report initial RRSIG expiry field values

8e5abc6c · Mark Andrews · 050fca21 · 8e5abc6c
Commit 8e5abc6c authored Aug 17, 2018 by Mark Andrews
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 2 deletions

bin/tests/system/autosign/tests.sh bin/tests/system/autosign/tests.sh +19 -2

No files found.
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -78,7 +78,7 @@ do
 	done
 	for z in bar. example. inacksk2.example. inacksk3.example \
 		 inaczsk2.example. inaczsk3.example
-	do 
+	do
 		$DIG $DIGOPTS $z @10.53.0.3 nsec > dig.out.ns3.test$n || ret=1
 		grep "NS SOA" dig.out.ns3.test$n > /dev/null || ret=1
 	done
@@ -91,6 +91,23 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "done"; fi
 status=`expr $status + $ret`

+echo_i "Initial counts of RRSIG expiry fields values for auto signed zones"
+for z in .
+do
+	echo_i zone $z
+	$DIG $DIGOPTS $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+done
+for z in bar. example. private.secure.example.
+do
+	echo_i zone $z
+	$DIG $DIGOPTS $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+done
+for z in inacksk2.example. inacksk3.example inaczsk2.example. inaczsk3.example
+do
+	echo_i zone $z
+	$DIG $DIGOPTS $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+done
+
 #
 # Check that DNSKEY is initially signed with a KSK and not a ZSK.
 #
@@ -1147,7 +1164,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

 # this confirms that key events are never scheduled more than
-# 'dnssec-loadkeys-interval' minutes in the future, and that the 
+# 'dnssec-loadkeys-interval' minutes in the future, and that the
 # event scheduled is within 10 seconds of expected interval.
 check_interval () {
        awk '/next key event/ {print $2 ":" $9}' $1/named.run |