summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dupsigs/tests.sh
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/tests/system/dupsigs/tests.sh71
1 files changed, 71 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh
new file mode 100644
index 0000000..4ab3a73
--- /dev/null
+++ b/bin/tests/system/dupsigs/tests.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+
+. ../conf.sh
+
+status=0
+
+# Wait for the zone to be fully signed before beginning test
+#
+# We expect the zone to have the following:
+#
+# - 5 signatures for signing.test.
+# - 3 signatures for ns.signing.test.
+# - 2 x 500 signatures for a{0000-0499}.signing.test.
+#
+# for a total of 1008.
+fully_signed () {
+ $DIG axfr signing.test -p ${PORT} @10.53.0.1 > "dig.out.ns1.axfr"
+ awk 'BEGIN { lines = 0 }
+ $4 == "RRSIG" {lines++}
+ END { if (lines != 1008) exit(1) }' < "dig.out.ns1.axfr"
+}
+
+# Wait for the last NSEC record in the zone to be signed. This is a lightweight
+# alternative to avoid many AXFR requests while waiting for the zone to be
+# fully signed.
+_wait_for_last_nsec_signed() {
+ $DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec > "dig.out.ns1.wait" || return 1
+ grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" > /dev/null || return 1
+ return 0
+}
+
+echo_i "wait for the zone to be fully signed"
+retry_quiet 60 _wait_for_last_nsec_signed
+retry_quiet 10 fully_signed || status=1
+if [ $status != 0 ]; then echo_i "failed"; fi
+
+start=$(date +%s)
+now=$start
+end=$((start + 140))
+
+while [ $now -lt $end ] && [ $status -eq 0 ]; do
+ et=$((now - start))
+ echo_i "............... $et ............"
+ $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i
+ $DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et
+ awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i
+ lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l)
+ if [ ${et} -ne 0 -a ${lines} -ne 1008 ]
+ then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+ sleep 5
+ now=$(date +%s)
+done
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1