From e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 8 Apr 2024 18:41:29 +0200 Subject: Merging upstream version 1:9.18.24. Signed-off-by: Daniel Baumann --- bin/tests/system/rootkeysentinel/ns1/sign.sh | 8 +- bin/tests/system/rootkeysentinel/ns2/sign.sh | 22 +-- bin/tests/system/rootkeysentinel/tests.sh | 208 +++++++++++++-------------- 3 files changed, 119 insertions(+), 119 deletions(-) (limited to 'bin/tests/system/rootkeysentinel') diff --git a/bin/tests/system/rootkeysentinel/ns1/sign.sh b/bin/tests/system/rootkeysentinel/ns1/sign.sh index 0f20053..dd33bd9 100644 --- a/bin/tests/system/rootkeysentinel/ns1/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns1/sign.sh @@ -20,16 +20,16 @@ zonefile=root.db keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) keyid=$(expr ${keyname} : 'K.+[0-9][0-9][0-9]+\(.*\)') -(cd ../ns2 && $SHELL sign.sh ${keyid:-00000} ) +(cd ../ns2 && $SHELL sign.sh ${keyid:-00000}) cp ../ns2/dsset-example. . -cat $infile $keyname.key > $zonefile +cat $infile $keyname.key >$zonefile -$SIGNER -P -g -o $zone $zonefile > /dev/null +$SIGNER -P -g -o $zone $zonefile >/dev/null # Configure the resolving server with a static key. -keyfile_to_static_ds $keyname > trusted.conf +keyfile_to_static_ds $keyname >trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/rootkeysentinel/ns2/sign.sh b/bin/tests/system/rootkeysentinel/ns2/sign.sh index 3e48f8a..456c96f 100644 --- a/bin/tests/system/rootkeysentinel/ns2/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns2/sign.sh @@ -26,15 +26,15 @@ keyname1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) keyname2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) cat $infile $keyname1.key $keyname2.key >$zonefile -echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile -echo root-key-sentinel-not-ta-$oldid A 10.53.0.2 >> $zonefile -echo root-key-sentinel-is-ta-$newid A 10.53.0.3 >> $zonefile -echo root-key-sentinel-not-ta-$newid A 10.53.0.4 >> $zonefile -echo old-is-ta CNAME root-key-sentinel-is-ta-$oldid >> $zonefile -echo old-not-ta CNAME root-key-sentinel-not-ta-$oldid >> $zonefile -echo new-is-ta CNAME root-key-sentinel-is-ta-$newid >> $zonefile -echo new-not-ta CNAME root-key-sentinel-not-ta-$newid >> $zonefile -echo bad-is-ta CNAME root-key-sentinel-is-ta-$badid >> $zonefile -echo bad-not-ta CNAME root-key-sentinel-not-ta-$badid >> $zonefile +echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >>$zonefile +echo root-key-sentinel-not-ta-$oldid A 10.53.0.2 >>$zonefile +echo root-key-sentinel-is-ta-$newid A 10.53.0.3 >>$zonefile +echo root-key-sentinel-not-ta-$newid A 10.53.0.4 >>$zonefile +echo old-is-ta CNAME root-key-sentinel-is-ta-$oldid >>$zonefile +echo old-not-ta CNAME root-key-sentinel-not-ta-$oldid >>$zonefile +echo new-is-ta CNAME root-key-sentinel-is-ta-$newid >>$zonefile +echo new-not-ta CNAME root-key-sentinel-not-ta-$newid >>$zonefile +echo bad-is-ta CNAME root-key-sentinel-is-ta-$badid >>$zonefile +echo bad-not-ta CNAME root-key-sentinel-not-ta-$badid >>$zonefile -$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null +$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 >/dev/null diff --git a/bin/tests/system/rootkeysentinel/tests.sh b/bin/tests/system/rootkeysentinel/tests.sh index bfe653c..3e0a487 100644 --- a/bin/tests/system/rootkeysentinel/tests.sh +++ b/bin/tests/system/rootkeysentinel/tests.sh @@ -23,22 +23,22 @@ rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" newtest() { - n=$((n + 1)) - case $# in - 1) - echo_i "$1 ($n)" - ;; - 2) - echo_i "$1" - echo_ic "$2 ($n)" - ;; - esac - ret=0 + n=$((n + 1)) + case $# in + 1) + echo_i "$1 ($n)" + ;; + 2) + echo_i "$1" + echo_ic "$2 ($n)" + ;; + esac + ret=0 } newtest "get test ids" -$DIG $DIGOPTS . dnskey +short +rrcomm @10.53.0.1 > dig.out.ns1.test$n || ret=1 -oldid=$(sed -n 's/.*key id = //p' < dig.out.ns1.test$n) +$DIG $DIGOPTS . dnskey +short +rrcomm @10.53.0.1 >dig.out.ns1.test$n || ret=1 +oldid=$(sed -n 's/.*key id = //p' dig.out.ns2.test$n -grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 example SOA >dig.out.ns2.test$n +grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check test zone resolves with 'root-key-sentinel yes;'" " (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 example SOA > dig.out.ns3.test$n -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 example SOA >dig.out.ns3.test$n +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 -grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: SERVFAIL" dig.out.ns3.test$n >/dev/null || ret=1 +grep "ANSWER: 0," dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 -grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: SERVFAIL" dig.out.ns3.test$n >/dev/null || ret=1 +grep "ANSWER: 0," dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 -grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: SERVFAIL" dig.out.ns3.test$n >/dev/null || ret=1 +grep "ANSWER: 0," dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta, CD=1 and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 old-is-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 +grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 old-not-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 +grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 new-is-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 +grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 new-not-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NOERROR" dig.out.ns3.test$n >/dev/null || ret=1 +grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 -grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 +grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 -grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A >dig.out.ns3.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns3.test$n >/dev/null || ret=1 +grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check test zone resolves with 'root-key-sentinel no;'" " (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 example SOA > dig.out.ns4.test$n -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 example SOA >dig.out.ns4.test$n +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 old-is-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 old-not-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 new-is-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" -$DIG $DIGOPTS @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 new-not-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1 +grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" -$DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1 -grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A >dig.out.ns4.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1 +grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -- cgit v1.2.3