diff options
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/dupsigs/tests.sh | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh new file mode 100644 index 0000000..4ab3a73 --- /dev/null +++ b/bin/tests/system/dupsigs/tests.sh @@ -0,0 +1,71 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +status=0 + +# Wait for the zone to be fully signed before beginning test +# +# We expect the zone to have the following: +# +# - 5 signatures for signing.test. +# - 3 signatures for ns.signing.test. +# - 2 x 500 signatures for a{0000-0499}.signing.test. +# +# for a total of 1008. +fully_signed () { + $DIG axfr signing.test -p ${PORT} @10.53.0.1 > "dig.out.ns1.axfr" + awk 'BEGIN { lines = 0 } + $4 == "RRSIG" {lines++} + END { if (lines != 1008) exit(1) }' < "dig.out.ns1.axfr" +} + +# Wait for the last NSEC record in the zone to be signed. This is a lightweight +# alternative to avoid many AXFR requests while waiting for the zone to be +# fully signed. +_wait_for_last_nsec_signed() { + $DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec > "dig.out.ns1.wait" || return 1 + grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" > /dev/null || return 1 + return 0 +} + +echo_i "wait for the zone to be fully signed" +retry_quiet 60 _wait_for_last_nsec_signed +retry_quiet 10 fully_signed || status=1 +if [ $status != 0 ]; then echo_i "failed"; fi + +start=$(date +%s) +now=$start +end=$((start + 140)) + +while [ $now -lt $end ] && [ $status -eq 0 ]; do + et=$((now - start)) + echo_i "............... $et ............" + $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i + $DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et + awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i + lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l) + if [ ${et} -ne 0 -a ${lines} -ne 1008 ] + then + echo_i "failed" + status=$((status + 1)) + fi + sleep 5 + now=$(date +%s) +done + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |