Commit 792915be authored by Evan Hunt's avatar Evan Hunt

[master] fix accidental dig breakage

parent cd38c8c1
......@@ -1637,7 +1637,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
debug("main parsing %s", rv[0]);
if (strncmp(rv[0], "%", 1) == 0)
break;
if (argv[0][0] == '@') {
if (rv[0][0] == '@') {
addresscount = getaddresses(lookup, &rv[0][1], NULL);
} else if (rv[0][0] == '+') {
plus_option(&rv[0][1], is_batchfile,
......
......@@ -33,6 +33,7 @@ NAMED=$TOP/bin/named/named
# if the program is libtoolized.
LWRESD="$TOP/bin/named/named -l"
DIG=$TOP/bin/dig/dig
DELVE=$TOP/bin/delve/delve
RNDC=$TOP/bin/rndc/rndc
NSUPDATE=$TOP/bin/nsupdate/nsupdate
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
......
......@@ -67,6 +67,5 @@ rm -f ns6/optout-tld.db
rm -f nosign.before
rm -f signing.out*
rm -f canonical?.*
rm -f ns1/resolve.key
rm -f ns3/siginterval.conf
rm -f ns4/named_dump.db
......@@ -65,14 +65,3 @@ cp trusted.conf ../ns4/trusted.conf
cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
cp managed.conf ../ns4/managed.conf
#
# Save keyid for managed key id test.
#
keyid=`expr $keyname : 'K.+001+\(.*\)'`
keyid=`expr $keyid + 0`
echo "$keyid" > managed.key.id
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print "-a $alg -e -k $dn -K $key\n"
' > resolve.key
......@@ -26,7 +26,7 @@ n=1
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
RESKEY=`cat ns1/resolve.key`
DELVEOPTS="-a ns1/trusted.conf"
# convert private-type records to readable form
showprivate () {
......@@ -137,10 +137,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking postive validation NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
grep "a.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A 3 2 300 .*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -160,10 +160,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking positive validation NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
grep "a.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -183,10 +183,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking positive validation OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
grep "a.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -209,10 +209,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
grep "a.wild.example..*10.0.0.27" resolve.out$n > /dev/null || ret=1
grep "a.wild.example..*RRSIG.A 3 2 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -251,10 +251,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
grep "a.wild.nsec3.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -277,10 +277,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
grep "a.wild.optout.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
......@@ -299,10 +299,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -322,10 +322,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -346,10 +346,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -368,10 +368,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -392,10 +392,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -416,10 +416,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -437,10 +437,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -457,10 +457,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -481,10 +481,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -505,10 +505,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
grep "a.insecure.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -527,10 +527,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
grep "a.insecure.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -549,10 +549,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
grep "a.insecure.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -573,10 +573,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -597,10 +597,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -621,10 +621,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -818,10 +818,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking failed validation using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: no valid RRSIG" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -863,10 +863,10 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${RESOLVE} ] ; then
if [ -x ${DELVE} ] ; then
ret=0
echo "I:checking that validation fails when key record is missing using dns_client ($n)"
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
$DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: broken trust chain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment