Commit b99bfa18 authored by Evan Hunt's avatar Evan Hunt

[master] unify internal and export libraries

3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
parent cc444c73
3550. [func] Unified the internal and export versions of the
BIND libraries, allowing external clients to use
the same libraries as BIND. [RT #33131]
3549. [doc] Documentation for "request-nsid" was missing.
[RT #33153]
......
......@@ -61,8 +61,9 @@ BIND 9.10.0
- New zone file format "map" is an image of a zone database
that can be loaded directly into memory, allowing much faster
zone loading.
- Up to 32 response-policy zones (RPZ) can now be configured.
RPZ performance has been substantially improved.
- Substantial improvement in response-policy zone (RPZ)
performance. Up to 32 response-policy zones can be
configured with minimal performance loss.
- ACLs can now be specified based on geographic location
using the MacMind GeoIP databases.
- New XML schema (version 3) for the statistics channel
......@@ -73,6 +74,9 @@ BIND 9.10.0
browsers.
- The statistics channel can now provide data in JSON
format as well as XML.
- The internal and export versions of the BIND libraries
(libisc, libdns, etc) have been unified so that external
library clients can use the same libraries as BIND itself.
- New 'dnssec-coverage' tool to check DNSSEC key coverage
for a zone and report if a lapse in signing coverage has
been inadvertently scheduled.
......
......@@ -53,7 +53,7 @@ PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p 1234"
JOURNALPRINT=$TOP/bin/tools/named-journalprint
VERIFY=$TOP/bin/dnssec/dnssec-verify
ARPANAME=$TOP/bin/tools/arpaname
SAMPLE=$TOP/lib/export/samples/sample
RESOLVE=$TOP/lib/samples/resolve
# The "stress" test is not run by default since it creates enough
# load on the machine to make it unusable to other users.
......@@ -84,4 +84,4 @@ fi
export NAMED LWRESD DIG NSUPDATE KEYGEN KEYFRLAB SIGNER KEYSIGNER KEYSETTOOL \
PERL SUBDIRS RNDC CHECKZONE PK11GEN PK11LIST PK11DEL TESTSOCK6 \
JOURNALPRINT ARPANAME SAMPLE
JOURNALPRINT ARPANAME RESOLVE
......@@ -31,7 +31,7 @@ rm -f ns2/single-nsec3.db
rm -f ns2/nsec3chain-test.db
rm -f */example.bk
rm -f dig.out.*
rm -f sample.out*
rm -f resolve.out*
rm -f random.data
rm -f ns2/dlv.db
rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
......@@ -68,3 +68,4 @@ rm -f ns6/optout-tld.db
rm -f nosign.before
rm -f signing.out*
rm -f canonical?.*
rm -f ns1/resolve.key
......@@ -77,4 +77,4 @@ cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print "-a $alg -e -k $dn -K $key\n"
' > sample.key
' > resolve.key
......@@ -28,7 +28,7 @@ n=1
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
SAMPLEKEY=`cat ns1/sample.key`
RESKEY=`cat ns1/resolve.key`
# convert private-type records to readable form
showprivate () {
......@@ -134,12 +134,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking postive validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.example > sample.out$n || ret=1
grep "a.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A 3 2 300 .*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
grep "a.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A 3 2 300 .*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -157,12 +157,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.nsec3.example > sample.out$n || ret=1
grep "a.nsec3.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.nsec3.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
grep "a.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -180,12 +180,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.optout.example > sample.out$n || ret=1
grep "a.optout.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.optout.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
grep "a.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -202,12 +202,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.example > sample.out$n || ret=1
grep "a.wild.example..*10.0.0.27" sample.out$n > /dev/null || ret=1
grep "a.wild.example..*RRSIG.A 3 2 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
grep "a.wild.example..*10.0.0.27" resolve.out$n > /dev/null || ret=1
grep "a.wild.example..*RRSIG.A 3 2 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -242,12 +242,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.nsec3.example > sample.out$n || ret=1
grep "a.wild.nsec3.example..*10.0.0.6" sample.out$n > /dev/null || ret=1
grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
grep "a.wild.nsec3.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -266,12 +266,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.optout.example > sample.out$n || ret=1
grep "a.wild.optout.example..*10.0.0.6" sample.out$n > /dev/null || ret=1
grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
grep "a.wild.optout.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -288,11 +288,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -311,11 +311,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -335,11 +335,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -357,11 +357,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -381,11 +381,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -405,11 +405,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -426,11 +426,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.wild.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -446,11 +446,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.wild.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -470,11 +470,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.optout.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -494,11 +494,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.example > sample.out$n || ret=1
grep "a.insecure.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
grep "a.insecure.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -516,11 +516,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.nsec3.example > sample.out$n || ret=1
grep "a.insecure.nsec3.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
grep "a.insecure.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -538,11 +538,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.optout.example > sample.out$n || ret=1
grep "a.insecure.optout.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
grep "a.insecure.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -562,11 +562,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -586,11 +586,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -610,11 +610,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -807,11 +807,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking failed validation using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.bogus.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: no valid RRSIG" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: no valid RRSIG" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......@@ -852,11 +852,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking that validation fails when key record is missing using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.b.keyless.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: broken trust chain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: broken trust chain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
......
......@@ -31,4 +31,4 @@ rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
rm -f ns7/server.db ns7/server.db.jnl
rm -f random.data
rm -f sample.out
rm -f resolve.out
......@@ -30,11 +30,11 @@ grep "status: NXDOMAIN" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking non-cachable NXDOMAIN response handling using dns_client"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 nxdomain.example.net 2> sample.out || ret=1
grep "resolution failed: ncache nxdomain" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nxdomain.example.net 2> resolve.out || ret=1
grep "resolution failed: ncache nxdomain" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -46,11 +46,11 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking non-cachable NODATA response handling using dns_client"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 nodata.example.net 2> sample.out || ret=1
grep "resolution failed: ncache nxrrset" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 nodata.example.net 2> resolve.out || ret=1
grep "resolution failed: ncache nxrrset" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -59,11 +59,11 @@ echo "I:checking handling of bogus referrals"
# If the server has the "INSIST(!external)" bug, this query will kill it.
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking handling of bogus referrals using dns_client"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 www.example.com 2> sample.out || ret=1
grep "resolution failed: failure" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.com 2> resolve.out || ret=1
grep "resolution failed: failure" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -99,11 +99,11 @@ if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking answer IPv4 address filtering using dns_client (accept)"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 www.example.org > sample.out || ret=1
grep "www.example.org..*.192.0.2.1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.example.org > resolve.out || ret=1
grep "www.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -115,11 +115,11 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking answer IPv6 address filtering using dns_client (accept)"
ret=0
${SAMPLE} -p 5300 -t aaaa 10.53.0.1 www.example.org > sample.out || ret=1
grep "www.example.org..*.2001:db8:beef::1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t aaaa -s 10.53.0.1 www.example.org > resolve.out || ret=1
grep "www.example.org..*.2001:db8:beef::1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -138,12 +138,12 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking CNAME target filtering using dns_client (accept)"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 goodcname.example.net > sample.out || ret=1
grep "goodcname.example.net..*.goodcname.example.org." sample.out > /dev/null || ret=1
grep "goodcname.example.org..*.192.0.2.1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 goodcname.example.net > resolve.out || ret=1
grep "goodcname.example.net..*.goodcname.example.org." resolve.out > /dev/null || ret=1
grep "goodcname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -155,12 +155,12 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking CNAME target filtering using dns_client (accept due to subdomain)"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 cname.sub.example.org > sample.out || ret=1
grep "cname.sub.example.org..*.ok.sub.example.org." sample.out > /dev/null || ret=1
grep "ok.sub.example.org..*.192.0.2.1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 cname.sub.example.org > resolve.out || ret=1
grep "cname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
grep "ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -179,12 +179,12 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking DNAME target filtering using dns_client (accept)"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 foo.gooddname.example.net > sample.out || ret=1
grep "foo.gooddname.example.net..*.gooddname.example.org" sample.out > /dev/null || ret=1
grep "foo.gooddname.example.org..*.192.0.2.1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 foo.gooddname.example.net > resolve.out || ret=1
grep "foo.gooddname.example.net..*.gooddname.example.org" resolve.out > /dev/null || ret=1
grep "foo.gooddname.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......@@ -196,12 +196,12 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
echo "I:checking DNAME target filtering using dns_client (accept due to subdomain)"
ret=0
${SAMPLE} -p 5300 -t a 10.53.0.1 www.dname.sub.example.org > sample.out || ret=1
grep "www.dname.sub.example.org..*.ok.sub.example.org." sample.out > /dev/null || ret=1
grep "www.ok.sub.example.org..*.192.0.2.1" sample.out > /dev/null || ret=1
${RESOLVE} -p 5300 -t a -s 10.53.0.1 www.dname.sub.example.org > resolve.out || ret=1
grep "www.dname.sub.example.org..*.ok.sub.example.org." resolve.out > /dev/null || ret=1
grep "www.ok.sub.example.org..*.192.0.2.1" resolve.out > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
fi
......
......@@ -1278,10 +1278,7 @@ LWRES_PLATFORM_NEEDNETINETIN6H
ISC_PLATFORM_NEEDNETINETIN6H
LWRES_PLATFORM_HAVEIPV6
ISC_PLATFORM_HAVEIPV6
export_includedir
export_libdir
BIND9_CO_RULE
LIBEXPORT
LIBTOOL_IN_MAIN
LIBTOOL_ALLOW_UNDEFINED
LIBTOOL_MODE_LINK
......@@ -1474,9 +1471,6 @@ with_purify
with_libtool