Commit 8e5abc6c authored by Mark Andrews's avatar Mark Andrews

report initial RRSIG expiry field values

parent 050fca21
......@@ -78,7 +78,7 @@ do
done
for z in bar. example. inacksk2.example. inacksk3.example \
inaczsk2.example. inaczsk3.example
do
do
$DIG $DIGOPTS $z @10.53.0.3 nsec > dig.out.ns3.test$n || ret=1
grep "NS SOA" dig.out.ns3.test$n > /dev/null || ret=1
done
......@@ -91,6 +91,23 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "done"; fi
status=`expr $status + $ret`
echo_i "Initial counts of RRSIG expiry fields values for auto signed zones"
for z in .
do
echo_i zone $z
$DIG $DIGOPTS $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
for z in bar. example. private.secure.example.
do
echo_i zone $z
$DIG $DIGOPTS $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
for z in inacksk2.example. inacksk3.example inaczsk2.example. inaczsk3.example
do
echo_i zone $z
$DIG $DIGOPTS $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
#
# Check that DNSKEY is initially signed with a KSK and not a ZSK.
#
......@@ -1147,7 +1164,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# this confirms that key events are never scheduled more than
# 'dnssec-loadkeys-interval' minutes in the future, and that the
# 'dnssec-loadkeys-interval' minutes in the future, and that the
# event scheduled is within 10 seconds of expected interval.
check_interval () {
awk '/next key event/ {print $2 ":" $9}' $1/named.run |
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment