin zone and check if query was logged (with +subnet=127.0.0.1/24)
+$DIG +subnet=127.0.0.1/24 @10.53.0.4 -p ${PORT} -c ch -t txt foo12347.bind +qr > dig.out.3.test$n 2>&1 || ret=1
+grep "query: foo12347.bind CH TXT.*\[ECS 127\.0\.0\.0/24/0]" ns4/named.run > /dev/null || ret=1
+# query for another builtin zone and check if query was logged (with +subnet=::1)
+$DIG +subnet=::1 @10.53.0.4 -p ${PORT} -c ch -t txt foo12348.bind +qr > dig.out.4.test$n 2>&1 || ret=1
+grep "query: foo12348.bind CH TXT.*\[ECS ::1/128/0]" ns4/named.run > /dev/null || ret=1
+# toggle query logging and check again
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf querylog > /dev/null 2>&1 || ret=1
+grep "query logging is now off" ns4/named.run > /dev/null || ret=1
+# query for another builtin zone and check if query was logged (without +subnet)
+$DIG @10.53.0.4 -p ${PORT} -c ch -t txt foo9876.bind +qr > dig.out.5.test$n 2>&1 || ret=1
+grep "query: foo9876.bind CH TXT.*(.*)$" ns4/named.run > /dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+RNDCCMD4="$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf"
+n=$((n+1))
+echo_i "testing rndc nta time limits ($n)"
+ret=0
+$RNDCCMD4 nta -l 2h nta1.example > rndc.out.1.test$n 2>&1
+grep "Negative trust anchor added" rndc.out.1.test$n > /dev/null || ret=1
+$RNDCCMD4 nta -l 1d nta2.example > rndc.out.2.test$n 2>&1
+grep "Negative trust anchor added" rndc.out.2.test$n > /dev/null || ret=1
+$RNDCCMD4 nta -l 1w nta3.example > rndc.out.3.test$n 2>&1
+grep "Negative trust anchor added" rndc.out.3.test$n > /dev/null || ret=1
+$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1 && ret=1
+grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc nta -class option ($n)"
+ret=0
+nextpart ns4/named.run > /dev/null
+$RNDCCMD4 nta -c in nta1.example > rndc.out.1.test$n 2>&1
+nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1
+$RNDCCMD4 nta -c any nta1.example > rndc.out.2.test$n 2>&1
+nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1
+$RNDCCMD4 nta -c ch nta1.example > rndc.out.3.test$n 2>&1
+nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1
+$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1 && ret=1
+nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1
+grep 'unknown class' rndc.out.4.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+for i in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288
+do
+ n=$((n+1))
+ echo_i "testing rndc buffer size limits (size=${i}) ($n)"
+ ret=0
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 > rndc.out.$i.test$n || ret=1
+ { actual_size=$($GENCHECK rndc.out.$i.test$n); rc=$?; } || true
+ if [ "$rc" = "0" ]; then
+ expected_size=$((i+1))
+ if [ $actual_size != $expected_size ]; then ret=1; fi
+ else
+ ret=1
+ fi
+
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+done
+
+n=$((n+1))
+echo_i "testing rndc -r (show result) ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r testgen 0 2>&1 > rndc.out.1.test$n || ret=1
+grep "ISC_R_SUCCESS 0" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing rndc with a token containing a space ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf -r flush '"view with a space"' 2>&1 > rndc.out.1.test$n || ret=1
+grep "not found" rndc.out.1.test$n > /dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test 'rndc reconfig' with a broken config ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > /dev/null || ret=1
+sleep 1
+mv ns4/named.conf ns4/named.conf.save
+echo "error error error" >> ns4/named.conf
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > rndc.out.1.test$n 2>&1 && ret=1
+grep "rndc: 'reconfig' failed: unexpected token" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check rndc status reports failure ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n 2>&1 || ret=1
+grep "reload/reconfig failed" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "restore working config ($n)"
+ret=0
+mv ns4/named.conf.save ns4/named.conf
+sleep 1
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf reconfig > /dev/null || ret=1
+sleep 1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc status' 'reload/reconfig failure' is cleared after successful reload/reconfig ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n 2>&1 || ret=1
+grep "reload/reconfig failed" rndc.out.1.test$n > /dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test read-only control channel access ($n)"
+ret=0
+$RNDCCMD 10.53.0.5 status > rndc.out.1.test$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.5 nta -dump > rndc.out.2.test$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.5 reconfig > rndc.out.3.test$n 2>&1 && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test rndc status shows running on ($n)"
+ret=0
+$RNDCCMD 10.53.0.5 status > rndc.out.1.test$n 2>&1 || ret=1
+grep "^running on " rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "test 'rndc reconfig' with loading of a large zone ($n)"
+ret=0
+nextpart ns6/named.run > /dev/null
+cp ns6/named.conf ns6/named.conf.save
+echo "zone \"huge.zone\" { type primary; file \"huge.zone.db\"; };" >> ns6/named.conf
+echo_i "reloading config"
+$RNDCCMD 10.53.0.6 reconfig > rndc.out.1.test$n 2>&1 || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+sleep 1
+
+n=$((n+1))
+echo_i "check if zone load was scheduled ($n)"
+wait_for_log_peek 20 "scheduled loading new zones" ns6/named.run || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check if query for the zone returns SERVFAIL ($n)"
+$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n
+grep "SERVFAIL" dig.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed (ignored)"; ret=0; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "wait for the zones to be loaded ($n)"
+wait_for_log_peek 60 "huge.zone/IN: loaded serial" ns6/named.run || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check if query for the zone returns NOERROR ($n)"
+$DIG @10.53.0.6 -p ${PORT} -t soa huge.zone > dig.out.1.test$n
+grep "NOERROR" dig.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "verify that the full command is logged ($n)"
+ret=0
+$RNDCCMD 10.53.0.2 null with extra arguments > /dev/null 2>&1
+grep "received control channel command 'null with extra arguments'" ns2/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+mv ns6/named.conf.save ns6/named.conf
+sleep 1
+$RNDCCMD 10.53.0.6 reconfig > /dev/null || ret=1
+sleep 1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc \"\"' is handled ($n)"
+ret=0
+$RNDCCMD 10.53.0.2 "" > rndc.out.1.test$n 2>&1 && ret=1
+grep "rndc: '' failed: failure" rndc.out.1.test$n > /dev/null
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check rndc -4 -6 ($n)"
+ret=0
+$RNDCCMD 10.53.0.2 -4 -6 status > rndc.out.1.test$n 2>&1 && ret=1
+grep "only one of -4 and -6 allowed" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check rndc -4 with an IPv6 server address ($n)"
+ret=0
+$RNDCCMD fd92:7065:b8e:ffff::2 -4 status > rndc.out.1.test$n 2>&1 && ret=1
+grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check rndc nta reports adding to multiple views ($n)"
+ret=0
+$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1
+lines=$(cat rndc.out.test$n | wc -l)
+[ ${lines:-0} -eq 2 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc retransfer' of primary error message ($n)"
+ret=0
+$RNDCCMD 10.53.0.2 retransfer nil > rndc.out.test$n 2>&1 && ret=1
+grep "rndc: 'retransfer' failed: failure" rndc.out.test$n > /dev/null || ret=1
+grep "retransfer: inappropriate zone type: primary" rndc.out.test$n > /dev/null || ret=1
+lines=$(cat rndc.out.test$n | wc -l)
+[ ${lines:-0} -eq 2 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc freeze' with in-view zones works ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze > rndc.out.test$n 2>&1 || ret=1
+test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking non in-view zone instance is not writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} > /dev/null 2>&1 <<END && ret=1
+server 10.53.0.4
+zone example.
+update add text2.example. 600 IN TXT "addition 3"
+send
+END
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1
+grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc thaw' with in-view zones works ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw > rndc.out.test$n 2>&1 || ret=1
+test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking non in-view zone instance is now writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} > nsupdate.out.test$n 2>&1 <<END || ret=1
+server 10.53.0.4
+zone example.
+update add text2.example. 600 IN TXT "addition 3"
+send
+END
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1
+grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking initial in-view zone file is loaded ($n)"
+ret=0
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1
+grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
+TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1
+grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "update in-view zone ($n)"
+ret=0
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 <<END || ret=1
+server 10.53.0.7
+zone test.
+update add text2.test. 600 IN TXT "addition 1"
+send
+END
+[ -s ns7/test.db.jnl ] || {
+ echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "checking update ($n)"
+ret=0
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n || ret=1
+grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+nextpart ns7/named.run > /dev/null
+
+echo_i "rndc freeze"
+$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i
+
+wait_for_log 3 "dump_done: zone test/IN/internal: enter" ns7/named.run
+
+echo_i "edit zone files"
+cp ns7/test.db.in ns7/test.db
+cp ns7/include2.db.in ns7/include.db
+
+echo_i "rndc thaw"
+$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i
+
+wait_for_log 3 "zone_postload: zone test/IN/internal: done" ns7/named.run
+
+echo_i "rndc reload"
+$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i
+
+wait_for_log 3 "all zones loaded" ns7/named.run
+
+n=$((n+1))
+echo_i "checking zone file edits are loaded ($n)"
+ret=0
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1
+grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
+TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1
+grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/bin/tests/system/rndc/tests_sh_rndc.py b/bin/tests/system/rndc/tests_sh_rndc.py
new file mode 100644
index 0000000..ac6a4dc
--- /dev/null
+++ b/bin/tests/system/rndc/tests_sh_rndc.py
@@ -0,0 +1,14 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+
+def test_rndc(run_tests_sh):
+ run_tests_sh()