tests.sh 14.7 KB
Newer Older
1
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
2
#
3 4 5
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 7 8
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
9 10 11 12 13

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

status=0
14
n=0
15

16
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
17
echo_i "checking that named-checkconf handles a known good config ($n)"
18 19
ret=0
$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
20
if [ $ret != 0 ]; then echo_i "failed"; fi
21 22
status=`expr $status + $ret`

23
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
24
echo_i "checking that named-checkconf prints a known good config ($n)"
25
ret=0
26 27 28 29
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
[ -s good.conf.in ] || ret=1
$CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
cmp good.conf.in good.conf.out || ret=1
Evan Hunt's avatar
Evan Hunt committed
30
if [ $ret != 0 ]; then echo_i "failed"; fi
31
status=`expr $status + $ret`
32

33
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
34
echo_i "checking that named-checkconf -x removes secrets ($n)"
35 36 37 38 39 40
ret=0
# ensure there is a secret and that it is not the check string.
grep 'secret "' good.conf.in > /dev/null || ret=1
grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
$CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
41
if [ $ret != 0 ]; then echo_i "failed"; fi
42 43
status=`expr $status + $ret`

44
for bad in bad-*.conf
45
do
46
    n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
47
    echo_i "checking that named-checkconf detects error in $bad ($n)"
48 49 50 51 52 53 54 55 56
    ret=0
    $CHECKCONF $bad > checkconf.out 2>&1
    if [ $? != 1 ]; then ret=1; fi
    grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
    case $bad in
    bad-update-policy[123].conf)
	pat="identity and name fields are not the same"
	grep "$pat" checkconf.out > /dev/null || ret=1
	;;
57
    bad-update-policy[4589].conf)
58 59 60
	pat="name field not set to placeholder value"
	grep "$pat" checkconf.out > /dev/null || ret=1
	;;
61 62 63 64
    bad-update-policy[67].conf)
	pat="missing name field type '.*' found"
	grep "$pat" checkconf.out > /dev/null || ret=1
	;;
65
    esac
Evan Hunt's avatar
Evan Hunt committed
66
    if [ $ret != 0 ]; then echo_i "failed"; fi
67
    status=`expr $status + $ret`
68
done
69

70 71
for good in good-*.conf
do
72
	n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
73
	echo_i "checking that named-checkconf detects no error in $good ($n)"
74 75
	ret=0
	$CHECKCONF $good > /dev/null 2>&1
Evan Hunt's avatar
Evan Hunt committed
76
	if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
77 78 79
	status=`expr $status + $ret`
done

80
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
81
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
82
ret=0
83 84
$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
85
if [ $ret != 0 ]; then echo_i "failed"; fi
86 87
status=`expr $status + $ret`

88
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
89
echo_i "checking that named-checkconf catches range errors ($n)"
Evan Hunt's avatar
Evan Hunt committed
90 91
ret=0
$CHECKCONF range.conf > /dev/null 2>&1 && ret=1
Evan Hunt's avatar
Evan Hunt committed
92
if [ $ret != 0 ]; then echo_i "failed"; fi
Evan Hunt's avatar
Evan Hunt committed
93 94
status=`expr $status + $ret`

95
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
96
echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
97 98 99
ret=0
warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l`
[ $warnings -eq 3 ] || ret=1
Evan Hunt's avatar
Evan Hunt committed
100
if [ $ret != 0 ]; then echo_i "failed"; fi
101 102
status=`expr $status + $ret`

103
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
104
echo_i "checking named-checkconf dnssec warnings ($n)"
105 106
ret=0
$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
107
$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
108 109 110 111
$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
# this one should have no warnings
$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
Evan Hunt's avatar
Evan Hunt committed
112
if [ $ret != 0 ]; then echo_i "failed"; fi
113 114
status=`expr $status + $ret`

115
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
116
echo_i "range checking fields that do not allow zero ($n)"
117 118 119 120 121 122 123 124
ret=0
for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
    cat > badzero.conf << EOF
options {
    $field 0;
};
EOF
    $CHECKCONF badzero.conf > /dev/null 2>&1
Evan Hunt's avatar
Evan Hunt committed
125
    [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
126 127 128 129 130 131
    cat > badzero.conf << EOF
view dummy {
    $field 0;
};
EOF
    $CHECKCONF badzero.conf > /dev/null 2>&1
Evan Hunt's avatar
Evan Hunt committed
132
    [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
133
    cat > badzero.conf << EOF
134 135 136 137 138 139 140
options {
    $field 0;
};
view dummy {
};
EOF
    $CHECKCONF badzero.conf > /dev/null 2>&1
Evan Hunt's avatar
Evan Hunt committed
141
    [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
142
    cat > badzero.conf << EOF
143 144 145 146 147 148 149
zone dummy {
    type slave;
    masters { 0.0.0.0; };
    $field 0;
};
EOF
    $CHECKCONF badzero.conf > /dev/null 2>&1
Evan Hunt's avatar
Evan Hunt committed
150
    [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
151
done
Evan Hunt's avatar
Evan Hunt committed
152
if [ $ret != 0 ]; then echo_i "failed"; fi
153 154
status=`expr $status + $ret`

155
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
156
echo_i "checking options allowed in inline-signing slaves ($n)"
157
ret=0
158 159 160 161 162 163
l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l`
[ $l -eq 1 ] || ret=1
l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l`
[ $l -eq 1 ] || ret=1
l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l`
[ $l -eq 1 ] || ret=1
Evan Hunt's avatar
Evan Hunt committed
164
if [ $ret != 0 ]; then echo_i "failed"; fi
165 166
status=`expr $status + $ret`

167
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
168
echo_i "check file + inline-signing for slave zones ($n)"
169 170 171 172 173 174
l=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
[ $l -eq 0 ] || ret=1
l=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
[ $l -eq 0 ] || ret=1
l=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
[ $l -eq 1 ] || ret=1
Evan Hunt's avatar
Evan Hunt committed
175
if [ $ret != 0 ]; then echo_i "failed"; fi
176
status=`expr $status + $ret`
Evan Hunt's avatar
Evan Hunt committed
177

178
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
179
echo_i "checking named-checkconf DLZ warnings ($n)"
Evan Hunt's avatar
Evan Hunt committed
180 181
ret=0
$CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
182
if [ $ret != 0 ]; then echo_i "failed"; fi
183 184
status=`expr $status + $ret`

185
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
186
echo_i "checking for missing key directory warning ($n)"
187 188
ret=0
rm -rf test.keydir
189 190
l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l`
[ $l -eq 1 ] || ret=1
191
touch test.keydir
192 193
l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l`
[ $l -eq 1 ] || ret=1
194 195
rm -f test.keydir
mkdir test.keydir
196 197
l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l`
[ $l -eq 0 ] || ret=1
198
rm -rf test.keydir
Evan Hunt's avatar
Evan Hunt committed
199
if [ $ret != 0 ]; then echo_i "failed"; fi
Evan Hunt's avatar
Evan Hunt committed
200

201
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
202
echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"
Evan Hunt's avatar
Evan Hunt committed
203 204 205 206 207
ret=0
$CHECKCONF -z max-ttl.conf > check.out 2>&1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
208
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
Evan Hunt's avatar
Evan Hunt committed
209 210
status=`expr $status + $ret`

211
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
212
echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
Evan Hunt's avatar
Evan Hunt committed
213 214
ret=0
$CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1
Evan Hunt's avatar
Evan Hunt committed
215
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
216 217
status=`expr $status + $ret`

218
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
219
echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
220 221
ret=0
$CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
222
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
223 224
status=`expr $status + $ret`

225
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
226
echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
227 228
ret=0
$CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
229
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
230 231
status=`expr $status + $ret`

232
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
233
echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
234 235
ret=0
$CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1
Evan Hunt's avatar
Evan Hunt committed
236
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
237 238
status=`expr $status + $ret`

239
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
240
echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
241 242
ret=0
$CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1
Evan Hunt's avatar
Evan Hunt committed
243
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
244 245
status=`expr $status + $ret`

246
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
247
echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
248 249
ret=0
$CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
250
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
251 252
status=`expr $status + $ret`

253
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
254
echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
255 256
ret=0
$CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1
Evan Hunt's avatar
Evan Hunt committed
257
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
258 259
status=`expr $status + $ret`

260
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
261
echo_i "check that check-names fails as configured ($n)"
262
ret=0
263 264 265
$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1
grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
266
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
267 268
status=`expr $status + $ret`

269
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
270
echo_i "check that check-mx fails as configured ($n)"
271
ret=0
272 273 274
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
275
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
276 277
status=`expr $status + $ret`

278
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
279
echo_i "check that check-dup-records fails as configured ($n)"
280
ret=0
281 282 283
$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "has semantically identical records" checkconf.out$n > /dev/null || ret=1
grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
284
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
285 286
status=`expr $status + $ret`

287
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
288
echo_i "check that check-mx fails as configured ($n)"
289
ret=0
290 291 292
$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1
grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
293
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
294 295
status=`expr $status + $ret`

296
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
297
echo_i "check that check-mx-cname fails as configured ($n)"
298
ret=0
299 300 301
$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
302
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
303 304
status=`expr $status + $ret`

305
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
306
echo_i "check that check-srv-cname fails as configured ($n)"
307
ret=0
308 309 310
$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
grep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
Evan Hunt's avatar
Evan Hunt committed
311
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
312 313
status=`expr $status + $ret`

314
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
315
echo_i "check that named-checkconf -p properly print a port range ($n)"
316
ret=0
317 318
$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
grep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
319
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
320 321
status=`expr $status + $ret`

322
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
323
echo_i "check that named-checkconf -z handles in-view ($n)"
324
ret=0
325 326
$CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1
grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
327
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
328 329
status=`expr $status + $ret`

330
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
331
echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
332
ret=0
333 334
$CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
grep "max-cache-size 60%;" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
335
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
336 337 338
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
339
echo_i "check that named-checkconf -l print out the zone list ($n)"
340 341 342 343 344
ret=0
$CHECKCONF -l good.conf |
grep -v "is not implemented" |
grep -v "is obsolete" > checkconf.out$n || ret=1
diff good.zonelist checkconf.out$n  > diff.out$n || ret=1
Evan Hunt's avatar
Evan Hunt committed
345
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
346 347
status=`expr $status + $ret`

348
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
349
echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
350 351 352
ret=0
$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
353
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
354 355 356
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
357
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
358 359 360
ret=0
$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
361
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
362 363 364
status=`expr $status + $ret`

n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
365
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
366 367 368
ret=0
$CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
Evan Hunt's avatar
Evan Hunt committed
369
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
370 371
status=`expr $status + $ret`

372
n=`expr $n + 1`
Evan Hunt's avatar
Evan Hunt committed
373
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
374 375 376
ret=0
$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
Mark Andrews's avatar
Mark Andrews committed
377
grep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
378
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
379 380
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
381
echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)"
382 383 384
ret=0
$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
Evan Hunt's avatar
Evan Hunt committed
385
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
386 387
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
388
echo_i "check that the 2017 ICANN ROOT KSK alone does not warning ($n)"
389 390 391
ret=0
$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
Evan Hunt's avatar
Evan Hunt committed
392
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
393 394
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
395
echo_i "check that the dlv.isc.org KSK generates a warning ($n)"
396
ret=0
Mark Andrews's avatar
Mark Andrews committed
397
$CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1
398
[ -s checkconf.out$n ] || ret=1
Mark Andrews's avatar
Mark Andrews committed
399
grep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1
Evan Hunt's avatar
Evan Hunt committed
400
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
401 402
status=`expr $status + $ret`

403 404 405 406 407 408 409 410
echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
ret=0
$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
grep "'geoip-use-ecs' is obsolete" checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`

Evan Hunt's avatar
Evan Hunt committed
411
echo_i "exit status: $status"
412
[ $status -eq 0 ] || exit 1