blob: 939ff2d1242a3beddcdb378049d9d1c06a86e597 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
# Wait for the zone to be fully signed before beginning test
#
# We expect the zone to have the following:
#
# - 5 signatures for signing.test.
# - 3 signatures for ns.signing.test.
# - 2 x 500 signatures for a{0000-0499}.signing.test.
#
# for a total of 1008.
fully_signed() {
$DIG axfr signing.test -p ${PORT} @10.53.0.1 >"dig.out.ns1.axfr"
awk 'BEGIN { lines = 0 }
$4 == "RRSIG" {lines++}
END { if (lines != 1008) exit(1) }' <"dig.out.ns1.axfr"
}
# Wait for the last NSEC record in the zone to be signed. This is a lightweight
# alternative to avoid many AXFR requests while waiting for the zone to be
# fully signed.
_wait_for_last_nsec_signed() {
$DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec >"dig.out.ns1.wait" || return 1
grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" >/dev/null || return 1
return 0
}
echo_i "wait for the zone to be fully signed"
retry_quiet 60 _wait_for_last_nsec_signed
retry_quiet 10 fully_signed || status=1
if [ $status != 0 ]; then echo_i "failed"; fi
start=$(date +%s)
now=$start
end=$((start + 140))
while [ $now -lt $end ] && [ $status -eq 0 ]; do
et=$((now - start))
echo_i "............... $et ............"
$JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i
$DIG axfr signing.test -p ${PORT} @10.53.0.1 >dig.out.at$et
awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i
lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l)
if [ ${et} -ne 0 -a ${lines} -ne 1008 ]; then
echo_i "failed"
status=$((status + 1))
fi
sleep 5
now=$(date +%s)
done
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
|