Commit b1c6de54 authored by Mark Andrews's avatar Mark Andrews

3177. [func] 'rndc keydone', remove the indicator record that

                        named has finished signing the zone with the
                        corresponding key.  [RT #26206]
parent 4aa19ee1
3177. [func] 'rndc keydone', remove the indicator record that
named has finished signing the zone with the
corresponding key. [RT #26206]
3176. [doc] Corrected example code and added a README to the
sample external DLZ module in contrib/dlz/example.
[RT #26215]
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.23 2011/09/03 05:51:29 each Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
/*! \file */
......@@ -62,6 +62,7 @@ static dns_rdataclass_t rdclass;
static dns_fixedname_t fixed;
static dns_name_t *name = NULL;
static isc_mem_t *mctx = NULL;
static isc_uint32_t ttl;
static isc_result_t
initname(char *setname) {
......@@ -294,6 +295,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
isc_buffer_usedregion(&nameb, &r);
printf("%.*s ", (int)r.length, r.base);
if (ttl != 0U)
printf("%u ", ttl);
isc_buffer_usedregion(&classb, &r);
printf("%.*s", (int)r.length, r.base);
......@@ -329,6 +333,7 @@ usage(void) {
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n");
fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n");
fprintf(stderr, " -T TTL\n");
fprintf(stderr, " -f file: read keyset from zone file\n");
fprintf(stderr, " -A: when used with -f, "
"include all keys in DS set, not just KSKs\n");
......@@ -368,7 +373,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
"12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
......@@ -408,6 +413,9 @@ main(int argc, char **argv) {
case 's':
usekeyset = ISC_TRUE;
break;
case 'T':
ttl = atol(isc_commandline_argument);
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.16 2011/03/27 06:39:59 marka Exp $ -->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
<refentry id="man.dnssec-dsfromkey">
<refentryinfo>
<date>August 26, 2009</date>
......@@ -52,6 +52,7 @@
<arg><option>-2</option></arg>
<arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg choice="req">keyfile</arg>
</cmdsynopsis>
<cmdsynopsis>
......@@ -64,6 +65,7 @@
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-s</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
<arg><option>-A</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
......@@ -113,6 +115,15 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-T <replaceable class="parameter">TTL</replaceable></term>
<listitem>
<para>
Specifies the TTL of the DS records.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.44 2011/08/02 20:36:11 each Exp $ */
/* $Id: control.c,v 1.45 2011/10/25 01:54:18 marka Exp $ */
/*! \file */
......@@ -205,6 +205,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
result = ns_server_add_zone(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_DELZONE)) {
result = ns_server_del_zone(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_KEYDONE)) {
result = ns_server_keydone(ns_g_server, command);
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.h,v 1.34 2011/08/02 20:36:12 each Exp $ */
/* $Id: control.h,v 1.35 2011/10/25 01:54:19 marka Exp $ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
......@@ -64,6 +64,7 @@
#define NS_COMMAND_ADDZONE "addzone"
#define NS_COMMAND_DELZONE "delzone"
#define NS_COMMAND_SYNC "sync"
#define NS_COMMAND_KEYDONE "keydone"
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.113 2011/08/02 20:36:12 each Exp $ */
/* $Id: server.h,v 1.114 2011/10/25 01:54:19 marka Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
......@@ -342,4 +342,10 @@ ns_server_add_zone(ns_server_t *server, char *args);
isc_result_t
ns_server_del_zone(ns_server_t *server, char *args);
/*%
* Deletes the matching key done private record from the zone.
*/
isc_result_t
ns_server_keydone(ns_server_t *server, char *args);
#endif /* NAMED_SERVER_H */
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.622 2011/10/14 05:38:49 marka Exp $ */
/* $Id: server.c,v 1.623 2011/10/25 01:54:19 marka Exp $ */
/*! \file */
......@@ -5912,7 +5912,7 @@ next_token(char **stringp, const char *delim) {
*/
static isc_result_t
zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
const char **zonename)
const char **zonename, isc_boolean_t skip)
{
char *input, *ptr;
const char *zonetxt;
......@@ -5928,10 +5928,12 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
input = args;
/* Skip the command name. */
ptr = next_token(&input, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (skip) {
/* Skip the command name. */
ptr = next_token(&input, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
}
/* Look for the zone name. */
zonetxt = next_token(&input, " \t");
......@@ -5999,7 +6001,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
dns_zone_t *zone = NULL;
dns_zonetype_t type;
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
......@@ -6023,7 +6025,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zonetype_t type;
const char *msg = NULL;
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
......@@ -6083,7 +6085,7 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone notify queued";
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
......@@ -6108,7 +6110,7 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
......@@ -7216,7 +7218,7 @@ ns_server_rekey(ns_server_t *server, char *args) {
if (strncasecmp(args, NS_COMMAND_SIGN, strlen(NS_COMMAND_SIGN)) == 0)
fullsign = ISC_TRUE;
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
......@@ -7283,7 +7285,7 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
(void) next_token(&args, " \t");
}
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
......@@ -7359,7 +7361,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_boolean_t frozen;
const char *msg = NULL;
result = zone_from_args(server, args, &zone, NULL);
result = zone_from_args(server, args, &zone, NULL, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
......@@ -7687,7 +7689,7 @@ ns_server_del_zone(ns_server_t *server, char *args) {
FILE *ifp = NULL, *ofp = NULL;
/* Parse parameters */
CHECK(zone_from_args(server, args, &zone, &zonename));
CHECK(zone_from_args(server, args, &zone, &zonename, ISC_TRUE));
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL) {
......@@ -7855,3 +7857,47 @@ newzone_cfgctx_destroy(void **cfgp) {
isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg));
*cfgp = NULL;
}
/*
* Act on a "keydone" command from the command channel.
*/
isc_result_t
ns_server_keydone(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
const char *ptr = NULL;
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/*
* Is the rdata sane?
*/
if (strspn(ptr, "0123456789ABCDEFabcdef") != 10U ||
strncmp(ptr, "00", 2) == 0 || strcmp(ptr + 6, "0001") != 0)
return (DNS_R_SYNTAX);
/*
* Find the zone.
*/
result = zone_from_args(server, args, &zone, NULL, ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
return(ISC_R_NOTFOUND);
if (dns_zone_gettype(zone) != dns_zone_master) {
result = DNS_R_NOTMASTER;
goto cleanup;
}
result = dns_zone_keydone(zone, ptr);
cleanup:
dns_zone_detach(&zone);
return (result);
}
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.134 2011/03/21 15:39:05 each Exp $ */
/* $Id: rndc.c,v 1.135 2011/10/25 01:54:19 marka Exp $ */
/*! \file */
......@@ -154,6 +154,9 @@ command is one of the following:\n\
Add zone to given view. Requires new-zone-file option.\n\
delzone [\"file\"] zone [class [view]]\n\
Removes zone from given view. Requires new-zone-file option.\n\
keydone rdata zone [class [view]]\n\
Remove the private record with the corresponding rdata from\n\
the given zone.\n\
\n\
* == not yet implemented\n\
Version: %s\n",
......
......@@ -12,11 +12,15 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.3 2011/10/12 00:10:19 marka Exp $
# $Id: clean.sh,v 1.4 2011/10/25 01:54:19 marka Exp $
rm -f */named.memstats
rm -f */named.run
rm -f */trusted.conf
rm -f ns1/K*
rm -f ns1/dsset-*
rm -f ns1/root.db
rm -f ns1/root.db.signed
rm -f ns2/bits.db
rm -f ns2/bits.db.jnl
rm -f ns3/K*
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2011/08/30 23:46:52 tbox Exp $ */
/* $Id: named.conf,v 1.3 2011/10/25 01:54:20 marka Exp $ */
// NS1
......@@ -39,4 +39,4 @@ zone "." {
file "root.db.signed";
};
// include "trusted.conf";
include "trusted.conf";
; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2000, 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db.in,v 1.2 2011/10/25 01:54:20 marka Exp $
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
bits. NS ns3.bits.
ns3.bits. A 10.53.0.3
bits. NS ns4.bits.
ns4.bits. A 10.53.0.4
noixfr. NS ns3.noixfr.
ns3.noixfr. A 10.53.0.3
#!/bin/sh -e
#
# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2011/10/25 01:54:20 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
RANDFILE=../random.data
zone=.
rm -f K.+*+*.key
rm -f K.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$SIGNER -S -x -T 1200 -o ${zone} root.db
cat ${keyname}.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
cp trusted.conf ../ns6/trusted.conf
......@@ -14,11 +14,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2011/08/30 23:46:52 tbox Exp $ */
/* $Id: named.conf,v 1.3 2011/10/25 01:54:20 marka Exp $ */
// NS2
// NS3
controls { /* empty */ };
include "../../common/rndc.key";
controls { inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; };
options {
query-source address 10.53.0.3;
......
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2011/08/30 23:46:52 tbox Exp $
# $Id: sign.sh,v 1.3 2011/10/25 01:54:20 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -26,9 +26,11 @@ rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=noixfr
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2011/10/25 01:54:21 marka Exp $ */
// NS6
include "../../common/rndc.key";
controls { inet 10.53.0.6 port 9953 allow { any; } keys { rndc_key; }; };
options {
query-source address 10.53.0.6;
notify-source 10.53.0.6;
transfer-source 10.53.0.6;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.6; };
listen-on-v6 { none; };
recursion yes;
notify yes;
notify-delay 0;
};
zone "." {
type hint;
file "../../common/root.hint";
};
include "trusted.conf";
......@@ -12,10 +12,13 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.3 2011/10/12 00:10:19 marka Exp $
# $Id: setup.sh,v 1.4 2011/10/25 01:54:19 marka Exp $
sh clean.sh
cp ns1/root.db.in ns1/root.db
rm -f ns1/root.db.signed
touch ns2/trusted.conf
cp ns2/bits.db.in ns2/bits.db
rm -f ns2/bits.db.jnl
......@@ -39,3 +42,4 @@ cp ns5/named.conf.pre ns5/named.conf
../../../tools/genrandom 400 random.data
(cd ns3; sh -e sign.sh)
(cd ns1; sh -e sign.sh)
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.3 2011/10/12 00:10:19 marka Exp $
# $Id: tests.sh,v 1.4 2011/10/25 01:54:20 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -34,7 +34,7 @@ do
$DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
grep "ANSWER: 3," dig.out.ns3.test$n > /dev/null || ret=1
records=`grep "TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001" dig.out.ns3.test$n | wc -l`
records=`grep 'TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001$' dig.out.ns3.test$n | wc -l`
[ $records = 2 ] || ret=1
if [ $ret = 0 ]; then break; fi
sleep 1
......@@ -42,6 +42,75 @@ done
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking removal of private type record via 'rndc keydone' ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n
records=`sed -n -e 's/.*TYPE65534.*\(05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001\)$/\1/p' dig.out.ns3.test$n`
for record in $records
do
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 keydone "${record}" bits || ret=1
break; # We only want to remove 1 record for now.
done 2>&1 |sed 's/^/I:ns3 /'
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n
grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
sleep 1
done
[ $ans = 0 ] || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking private type was properly signed ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 -p 5300 bits TYPE65534 > dig.out.ns6.test$n
grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1
grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking removal of remaining private type record via 'rndc keydone' ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n
records=`sed -n -e 's/.*TYPE65534.*\(05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001\)$/\1/p' dig.out.ns3.test$n`
for record in $records
do
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 keydone "${record}" bits || ret=1
done 2>&1 |sed 's/^/I:ns3 /'
for i in 1 2 3 4 5 6 7 8 9 10
do
ans=0
$DIG $DIGOPTS @10.53.0.3 -p 5300 bits TYPE65534 > dig.out.ns3.test$n
grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ans=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1
[ $ans = 1 ] || break
sleep 1
done
[ $ans = 0 ] || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
</