Commit aeebcb4a authored by Ondřej Surý's avatar Ondřej Surý

Run the dnssec system tests with `set -e` enabled

parent ca7cadfa
Pipeline #7844 passed with stages
in 13 minutes and 39 seconds
......@@ -9,6 +9,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed
rm -f ./*/example.bk
rm -f ./*/named.conf
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=.
infile=root.db.in
zonefile=root.db
......@@ -31,7 +33,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys "$keyname" > trusted.conf
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=example.
infile=example.db.in
zonefile=example.db
......@@ -35,7 +37,7 @@ keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zo
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
#
# lower/uppercase the signature bits with the exception of the last characters
......@@ -96,7 +98,7 @@ keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KS
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
# Sign the privately secure file
......@@ -108,7 +110,7 @@ privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zon
cat "$privinfile" "$privkeyname.key" > "$privzonefile"
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1
# Sign the DLV secure zone.
......@@ -121,7 +123,7 @@ dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone
cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1
# Sign the badparam secure file
......@@ -134,7 +136,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
sed -e 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' "$zonefile.signed" > "$zonefile.bad"
......@@ -149,7 +151,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
#
# algroll has just has the old DNSKEY records removed and is waiting
......@@ -167,7 +169,7 @@ keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keynew1.key" "$keynew2.key" > "$zonefile"
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null 2>&1
#
# Make a zone big enough that it takes several seconds to generate a new
......@@ -189,7 +191,7 @@ done >> "$zonefile"
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$key1.key" "$key2.key" >> "$zonefile"
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null 2>&1
zone=cds.secure
infile=cds.secure.db.in
......@@ -198,7 +200,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cds-x.secure
infile=cds.secure.db.in
......@@ -208,7 +210,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key2.key" > "$key2.cds"
cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cds-update.secure
infile=cds-update.secure.db.in
......@@ -216,7 +218,7 @@ zonefile=cds-update.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cds-kskonly.secure
infile=cds-kskonly.secure.db.in
......@@ -224,7 +226,7 @@ zonefile=cds-kskonly.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cds-auto.secure
infile=cds-auto.secure.db.in
......@@ -241,7 +243,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cdnskey-x.secure
infile=cdnskey.secure.db.in
......@@ -251,7 +253,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cdnskey-update.secure
infile=cdnskey-update.secure.db.in
......@@ -259,7 +261,7 @@ zonefile=cdnskey-update.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cdnskey-kskonly.secure
infile=cdnskey-kskonly.secure.db.in
......@@ -267,7 +269,7 @@ zonefile=cdnskey-kskonly.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cdnskey-auto.secure
infile=cdnskey-auto.secure.db.in
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db
......@@ -400,7 +402,7 @@ cp "$infile" "$zonefile"
# shellcheck disable=SC2016
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
: > "$signedfile"
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1
#
# Zone with signatures about to expire, but no private key to replace them
......@@ -427,7 +429,7 @@ signedfile="upper.example.db.signed"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>/dev/null
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1
$CHECKZONE -D upper.example $lower 2>/dev/null | \
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=.
infile=../ns1/root.db.in
zonefile=root.db.signed
......@@ -26,7 +28,7 @@ keyfile_to_managed_keys "$keyname" > revoked.conf
# create a current set of keys, and sign the root zone
"$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" $zone > /dev/null
"$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK $zone > /dev/null
"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null
"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=optout-tld
infile=optout-tld.db.in
zonefile=optout-tld.db
......@@ -20,4 +22,4 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
zone=split-rrsig
infile=split-rrsig.db.in
zonefile=split-rrsig.db
......@@ -21,7 +23,7 @@ k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$k1.key" "$k2.key" > "$zonefile"
"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null
"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null 2>&1
awk 'BEGIN { r = ""; }
$4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
{ print }
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
if "$PERL" -e 'use Net::DNS;' 2>/dev/null
then
# shellcheck disable=SC2016
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
$SHELL clean.sh
copy_setports ns1/named.conf.in ns1/named.conf
......
......@@ -12,6 +12,8 @@
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
status=0
n=1
......@@ -1696,7 +1698,7 @@ ret=0
rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
keyid=$(cat ns1/managed.key.id)
cp ns4/named.secroots named.secroots.test$n
linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n)
linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n || true)
[ "$linecount" -eq 1 ] || ret=1
linecount=$(< named.secroots.test$n wc -l)
[ "$linecount" -eq 10 ] || ret=1
......@@ -1893,7 +1895,7 @@ ret=0
$PERL -e 'my $delay = '"$start"' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
# check nta table
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n._11
lines=$(grep -c " expiry " rndc.out.ns4.test$n._11)
lines=$(grep -c " expiry " rndc.out.ns4.test$n._11 || true)
[ "$lines" -le 2 ] || ret=1
grep "bogus.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null || ret=1
grep "badds.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null && ret=1
......@@ -1923,7 +1925,7 @@ dig_with_opts c.bogus.example. a @10.53.0.4 > dig.out.ns4.test$n.15 || ret=1
grep "status: SERVFAIL" dig.out.ns4.test$n.15 > /dev/null || ret=1
# check nta table has been cleaned up now
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.3
lines=$(grep -c " expiry " rndc.out.ns4.test$n.3)
lines=$(grep -c " expiry " rndc.out.ns4.test$n.3 || true)
[ "$lines" -eq 0 ] || ret=1
n=$((n+1))
if [ "$ret" -ne 0 ]; then echo_i "failed - checking that all nta's have been lifted"; fi
......@@ -1959,21 +1961,21 @@ ret=0
n=$((n+1))
echo_i "testing NTA with bogus lifetimes ($n)"
echo_i "check with no nta lifetime specified"
rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1
rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 || true
grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.1 > /dev/null || ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
ret=0
echo_i "check with bad nta lifetime"
rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1
rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 || true
grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.2 > /dev/null || ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
ret=0
echo_i "check with too long nta lifetime"
rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1
rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 || true
grep "'nta' failed: out of range" rndc.out.ns4.test$n.3 > /dev/null || ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
......@@ -1985,12 +1987,12 @@ ret=0
n=$((n+1))
echo_i "testing NTA persistence across restarts ($n)"
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1
lines=$(grep -c " expiry " rndc.out.ns4.test$n.1)
lines=$(grep -c " expiry " rndc.out.ns4.test$n.1 || true)
[ "$lines" -eq 0 ] || ret=1
rndccmd 10.53.0.4 nta -f -l 30s bogus.example 2>&1 | sed 's/^/ns4 /' | cat_i
rndccmd 10.53.0.4 nta -f -l 10s badds.example 2>&1 | sed 's/^/ns4 /' | cat_i
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.2
lines=$(grep -c " expiry " rndc.out.ns4.test$n.2)
lines=$(grep -c " expiry " rndc.out.ns4.test$n.2 || true)
[ "$lines" -eq 2 ] || ret=1
# shellcheck disable=SC2016
start=$($PERL -e 'print time()."\n";')
......@@ -2961,7 +2963,7 @@ status=$((status+ret))
echo_i "check that named doesn't loop when all private keys are not available ($n)"
ret=0
lines=$(grep -c "reading private key file expiring.example" ns3/named.run)
lines=$(grep -c "reading private key file expiring.example" ns3/named.run || true)
test "${lines:-1000}" -lt 15 || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
......@@ -2970,11 +2972,11 @@ status=$((status+ret))
echo_i "check against against missing nearest provable proof ($n)"
dig_with_opts +norec b.c.d.optout-tld. \
@10.53.0.6 ds > dig.out.ds.ns6.test$n || ret=1
nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n)
nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n || true)
[ "$nsec3" -eq 2 ] || ret=1
dig_with_opts +norec b.c.d.optout-tld. \
@10.53.0.6 A > dig.out.ns6.test$n || ret=1
nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n)
nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n || true)
[ "$nsec3" -eq 1 ] || ret=1
dig_with_opts optout-tld. \
@10.53.0.4 SOA > dig.out.soa.ns4.test$n || ret=1
......@@ -3041,7 +3043,7 @@ test "$cnt" -gt 120 && break
sleep 1
done
test "$keys" -gt 2 || ret=1
sigs=$(grep -c RRSIG dig.out.ns3.test$n)
sigs=$(grep -c RRSIG dig.out.ns3.test$n || true)
n=$((n+1))
test "$sigs" -eq 2 || ret=1
if test "$ret" -ne 0 ; then echo_i "failed"; fi
......@@ -3161,10 +3163,10 @@ do
alg=$((alg+1))
continue;;
1|5|7|8|10) # RSA algorithms
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err)
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
;;
*)
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err)
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
esac
if grep "unsupported algorithm" keygen.err > /dev/null
then
......@@ -3241,7 +3243,7 @@ grep "DNSKEY.257" | sed 's/DNSKEY.257/DNSKEY 258/' |
$DSFROMKEY -C -A -f - -T 1 cds-update.secure |
sed "s/^/update add /"
echo send
) | $NSUPDATE > nsupdate.out.test$n 2>&1
) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
dig_with_opts +noall +answer @10.53.0.2 cds cds-update.secure > dig.out.test$n
lines=$(awk '$4 == "CDS" {print}' dig.out.test$n | wc -l)
......@@ -3401,7 +3403,7 @@ echo send
dig_with_opts +noall +answer @10.53.0.2 dnskey cdnskey-update.secure |
sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 258/p'
echo send
) | $NSUPDATE > nsupdate.out.test$n 2>&1
) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-update.secure > dig.out.test$n
lines=$(awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment