tests.sh 30.8 KB
Newer Older
1
2
#!/bin/sh
#
3
# Copyright (C) 2000, 2001, 2004, 2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
#
5
6
7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
Mark Andrews's avatar
Mark Andrews committed
8

9
10
11
12
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

status=0
13
n=0
14

Mark Andrews's avatar
Mark Andrews committed
15
16
n=`expr $n + 1`
echo "I:checking non-cachable NXDOMAIN response handling ($n)"
17
ret=0
Mark Andrews's avatar
Mark Andrews committed
18
19
$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1
20
21
22
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

23
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
24
25
   n=`expr $n + 1`
   echo "I:checking non-cachable NXDOMAIN response handling using dns_client ($n)"
26
   ret=0
Mark Andrews's avatar
Mark Andrews committed
27
28
   ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out.ns1.test${n} || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out.ns1.test${n} > /dev/null || ret=1
29
30
31
32
   if [ $ret != 0 ]; then echo "I:failed"; fi
   status=`expr $status + $ret`
fi

33
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
34
35
   n=`expr $n + 1`
   echo "I:checking that local bound address can be set (Can't query from a denied address) ($n)"
36
   ret=0
Mark Andrews's avatar
Mark Andrews committed
37
38
   ${RESOLVE} -b 10.53.0.8 -p 5300 -t a -s 10.53.0.1 www.example.org 2> resolve.out.ns1.test${n} || ret=1
   grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
39
40
41
   if [ $ret != 0 ]; then echo "I:failed"; fi
   status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
42
43
   n=`expr $n + 1`
   echo "I:checking that local bound address can be set (Can query from an allowed address) ($n)"
44
   ret=0
Mark Andrews's avatar
Mark Andrews committed
45
46
   ${RESOLVE} -b 10.53.0.1 -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
   grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
47
48
49
50
   if [ $ret != 0 ]; then echo "I:failed"; fi
   status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
51
52
n=`expr $n + 1`
echo "I:checking non-cachable NODATA response handling ($n)"
53
ret=0
Mark Andrews's avatar
Mark Andrews committed
54
55
$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
56
57
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
58

59
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
60
61
    n=`expr $n + 1`
    echo "I:checking non-cachable NODATA response handling using dns_client ($n)"
62
    ret=0
Mark Andrews's avatar
Mark Andrews committed
63
64
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out.ns1.test${n} || ret=1
    grep "resolution failed: ncache nxrrset" resolve.out.ns1.test${n} > /dev/null || ret=1
65
66
67
68
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
69
70
n=`expr $n + 1`
echo "I:checking handling of bogus referrals ($n)"
71
# If the server has the "INSIST(!external)" bug, this query will kill it.
Mark Andrews's avatar
Mark Andrews committed
72
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
73

74
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
75
76
    n=`expr $n + 1`
    echo "I:checking handling of bogus referrals using dns_client ($n)"
77
    ret=0
Mark Andrews's avatar
Mark Andrews committed
78
79
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out.ns1.test${n} || ret=1
    grep "resolution failed: SERVFAIL" resolve.out.ns1.test${n} > /dev/null || ret=1
80
81
82
83
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
84
85
86
n=`expr $n + 1`
echo "I:check handling of cname + other data / 1 ($n)"
$DIG +tcp cname1.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
87

Mark Andrews's avatar
Mark Andrews committed
88
89
90
n=`expr $n + 1`
echo "I:check handling of cname + other data / 2 ($n)"
$DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
91

Mark Andrews's avatar
Mark Andrews committed
92
93
94
n=`expr $n + 1`
echo "I:check that server is still running ($n)"
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || { echo I:failed; status=`expr $status + 1`; }
95

Mark Andrews's avatar
Mark Andrews committed
96
97
n=`expr $n + 1`
echo "I:checking answer IPv4 address filtering (deny) ($n)"
98
ret=0
Mark Andrews's avatar
Mark Andrews committed
99
100
$DIG +tcp www.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
101
102
103
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
104
105
n=`expr $n + 1`
echo "I:checking answer IPv6 address filtering (deny) ($n)"
106
ret=0
Mark Andrews's avatar
Mark Andrews committed
107
108
$DIG +tcp www.example.net @10.53.0.1 aaaa -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
109
110
111
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
112
113
n=`expr $n + 1`
echo "I:checking answer IPv4 address filtering (accept) ($n)"
114
ret=0
Mark Andrews's avatar
Mark Andrews committed
115
116
$DIG +tcp www.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
117
118
119
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

120

121
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
122
123
    n=`expr $n + 1`
    echo "I:checking answer IPv4 address filtering using dns_client (accept) ($n)"
124
    ret=0
Mark Andrews's avatar
Mark Andrews committed
125
126
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
    grep "www.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
127
128
129
130
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
131
132
n=`expr $n + 1`
echo "I:checking answer IPv6 address filtering (accept) ($n)"
133
ret=0
Mark Andrews's avatar
Mark Andrews committed
134
135
$DIG +tcp www.example.org @10.53.0.1 aaaa -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
136
137
138
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

139
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
140
141
    n=`expr $n + 1`
    echo "I:checking answer IPv6 address filtering using dns_client (accept) ($n)"
142
    ret=0
Mark Andrews's avatar
Mark Andrews committed
143
144
    ${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out.ns1.test${n} || ret=1
    grep "www.example.org..*.2001:db8:beef::1" resolve.out.ns1.test${n} > /dev/null || ret=1
145
146
147
148
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
149
150
n=`expr $n + 1`
echo "I:checking CNAME target filtering (deny) ($n)"
151
ret=0
Mark Andrews's avatar
Mark Andrews committed
152
153
$DIG +tcp badcname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
154
155
156
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
157
158
n=`expr $n + 1`
echo "I:checking CNAME target filtering (accept) ($n)"
159
ret=0
Mark Andrews's avatar
Mark Andrews committed
160
161
$DIG +tcp goodcname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
162
163
164
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

165
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
166
167
    n=`expr $n + 1`
    echo "I:checking CNAME target filtering using dns_client (accept) ($n)"
168
    ret=0
Mark Andrews's avatar
Mark Andrews committed
169
170
171
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out.ns1.test${n} || ret=1
    grep "goodcname.example.net..*.goodcname.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "goodcname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
172
173
174
175
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
176
177
n=`expr $n + 1`
echo "I:checking CNAME target filtering (accept due to subdomain) ($n)"
178
ret=0
Mark Andrews's avatar
Mark Andrews committed
179
180
$DIG +tcp cname.sub.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
181
182
183
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

184
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
185
186
    n=`expr $n + 1`
    echo "I:checking CNAME target filtering using dns_client (accept due to subdomain) ($n)"
187
    ret=0
Mark Andrews's avatar
Mark Andrews committed
188
189
190
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out.ns1.test${n} || ret=1
    grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
191
192
193
194
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
195
196
n=`expr $n + 1`
echo "I:checking DNAME target filtering (deny) ($n)"
197
ret=0
Mark Andrews's avatar
Mark Andrews committed
198
199
$DIG +tcp foo.baddname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1
200
201
202
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

Mark Andrews's avatar
Mark Andrews committed
203
204
n=`expr $n + 1`
echo "I:checking DNAME target filtering (accept) ($n)"
205
ret=0
Mark Andrews's avatar
Mark Andrews committed
206
207
$DIG +tcp foo.gooddname.example.net @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
208
209
210
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

211
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
212
213
    n=`expr $n + 1`
    echo "I:checking DNAME target filtering using dns_client (accept) ($n)"
214
    ret=0
Mark Andrews's avatar
Mark Andrews committed
215
216
217
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out.ns1.test${n} || ret=1
    grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
218
219
220
221
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

Mark Andrews's avatar
Mark Andrews committed
222
223
n=`expr $n + 1`
echo "I:checking DNAME target filtering (accept due to subdomain) ($n)"
224
ret=0
Mark Andrews's avatar
Mark Andrews committed
225
226
$DIG +tcp www.dname.sub.example.org @10.53.0.1 a -p 5300 > dig.out.ns1.test${n} || ret=1
grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1
227
228
229
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

230
if [ -x ${RESOLVE} ] ; then
Mark Andrews's avatar
Mark Andrews committed
231
232
    n=`expr $n + 1`
    echo "I:checking DNAME target filtering using dns_client (accept due to subdomain) ($n)"
233
    ret=0
Mark Andrews's avatar
Mark Andrews committed
234
235
236
    ${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out.ns1.test${n} || ret=1
    grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out.ns1.test${n} > /dev/null || ret=1
    grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out.ns1.test${n} > /dev/null || ret=1
237
238
239
240
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

241
242
243
244
245
n=`expr $n + 1`
echo "I: RT21594 regression test check setup ($n)"
ret=0
# Check that "aa" is not being set by the authoritative server.
$DIG +tcp . @10.53.0.4 soa -p 5300 > dig.ns4.out.${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
246
grep 'flags: qr rd;' dig.ns4.out.${n} > /dev/null || ret=1
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I: RT21594 regression test positive answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative positive answers.
$DIG +tcp . @10.53.0.5 soa -p 5300 > dig.ns5.out.${n} || ret=1
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I: RT21594 regression test NODATA answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative nodata answers.
$DIG +tcp . @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1
grep "status: NOERROR" dig.ns5.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I: RT21594 regression test NXDOMAIN answers ($n)"
ret=0
# Check that resolver accepts the non-authoritative positive answers.
$DIG +tcp noexistant @10.53.0.5 txt -p 5300 > dig.ns5.out.${n} || ret=1
grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
276

277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
n=`expr $n + 1`
echo "I:check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"
ret=0
$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=1
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
if [ $ret = 1 ]; then echo "I:mx priming failed"; fi
$NSUPDATE << EOF
server 10.53.0.6 5300
zone example.net
update delete mail.example.net A
update add mail.example.net 0 AAAA ::1
send
EOF
$DIG +tcp a mail.example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=2
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=2
if [ $ret = 2 ]; then echo "I:ncache priming failed"; fi
$DIG +tcp mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=3
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=3
$DIG +tcp rrsig mail.example.net +norec @10.53.0.7 -p 5300 > dig.ns7.out.${n}  || ret=4
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=4
grep "ANSWER: 0" dig.ns7.out.${n} > /dev/null || ret=4
if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`

302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:checking that update a nameservers address has immediate effects ($n)"
ret=0
$DIG +tcp TXT foo.moves @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 
$NSUPDATE << EOF
server 10.53.0.7 5300
zone server
update delete ns.server A
update add ns.server 300 A 10.53.0.4
send
EOF
sleep 1
$DIG +tcp TXT bar.moves @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

if [ $ret != 0 ]; then echo "I:failed"; status=1; fi

n=`expr $n + 1`
echo "I:checking that update a nameservers glue has immediate effects ($n)"
ret=0
$DIG +tcp TXT foo.child.server @10.53.0.7 -p 5300 > dig.ns7.foo.${n} || ret=1
grep "From NS 5" dig.ns7.foo.${n} > /dev/null || ret=1 
$NSUPDATE << EOF
server 10.53.0.7 5300
zone server
update delete ns.child.server A
update add ns.child.server 300 A 10.53.0.4
send
EOF
sleep 1
$DIG +tcp TXT bar.child.server @10.53.0.7 -p 5300 > dig.ns7.bar.${n} || ret=1
grep "From NS 4" dig.ns7.bar.${n} > /dev/null || ret=1

if [ $ret != 0 ]; then echo "I:failed"; status=1; fi

341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
n=`expr $n + 1`
echo "I:checking empty RFC 1918 reverse zones ($n)"
ret=0
# Check that "aa" is being set by the resolver for RFC 1918 zones
# except the one that has been deliberately disabled
$DIG @10.53.0.7 -p 5300 -x 10.1.1.1 > dig.ns4.out.1.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.1.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 192.168.1.1 > dig.ns4.out.2.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.2.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.16.1.1  > dig.ns4.out.3.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.3.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.17.1.1 > dig.ns4.out.4.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.4.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.18.1.1 > dig.ns4.out.5.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.5.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.19.1.1 > dig.ns4.out.6.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.6.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.21.1.1 > dig.ns4.out.7.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.7.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.22.1.1 > dig.ns4.out.8.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.8.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.23.1.1 > dig.ns4.out.9.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.9.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.24.1.1 > dig.ns4.out.11.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.11.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.25.1.1 > dig.ns4.out.12.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.12.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.26.1.1 > dig.ns4.out.13.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.13.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.27.1.1 > dig.ns4.out.14.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.14.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.28.1.1 > dig.ns4.out.15.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.15.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.29.1.1 > dig.ns4.out.16.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.16.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.30.1.1 > dig.ns4.out.17.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.17.${n} > /dev/null || ret=1
$DIG @10.53.0.7 -p 5300 -x 172.31.1.1 > dig.ns4.out.18.${n} || ret=1
grep 'flags: qr aa rd ra;' dig.ns4.out.18.${n} > /dev/null || ret=1
# but this one should NOT be authoritative
$DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi

385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
n=`expr $n + 1`
echo "I:checking that removal of a delegation is honoured ($n)"
ret=0
$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; }
cp ns4/tld2.db ns4/tld.db
($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) | 
sed -e '/reload queued/d' -e 's/^/I:ns4 /'
old=
for i in 0 1 2 3 4 5 6 7 8 9
do
	foo=0
	$DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
	$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
	[ $foo = 0 ] && break
	$NSUPDATE << EOF
server 10.53.0.6 5300
zone to-be-removed.tld
update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
send
EOF
	old=$i
	sleep 1
done
[ $ret = 0 ] && ret=$foo; 
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi

414
415
n=`expr $n + 1`
echo "I:check for improved error message with SOA mismatch ($n)"
416
ret=0
Mark Andrews's avatar
Mark Andrews committed
417
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.ns1.test${n} || ret=1
418
419
420
421
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

422
423
cp ns7/named2.conf ns7/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /'
424

425
426
427
428
429
430
431
432
n=`expr $n + 1`
echo "I:check resolution on the listening port ($n)"
ret=0
$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451

n=`expr $n + 1`
echo "I:check prefetch (${n})"
ret=0
$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.1.${n} || ret=1
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.2.${n} || ret=1
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
# check that prefetch occured
$DIG @10.53.0.5 -p 5300 fetch.tld txt > dig.out.3.${n} || ret=1
ttl=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.3.${n}`
test ${ttl:-0} -gt ${ttl2:-1} || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

452
453
454
455
456
457
458
459
460
461
462
463
464
n=`expr $n + 1`
echo "I:check prefetch of validated DS's RRSIG TTL is updated (${n})"
ret=0
$DIG +dnssec @10.53.0.5 -p 5300 ds.example.net ds > dig.out.1.${n} || ret=1
ttl1=`awk '$4 == "DS" && $7 == "1" { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
$DIG @10.53.0.5 -p 5300 ds.example.net ds > dig.out.2.${n} || ret=1
ttl1=`awk '$4 == "DS" && $7 == "1" { print $2 }' dig.out.2.${n}`
sleep 1
# check that prefetch occured
$DIG @10.53.0.5 -p 5300 ds.example.net ds +dnssec > dig.out.3.${n} || ret=1
Mark Andrews's avatar
Mark Andrews committed
465
dsttl=`awk '$4 == "DS" && $7 == "1" { print $2 }' dig.out.3.${n}`
466
467
468
469
470
471
472
sigttl=`awk '$4 == "RRSIG" && $5 == "DS" { print $2 }' dig.out.3.${n}`
test ${dsttl:-0} -gt ${ttl2:-1} || ret=1
test ${sigttl:-0} -gt ${ttl2:-1} || ret=1
test ${dsttl:-0} -eq ${sigttl:-1} || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

473
474
475
476
n=`expr $n + 1`
echo "I:check prefetch disabled (${n})"
ret=0
$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.1.${n} || ret=1
477
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
478
479
# sleep so we are in expire range
sleep ${ttl1:-0}
480
# look for ttl = 1, allow for one miss at getting zero ttl
481
482
zerotonine="0 1 2 3 4 5 6 7 8 9"
for i in $zerotonine $zerotonine $zerotonine $zerotonine
483
484
485
do 
	$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.2.${n} || ret=1
	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
486
	test ${ttl2:-2} -eq 1 && break
487
	$PERL -e 'select(undef, undef, undef, 0.05);' 
488
done
489
test ${ttl2:-2} -eq 1 || ret=1
490
491
492
493
# delay so that any prefetched record will have a lower ttl than expected
sleep 3
# check that prefetch has not occured
$DIG @10.53.0.7 -p 5300 fetch.example.net txt > dig.out.3.${n} || ret=1
494
ttl=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.3.${n}`
495
496
497
test ${ttl:-0} -eq ${ttl1:-1} || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
498

499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
n=`expr $n + 1`
echo "I:check prefetch qtype * (${n})"
ret=0
$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.1.${n} || ret=1
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in prefetch range
sleep ${ttl1:-0}
# trigger prefetch
$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.2.${n} || ret=1
ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
sleep 1
# check that the nameserver is still alive
$DIG @10.53.0.5 -p 5300 fetchall.tld any > dig.out.3.${n} || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

515
516
517
n=`expr $n + 1`
echo "I:check that E was logged on EDNS queries in the query log (${n})"
ret=0
518
519
$DIG @10.53.0.5 -p 5300 +edns edns.fetchall.tld any > dig.out.2.${n} || ret=1
grep "query: edns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null || ret=1
520
521
522
523
524
525
$DIG @10.53.0.5 -p 5300 +noedns noedns.fetchall.tld any > dig.out.2.${n} || ret=1
grep "query: noedns.fetchall.tld IN ANY" ns5/named.run > /dev/null || ret=1
grep "query: noedns.fetchall.tld IN ANY +E" ns5/named.run > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

526
527
528
529
530
531
532
533
534
535
536
537
538
539
n=`expr $n + 1`
echo "I:check that '-t aaaa' in .digrc does not have unexpected side effects ($n)"
ret=0
echo "-t aaaa" > .digrc
env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . > dig.out.1.${n} || ret=1
env HOME=`pwd` $DIG @10.53.0.4 -p 5300 . A > dig.out.2.${n} || ret=1
env HOME=`pwd` $DIG @10.53.0.4 -p 5300 -x 127.0.0.1 > dig.out.3.${n} || ret=1
grep ';\..*IN.*AAAA$' dig.out.1.${n} > /dev/null || ret=1
grep ';\..*IN.*A$' dig.out.2.${n} > /dev/null || ret=1
grep 'extra type option' dig.out.2.${n} > /dev/null && ret=1
grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

540
edns=`$FEATURETEST --edns-version`
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565

n=`expr $n + 1`
echo "I:check that EDNS version is logged (${n})"
ret=0
$DIG @10.53.0.5 -p 5300 +edns edns0.fetchall.tld any > dig.out.2.${n} || ret=1
grep "query: edns0.fetchall.tld IN ANY +E(0)" ns5/named.run > /dev/null || ret=1
if test ${edns:-0} != 0; then
    $DIG @10.53.0.5 -p 5300 +edns=1 edns1.fetchall.tld any > dig.out.2.${n} || ret=1
    grep "query: edns1.fetchall.tld IN ANY +E(1)" ns5/named.run > /dev/null || ret=1
fi
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

if test ${edns:-0} != 0; then
    n=`expr $n + 1`
    echo "I:check that edns-version is honoured (${n})"
    ret=0
    $DIG @10.53.0.5 -p 5300 +edns no-edns-version.tld > dig.out.1.${n} || ret=1
    grep "query: no-edns-version.tld IN A -E(1)" ns6/named.run > /dev/null || ret=1
    $DIG @10.53.0.5 -p 5300 +edns edns-version.tld > dig.out.2.${n} || ret=1
    grep "query: edns-version.tld IN A -E(0)" ns7/named.run > /dev/null || ret=1
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
fi

566
567
568
569
570
571
572
573
574
n=`expr $n + 1`
echo "I:check that CNAME nameserver is logged correctly (${n})"
ret=0
$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

575
576
577
n=`expr $n + 1`
echo "I:check that unexpected opcodes are handled correctly (${n})"
ret=0
578
$DIG soa all-cnames @10.53.0.5 -p 5300 +opcode=15 +cd +rec +ad +zflag > dig.out.ns5.test${n} || ret=1
579
grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1
580
581
582
583
584
585
grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1
grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} > /dev/null && ret=1
grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} > /dev/null && ret=1
586
if [ $ret != 0 ]; then echo "I:failed"; fi
587
588
status=`expr $status + $ret`

589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
n=`expr $n + 1`
echo "I:check that EDNS client subnet with non-zeroed bits is handled correctly (${n})"
ret=0
# 0001 (IPv4) 1f (31 significant bits) 00 (0) ffffffff (255.255.255.255)
$DIG soa . @10.53.0.5 -p 5300 +ednsopt=8:00011f00ffffffff > dig.out.ns5.test${n} || ret=1
grep "status: FORMERR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "; EDNS: version:" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that dig +subnet zeros address bits correctly (${n})"
ret=0
$DIG soa . @10.53.0.5 -p 5300 +subnet=255.255.255.255/23 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
n=`expr $n + 1`
echo "I:check that SOA query returns data for delegation-only apex (${n})"
ret=0
$DIG soa delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`

n=`expr $n + 1`
echo "I:check that NS query returns data for delegation-only apex (${n})"
ret=0
$DIG ns delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that A query returns data for delegation-only A apex (${n})"
ret=0
$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that CDS query returns data for delegation-only apex (${n})"
ret=0
$DIG cds delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that AAAA query returns data for delegation-only AAAA apex (${n})"
ret=0
$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`

echo "I:check that DNSKEY query returns data for delegation-only apex (${n})"
ret=0
$DIG dnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that CDNSKEY query returns data for delegation-only apex (${n})"
ret=0
$DIG cdnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that NXDOMAIN is returned for delegation-only non-apex A data (${n})"
ret=0
$DIG a a.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDS data (${n})"
ret=0
$DIG cds cds.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that NXDOMAIN is returned for delegation-only non-apex AAAA data (${n})"
ret=0
$DIG aaaa aaaa.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`

echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDNSKEY data (${n})"
ret=0
$DIG cdnskey cdnskey.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
n=`expr $n + 1`
echo "I:check zero ttl not returned for learnt non zero ttl records (${n})"
ret=0
# use prefetch disabled server
$DIG @10.53.0.7 -p 5300 non-zero.example.net txt > dig.out.1.${n} || ret=1
ttl1=`awk '/"A" "short" "ttl"/ { print $2 - 2 }' dig.out.1.${n}`
# sleep so we are in expire range
sleep ${ttl1:-0}
# look for ttl = 1, allow for one miss at getting zero ttl
zerotonine="0 1 2 3 4 5 6 7 8 9"
zerotonine="$zerotonine $zerotonine $zerotonine"
for i in $zerotonine $zerotonine $zerotonine $zerotonine
do
	$DIG @10.53.0.7 -p 5300 non-zero.example.net txt > dig.out.2.${n} || ret=1
	ttl2=`awk '/"A" "short" "ttl"/ { print $2 }' dig.out.2.${n}`
	test ${ttl2:-1} -eq 0 && break
	test ${ttl2:-1} -ge ${ttl1:-0} && break
	$PERL -e 'select(undef, undef, undef, 0.05);'
done
test ${ttl2:-1} -eq 0 && ret=1
test ${ttl2:-1} -ge ${ttl1:-0} || break
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check zero ttl is returned for learnt zero ttl records (${n})"
ret=0
$DIG @10.53.0.7 -p 5300 zero.example.net txt > dig.out.1.${n} || ret=1
ttl=`awk '/"A" "zero" "ttl"/ { print $2 }' dig.out.1.${n}`
test ${ttl:-1} -eq 0 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
736

737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
n=`expr $n + 1`
echo "I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +ad (${n})"
ret=0
$DIG @10.53.0.6 -p 5300 dnskey ds.example.net +bufsize=512 +ad +nodnssec +ignore +norec > dig.out.$n
grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

n=`expr $n + 1`
echo "I:check that 'ad' in not returned in truncated answer with empty answer and authority sections to request with +dnssec (${n})"
ret=0
$DIG @10.53.0.6 -p 5300 dnskey ds.example.net +bufsize=512 +noad +dnssec +ignore +norec > dig.out.$n
grep "flags: qr aa tc; QUERY: 1, ANSWER: 0, AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

753
echo "I:exit status: $status"
754
[ $status -eq 0 ] || exit 1