From c032c54dda2d75c0ec68017e1331bc9880c03ae1 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 20 Feb 2018 15:43:27 -0800 Subject: [PATCH] parallelize most system tests --- bin/tests/system/Makefile.in | 27 +- bin/tests/system/README | 2 +- bin/tests/system/acl/clean.sh | 3 +- .../acl/ns2/{named1.conf => named1.conf.in} | 13 +- .../acl/ns2/{named2.conf => named2.conf.in} | 13 +- .../acl/ns2/{named3.conf => named3.conf.in} | 13 +- .../acl/ns2/{named4.conf => named4.conf.in} | 13 +- .../acl/ns2/{named5.conf => named5.conf.in} | 13 +- .../acl/ns2/{named6.conf => named6.conf.in} | 13 +- .../acl/ns2/{named7.conf => named7.conf.in} | 13 +- .../acl/ns3/{named.conf => named.conf.in} | 4 +- .../acl/ns4/{named.conf => named.conf.in} | 4 +- bin/tests/system/acl/setup.sh | 5 +- bin/tests/system/acl/tests.sh | 177 ++- bin/tests/system/additional/clean.sh | 2 +- .../ns1/{named1.conf => named1.conf.in} | 6 +- .../ns1/{named2.conf => named2.conf.in} | 6 +- .../ns1/{named3.conf => named3.conf.in} | 4 +- .../ns1/{named4.conf => named4.conf.in} | 4 +- .../ns3/{named.conf => named.conf.in} | 2 +- bin/tests/system/additional/setup.sh | 7 +- bin/tests/system/additional/tests.sh | 171 +-- bin/tests/system/addzone/clean.sh | 2 +- .../addzone/ns1/{named.conf => named.conf.in} | 4 +- .../ns2/{named1.conf => named1.conf.in} | 12 +- .../ns2/{named2.conf => named2.conf.in} | 9 +- .../ns2/{named3.conf => named3.conf.in} | 8 +- .../ns3/{named1.conf => named1.conf.in} | 9 +- .../ns3/{named2.conf => named2.conf.in} | 9 +- bin/tests/system/addzone/setup.sh | 7 +- bin/tests/system/addzone/tests.sh | 410 +++--- bin/tests/system/allow_query/setup.sh | 2 - bin/tests/system/ans.pl | 20 +- bin/tests/system/auth/clean.sh | 1 + .../auth/ns1/{named.conf => named.conf.in} | 4 +- .../auth/ns2/{named.conf => named.conf.in} | 4 +- bin/tests/system/auth/setup.sh | 14 + bin/tests/system/auth/tests.sh | 58 +- bin/tests/system/autosign/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 8 +- .../ns2/{named.conf => named.conf.in} | 8 +- .../ns3/{named.conf => named.conf.in} | 4 +- .../ns4/{named.conf => named.conf.in} | 4 +- .../ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/autosign/setup.sh | 6 + bin/tests/system/autosign/tests.sh | 481 +++--- bin/tests/system/builtin/clean.sh | 1 + .../builtin/ns1/{named.conf => named.conf.in} | 8 +- .../builtin/ns2/{named.conf => named.conf.in} | 8 +- .../builtin/ns3/{named.conf => named.conf.in} | 8 +- bin/tests/system/builtin/setup.sh | 15 + bin/tests/system/builtin/tests.sh | 85 +- bin/tests/system/cacheclean/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 4 +- .../ns2/{named.conf => named.conf.in} | 6 +- bin/tests/system/cacheclean/setup.sh | 14 + bin/tests/system/cacheclean/tests.sh | 78 +- bin/tests/system/case/clean.sh | 1 + .../case/ns1/{named.conf => named.conf.in} | 4 +- .../case/ns2/{named.conf => named.conf.in} | 4 +- bin/tests/system/case/setup.sh | 9 +- bin/tests/system/case/tests.sh | 66 +- bin/tests/system/catz/tests.sh | 2 +- bin/tests/system/cds/tests.sh | 6 +- bin/tests/system/chain/ans3/ans.pl | 5 +- bin/tests/system/chain/ans4/README.anspy | 5 +- bin/tests/system/chain/ans4/ans.py | 19 +- bin/tests/system/chain/clean.sh | 1 + .../chain/ns1/{named.conf => named.conf.in} | 4 +- .../chain/ns2/{named.conf => named.conf.in} | 4 +- .../chain/ns5/{named.conf => named.conf.in} | 4 +- .../chain/ns7/{named.conf => named.conf.in} | 6 +- bin/tests/system/chain/prereq.sh | 10 +- bin/tests/system/chain/setup.sh | 5 + bin/tests/system/chain/tests.sh | 145 +- bin/tests/system/checkconf/tests.sh | 166 +-- bin/tests/system/checkds/tests.sh | 70 +- bin/tests/system/checknames/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 6 +- .../ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/checknames/setup.sh | 10 +- bin/tests/system/checknames/tests.sh | 54 +- bin/tests/system/checkzone/tests.sh | 58 +- bin/tests/system/cleanall.sh | 2 + bin/tests/system/conf.sh.in | 57 +- bin/tests/system/cookie/clean.sh | 1 + .../cookie/ns1/{named.conf => named.conf.in} | 4 +- .../cookie/ns2/{named.conf => named.conf.in} | 4 +- .../cookie/ns3/{named.conf => named.conf.in} | 4 +- .../cookie/ns4/{named.conf => named.conf.in} | 4 +- .../cookie/ns5/{named.conf => named.conf.in} | 4 +- .../cookie/ns6/{named.conf => named.conf.in} | 4 +- bin/tests/system/cookie/setup.sh | 18 + bin/tests/system/cookie/tests.sh | 125 +- bin/tests/system/coverage/prereq.sh | 2 +- bin/tests/system/coverage/tests.sh | 8 +- bin/tests/system/database/clean.sh | 2 - .../ns1/{named.conf1 => named1.conf.in} | 6 +- .../ns1/{named.conf2 => named2.conf.in} | 6 +- bin/tests/system/database/setup.sh | 6 +- bin/tests/system/database/tests.sh | 18 +- bin/tests/system/digdelv/clean.sh | 1 + .../digdelv/ns1/{named.conf => named.conf.in} | 5 +- .../digdelv/ns2/{named.conf => named.conf.in} | 4 +- .../digdelv/ns3/{named.conf => named.conf.in} | 4 +- bin/tests/system/digdelv/setup.sh | 15 + bin/tests/system/digdelv/tests.sh | 306 ++-- bin/tests/system/dlv/clean.sh | 1 + .../dlv/ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlv/ns1/sign.sh | 4 +- .../dlv/ns2/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlv/ns2/sign.sh | 4 +- .../dlv/ns3/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlv/ns3/sign.sh | 36 +- .../dlv/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlv/ns5/named.conf | 58 - bin/tests/system/dlv/ns5/named.conf.in | 27 + .../dlv/ns6/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlv/ns6/sign.sh | 34 +- bin/tests/system/dlv/setup.sh | 7 + bin/tests/system/dlv/tests.sh | 22 +- bin/tests/system/dlz/clean.sh | 3 +- .../dlz/ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/dlz/prereq.sh.in | 7 +- bin/tests/system/dlz/setup.sh | 13 + bin/tests/system/dlz/tests.sh | 26 +- bin/tests/system/dlzexternal/clean.sh | 1 + bin/tests/system/dlzexternal/ns1/.gitignore | 1 + bin/tests/system/dlzexternal/ns1/dlzs.conf.in | 30 + .../system/dlzexternal/ns1/named.conf.in | 31 +- bin/tests/system/dlzexternal/prereq.sh | 2 +- bin/tests/system/dlzexternal/setup.sh | 2 + bin/tests/system/dlzexternal/tests.sh | 79 +- bin/tests/system/dns64/clean.sh | 1 + .../dns64/ns1/{named.conf => named.conf.in} | 6 +- .../dns64/ns2/{named.conf => named.conf.in} | 6 +- bin/tests/system/dns64/setup.sh | 3 + bin/tests/system/dns64/tests.sh | 598 ++++---- bin/tests/system/dnssec/clean.sh | 3 +- bin/tests/system/dnssec/dnssec_update_test.pl | 12 +- .../dnssec/ns1/{named.conf => named.conf.in} | 4 +- .../dnssec/ns2/{named.conf => named.conf.in} | 4 +- .../dnssec/ns3/{named.conf => named.conf.in} | 6 +- .../ns4/{named1.conf => named1.conf.in} | 6 +- .../ns4/{named2.conf => named2.conf.in} | 6 +- .../ns4/{named3.conf => named3.conf.in} | 6 +- .../ns4/{named4.conf => named4.conf.in} | 6 +- .../ns5/{named1.conf => named1.conf.in} | 6 +- .../ns5/{named2.conf => named2.conf.in} | 6 +- .../dnssec/ns6/{named.conf => named.conf.in} | 6 +- .../dnssec/ns7/{named.conf => named.conf.in} | 6 +- bin/tests/system/dnssec/prereq.sh | 2 +- bin/tests/system/dnssec/setup.sh | 26 +- bin/tests/system/dnssec/tests.sh | 1302 +++++++++-------- bin/tests/system/dnstap/clean.sh | 1 + .../dnstap/ns1/{named.conf => named.conf.in} | 6 +- .../dnstap/ns2/{named.conf => named.conf.in} | 13 +- .../dnstap/ns3/{named.conf => named.conf.in} | 6 +- .../dnstap/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/dnstap/setup.sh | 16 + bin/tests/system/dnstap/tests.sh | 309 ++-- bin/tests/system/dnstap/ydump.py | 2 +- bin/tests/system/dscp/clean.sh | 1 + .../dscp/ns1/{named.conf => named.conf.in} | 4 +- .../dscp/ns2/{named.conf => named.conf.in} | 4 +- .../dscp/ns3/{named.conf => named.conf.in} | 4 +- .../dscp/ns4/{named.conf => named.conf.in} | 4 +- .../dscp/ns5/{named.conf => named.conf.in} | 4 +- .../dscp/ns6/{named.conf => named.conf.in} | 4 +- .../dscp/ns7/{named.conf => named.conf.in} | 4 +- bin/tests/system/dscp/setup.sh | 19 + bin/tests/system/dscp/tests.sh | 10 +- bin/tests/system/dsdigest/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 4 +- .../ns2/{named.conf => named.conf.in} | 4 +- .../ns3/{named.conf => named.conf.in} | 4 +- .../ns4/{named.conf => named.conf.in} | 4 +- bin/tests/system/dsdigest/prereq.sh | 2 +- bin/tests/system/dsdigest/setup.sh | 5 + bin/tests/system/dsdigest/tests.sh | 18 +- bin/tests/system/dyndb/clean.sh | 2 + .../dyndb/ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/dyndb/prereq.sh | 2 +- bin/tests/system/dyndb/setup.sh | 13 + bin/tests/system/dyndb/tests.sh | 33 +- bin/tests/system/ednscompliance/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 5 +- bin/tests/system/ednscompliance/setup.sh | 13 + bin/tests/system/ednscompliance/tests.sh | 58 +- .../ns1/{named1.conf => named1.conf.in} | 6 +- .../ns1/{named2.conf => named2.conf.in} | 6 +- bin/tests/system/emptyzones/setup.sh | 6 +- bin/tests/system/emptyzones/tests.sh | 25 +- bin/tests/system/fetchlimit/ans4/ans.pl | 5 +- bin/tests/system/fetchlimit/clean.sh | 4 +- .../ns1/{named.conf => named.conf.in} | 4 +- .../ns2/{named.conf => named.conf.in} | 14 +- .../ns3/{named1.conf => named1.conf.in} | 4 +- .../ns3/{named2.conf => named2.conf.in} | 6 +- .../ns3/{named3.conf => named3.conf.in} | 6 +- bin/tests/system/fetchlimit/setup.sh | 4 +- bin/tests/system/fetchlimit/tests.sh | 71 +- bin/tests/system/filter-aaaa/clean.sh | 12 +- .../ns1/{named1.conf => named1.conf.in} | 8 +- .../ns1/{named2.conf => named2.conf.in} | 8 +- bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +- .../ns2/{named1.conf => named1.conf.in} | 8 +- .../ns2/{named2.conf => named2.conf.in} | 8 +- .../ns3/{named1.conf => named1.conf.in} | 8 +- .../ns3/{named2.conf => named2.conf.in} | 8 +- .../ns4/{named1.conf => named1.conf.in} | 8 +- .../ns4/{named2.conf => named2.conf.in} | 8 +- bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +- bin/tests/system/filter-aaaa/setup.sh | 10 +- bin/tests/system/filter-aaaa/tests.sh | 597 ++++---- bin/tests/system/formerr/clean.sh | 1 + .../formerr/ns1/{named.conf => named.conf.in} | 7 +- bin/tests/system/formerr/setup.sh | 13 + bin/tests/system/formerr/tests.sh | 20 +- bin/tests/system/forward/clean.sh | 3 +- .../forward/ns1/{named.conf => named.conf.in} | 6 +- .../forward/ns2/{named.conf => named.conf.in} | 6 +- .../forward/ns3/{named.conf => named.conf.in} | 7 +- .../forward/ns4/{named.conf => named.conf.in} | 6 +- .../forward/ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/forward/setup.sh | 17 + bin/tests/system/forward/tests.sh | 106 +- .../geoip/ns2/{named1.conf => named1.conf.in} | 6 +- .../ns2/{named10.conf => named10.conf.in} | 6 +- .../ns2/{named11.conf => named11.conf.in} | 6 +- .../ns2/{named12.conf => named12.conf.in} | 6 +- .../ns2/{named13.conf => named13.conf.in} | 6 +- .../ns2/{named14.conf => named14.conf.in} | 6 +- .../ns2/{named15.conf => named15.conf.in} | 6 +- .../geoip/ns2/{named2.conf => named2.conf.in} | 6 +- .../geoip/ns2/{named3.conf => named3.conf.in} | 6 +- .../geoip/ns2/{named4.conf => named4.conf.in} | 6 +- .../geoip/ns2/{named5.conf => named5.conf.in} | 6 +- .../geoip/ns2/{named6.conf => named6.conf.in} | 6 +- .../geoip/ns2/{named7.conf => named7.conf.in} | 6 +- .../geoip/ns2/{named8.conf => named8.conf.in} | 6 +- .../geoip/ns2/{named9.conf => named9.conf.in} | 6 +- bin/tests/system/geoip/prereq.sh | 2 +- bin/tests/system/geoip/setup.sh | 2 +- bin/tests/system/geoip/tests.sh | 221 +-- bin/tests/system/glue/clean.sh | 3 +- .../glue/ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/glue/setup.sh | 6 +- bin/tests/system/glue/tests.sh | 14 +- bin/tests/system/inline/clean.sh | 2 +- .../inline/ns1/{named.conf => named.conf.in} | 4 +- .../inline/ns2/{named.conf => named.conf.in} | 8 +- .../inline/ns3/{named.conf => named.conf.in} | 8 +- .../inline/ns4/{named.conf => named.conf.in} | 8 +- bin/tests/system/inline/ns5/named.conf.post | 8 +- bin/tests/system/inline/ns5/named.conf.pre | 8 +- .../inline/ns6/{named.conf => named.conf.in} | 8 +- .../inline/ns7/{named.conf => named.conf.in} | 6 +- bin/tests/system/inline/setup.sh | 8 +- bin/tests/system/inline/tests.sh | 544 +++---- bin/tests/system/integrity/clean.sh | 3 + .../ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/integrity/setup.sh | 13 + bin/tests/system/integrity/tests.sh | 76 +- bin/tests/system/ixfr/clean.sh | 5 +- .../ixfr/ns3/{named.conf => named.conf.in} | 6 +- .../ixfr/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/ixfr/prereq.sh | 2 +- bin/tests/system/ixfr/setup.sh | 7 +- bin/tests/system/ixfr/tests.sh | 99 +- bin/tests/system/keepalive/clean.sh | 1 + .../ns1/named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 4 +- .../ns3/{named.conf => named.conf.in} | 6 +- bin/tests/system/keepalive/setup.sh | 4 + bin/tests/system/keepalive/tests.sh | 51 +- bin/tests/system/keymgr/prereq.sh | 2 +- bin/tests/system/keymgr/setup.sh | 34 +- bin/tests/system/keymgr/tests.sh | 12 +- bin/tests/system/legacy/clean.sh | 2 +- .../ns1/{named1.conf => named1.conf.in} | 4 +- .../ns1/{named2.conf => named2.conf.in} | 4 +- .../legacy/ns2/{named.conf => named.conf.in} | 4 +- .../legacy/ns3/{named.conf => named.conf.in} | 4 +- .../legacy/ns4/{named.conf => named.conf.in} | 4 +- .../legacy/ns5/{named.conf => named.conf.in} | 4 +- .../legacy/ns6/{named.conf => named.conf.in} | 4 +- bin/tests/system/legacy/ns6/sign.sh | 2 +- .../legacy/ns7/{named.conf => named.conf.in} | 4 +- bin/tests/system/legacy/ns7/sign.sh | 2 +- bin/tests/system/legacy/setup.sh | 13 +- bin/tests/system/legacy/tests.sh | 115 +- bin/tests/system/limits/clean.sh | 3 +- .../limits/ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/limits/setup.sh | 13 + bin/tests/system/limits/tests.sh | 42 +- bin/tests/system/logfileconfig/clean.sh | 4 +- .../system/logfileconfig/ns1/controls.conf.in | 13 + .../system/logfileconfig/ns1/named.dirconf | 14 +- .../system/logfileconfig/ns1/named.iso8601 | 12 +- .../logfileconfig/ns1/named.iso8601-utc | 12 +- .../system/logfileconfig/ns1/named.pipeconf | 14 +- .../system/logfileconfig/ns1/named.plain | 14 +- .../system/logfileconfig/ns1/named.plainconf | 12 +- .../system/logfileconfig/ns1/named.symconf | 14 +- .../system/logfileconfig/ns1/named.tsconf | 12 +- .../system/logfileconfig/ns1/named.unlimited | 12 +- .../system/logfileconfig/ns1/named.versconf | 12 +- .../ns1/{rndc.conf => rndc.conf.in} | 2 +- bin/tests/system/logfileconfig/setup.sh | 4 +- bin/tests/system/logfileconfig/tests.sh | 206 +-- bin/tests/system/masterfile/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 7 +- bin/tests/system/masterfile/setup.sh | 14 + bin/tests/system/masterfile/tests.sh | 36 +- bin/tests/system/masterformat/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 8 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 11 +- bin/tests/system/masterformat/setup.sh | 4 + bin/tests/system/masterformat/tests.sh | 107 +- bin/tests/system/metadata/setup.sh | 2 +- bin/tests/system/metadata/tests.sh | 78 +- bin/tests/system/mkeys/clean.sh | 2 +- .../mkeys/ns1/{named1.conf => named1.conf.in} | 6 +- .../mkeys/ns1/{named2.conf => named2.conf.in} | 7 +- .../mkeys/ns1/{named3.conf => named3.conf.in} | 6 +- .../mkeys/ns2/{named.conf => named.conf.in} | 6 +- .../mkeys/ns3/{named.conf => named.conf.in} | 7 +- .../mkeys/ns4/{named.conf => named.conf.in} | 6 +- .../mkeys/ns5/{named.conf => named.conf.in} | 4 +- bin/tests/system/mkeys/setup.sh | 8 +- bin/tests/system/mkeys/tests.sh | 195 +-- bin/tests/system/names/clean.sh | 1 + .../names/ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/names/setup.sh | 7 +- bin/tests/system/names/tests.sh | 22 +- bin/tests/system/notify/clean.sh | 2 + .../named.conf => notify/ns1/named.conf.in} | 6 +- .../notify/ns2/{named.conf => named.conf.in} | 15 +- .../notify/ns3/{named.conf => named.conf.in} | 8 +- .../notify/ns4/{named.conf => named.conf.in} | 8 +- bin/tests/system/notify/ns4/named.port | 1 - bin/tests/system/notify/ns4/named.port.in | 1 + .../notify/ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/notify/setup.sh | 13 +- bin/tests/system/notify/tests.sh | 100 +- bin/tests/system/nslookup/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/nslookup/setup.sh | 4 + bin/tests/system/nslookup/tests.sh | 44 +- bin/tests/system/nsupdate/ans4/ans.pl | 7 +- bin/tests/system/nsupdate/clean.sh | 2 + .../ns1/{named.conf => named.conf.in} | 10 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 15 +- .../ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/nsupdate/prereq.sh | 2 +- bin/tests/system/nsupdate/setup.sh | 8 + bin/tests/system/nsupdate/tests.sh | 555 +++---- bin/tests/system/nsupdate/update_test.pl | 12 +- .../nsupdate/{verylarge => verylarge.in} | 2 +- bin/tests/system/nzd2nzf/clean.sh | 4 +- .../nzd2nzf/ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/nzd2nzf/prereq.sh | 2 +- bin/tests/system/nzd2nzf/setup.sh | 2 + bin/tests/system/nzd2nzf/tests.sh | 44 +- bin/tests/system/padding/clean.sh | 1 + .../named.conf => padding/ns1/named.conf.in} | 6 +- .../padding/ns2/{named.conf => named.conf.in} | 4 +- .../padding/ns3/{named.conf => named.conf.in} | 6 +- .../padding/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/padding/setup.sh | 5 + bin/tests/system/padding/tests.sh | 77 +- bin/tests/system/pending/clean.sh | 1 + .../pending/ns1/{named.conf => named.conf.in} | 7 +- .../pending/ns2/{named.conf => named.conf.in} | 6 +- .../pending/ns3/{named.conf => named.conf.in} | 6 +- .../pending/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/pending/setup.sh | 5 + bin/tests/system/pending/tests.sh | 76 +- bin/tests/system/pipelined/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 6 +- .../ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/pipelined/pipequeries.c | 42 +- bin/tests/system/pipelined/setup.sh | 5 + bin/tests/system/pipelined/tests.sh | 51 +- bin/tests/system/reclimit/ans2/ans.pl | 5 +- bin/tests/system/reclimit/ans7/ans.pl | 3 +- bin/tests/system/reclimit/clean.sh | 2 +- .../ns1/{named.conf => named.conf.in} | 4 +- .../ns3/{named1.conf => named1.conf.in} | 6 +- .../ns3/{named2.conf => named2.conf.in} | 6 +- .../ns3/{named3.conf => named3.conf.in} | 6 +- .../ns3/{named4.conf => named4.conf.in} | 6 +- bin/tests/system/reclimit/prereq.sh | 6 +- bin/tests/system/reclimit/setup.sh | 4 +- bin/tests/system/reclimit/tests.sh | 82 +- bin/tests/system/redirect/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 4 +- .../ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/redirect/setup.sh | 5 + bin/tests/system/redirect/tests.sh | 219 ++- bin/tests/system/resolver/ans2/ans.pl | 7 +- bin/tests/system/resolver/ans3/ans.pl | 7 +- bin/tests/system/resolver/ans8/ans.pl | 10 +- bin/tests/system/resolver/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 6 +- .../ns4/{named.conf => named.conf.in} | 8 +- .../ns5/{named.conf => named.conf.in} | 6 +- .../ns6/{named.conf => named.conf.in} | 6 +- .../ns7/{named1.conf => named1.conf.in} | 10 +- .../ns7/{named2.conf => named2.conf.in} | 12 +- bin/tests/system/resolver/prereq.sh | 4 +- bin/tests/system/resolver/setup.sh | 8 +- bin/tests/system/resolver/tests.sh | 511 +++---- bin/tests/system/rndc/clean.sh | 4 +- .../rndc/ns2/{named.conf => named.conf.in} | 8 +- .../rndc/ns3/{named.conf => named.conf.in} | 8 +- bin/tests/system/rndc/ns4/named.conf.in | 4 +- .../rndc/ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/rndc/ns6/named.conf.in | 6 +- bin/tests/system/rndc/setup.sh | 21 +- bin/tests/system/rndc/tests.sh | 368 +++-- bin/tests/system/rpz/clean.sh | 3 + .../rpz/{dnsrpzd.conf => dnsrpzd.conf.in} | 36 +- .../rpz/ns1/{named.conf => named.conf.in} | 5 +- .../rpz/ns2/{named.conf => named.conf.in} | 7 +- .../rpz/ns3/{named.conf => named.conf.in} | 6 +- .../rpz/ns4/{named.conf => named.conf.in} | 5 +- .../rpz/ns5/{named.conf => named.conf.in} | 5 +- .../rpz/ns6/{named.conf => named.conf.in} | 6 +- .../rpz/ns7/{named.conf => named.conf.in} | 6 +- bin/tests/system/rpz/setup.sh | 10 + bin/tests/system/rpz/test1 | 2 +- bin/tests/system/rpz/test2 | 2 +- bin/tests/system/rpz/test3 | 2 +- bin/tests/system/rpz/test4 | 2 +- bin/tests/system/rpz/test4a | 2 +- bin/tests/system/rpz/test5 | 2 +- bin/tests/system/rpz/test6 | 2 +- bin/tests/system/rpz/tests.sh | 137 +- .../rpzrecurse/ans5/{ans.pl.in => ans.pl} | 5 +- bin/tests/system/rpzrecurse/clean.sh | 2 - bin/tests/system/rpzrecurse/setup.sh | 2 - bin/tests/system/rrchecker/tests.sh | 32 +- bin/tests/system/rrl/clean.sh | 3 +- .../rrl/ns1/{named.conf => named.conf.in} | 5 +- .../rrl/ns2/{named.conf => named.conf.in} | 7 +- .../rrl/ns3/{named.conf => named.conf.in} | 5 +- .../rrl/ns4/{named.conf => named.conf.in} | 7 +- bin/tests/system/rrl/setup.sh | 8 +- bin/tests/system/rrl/tests.sh | 60 +- bin/tests/system/rrsetorder/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 7 +- .../ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/rrsetorder/setup.sh | 16 + bin/tests/system/rrsetorder/tests.sh | 137 +- bin/tests/system/rsabigexponent/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 6 +- bin/tests/system/rsabigexponent/prereq.sh | 4 +- bin/tests/system/rsabigexponent/setup.sh | 4 + bin/tests/system/rsabigexponent/tests.sh | 22 +- bin/tests/system/run.sh | 1 - bin/tests/system/runtime/clean.sh | 2 +- .../{named-alt1.conf => named-alt1.conf.in} | 4 +- .../{named-alt2.conf => named-alt2.conf.in} | 4 +- .../{named-alt3.conf => named-alt3.conf.in} | 4 +- .../{named-alt4.conf => named-alt4.conf.in} | 2 +- .../{named-alt5.conf => named-alt5.conf.in} | 2 +- .../{named-alt6.conf => named-alt6.conf.in} | 2 +- .../ns2/{named1.conf => named1.conf.in} | 7 +- bin/tests/system/runtime/setup.sh | 6 +- bin/tests/system/runtime/tests.sh | 52 +- .../serve-stale/ans2/{ans.pl.in => ans.pl} | 5 +- bin/tests/system/serve-stale/clean.sh | 2 +- bin/tests/system/serve-stale/setup.sh | 1 - bin/tests/system/sfcache/clean.sh | 1 + .../sfcache/ns1/{named.conf => named.conf.in} | 4 +- .../sfcache/ns2/{named.conf => named.conf.in} | 6 +- .../sfcache/ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/sfcache/setup.sh | 4 + bin/tests/system/sfcache/tests.sh | 41 +- bin/tests/system/smartsign/tests.sh | 144 +- bin/tests/system/sortlist/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/sortlist/setup.sh | 13 + bin/tests/system/sortlist/tests.sh | 25 +- bin/tests/system/spf/clean.sh | 1 + .../spf/ns1/{named.conf => named.conf.in} | 4 +- bin/tests/system/spf/setup.sh | 13 + bin/tests/system/spf/tests.sh | 6 +- bin/tests/system/staticstub/clean.sh | 4 +- .../ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/staticstub/ns2/named.conf.in | 25 +- bin/tests/system/staticstub/ns3/named.conf.in | 20 +- bin/tests/system/staticstub/ns4/named.conf | 57 - bin/tests/system/staticstub/ns4/named.conf.in | 39 + bin/tests/system/staticstub/setup.sh | 11 +- bin/tests/system/staticstub/tests.sh | 134 +- bin/tests/system/statistics/ans4/ans.pl | 7 +- bin/tests/system/statistics/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 18 +- .../ns3/{named.conf => named.conf.in} | 12 +- bin/tests/system/statistics/prereq.sh | 4 +- bin/tests/system/statistics/setup.sh | 15 + bin/tests/system/statistics/tests.sh | 74 +- bin/tests/system/statschannel/clean.sh | 1 + .../ns2/{named.conf => named.conf.in} | 15 +- bin/tests/system/statschannel/prereq.sh | 2 +- bin/tests/system/statschannel/setup.sh | 14 + bin/tests/system/statschannel/tests.sh | 71 +- bin/tests/system/stub/clean.sh | 3 +- .../stub/ns1/{named.conf => named.conf.in} | 4 +- .../stub/ns2/{named.conf => named.conf.in} | 4 +- .../stub/ns3/{named.conf => named.conf.in} | 4 +- bin/tests/system/stub/setup.sh | 16 + bin/tests/system/stub/tests.sh | 36 +- bin/tests/system/synthfromdnssec/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 4 +- .../ns2/{named.conf => named.conf.in} | 4 +- .../ns3/{named.conf => named.conf.in} | 4 +- .../ns4/{named.conf => named.conf.in} | 4 +- .../ns5/{named.conf => named.conf.in} | 4 +- bin/tests/system/synthfromdnssec/setup.sh | 6 + bin/tests/system/synthfromdnssec/tests.sh | 50 +- bin/tests/system/tcp/clean.sh | 1 + .../tcp/ns1/{named.conf => named.conf.in} | 6 +- .../tcp/ns2/{named.conf => named.conf.in} | 14 +- .../tcp/ns3/{named.conf => named.conf.in} | 6 +- .../tcp/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/tcp/setup.sh | 17 + bin/tests/system/tcp/tests.sh | 19 +- bin/tests/system/tools/tests.sh | 34 +- bin/tests/system/tsig/clean.sh | 1 + .../tsig/ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/tsig/setup.sh | 4 +- bin/tests/system/tsig/tests.sh | 159 +- bin/tests/system/tsiggss/authsock.pl | 2 - bin/tests/system/tsiggss/clean.sh | 1 + .../tsiggss/ns1/{named.conf => named.conf.in} | 8 +- bin/tests/system/tsiggss/prereq.sh | 2 +- bin/tests/system/tsiggss/setup.sh | 4 +- bin/tests/system/tsiggss/tests.sh | 6 +- bin/tests/system/unknown/clean.sh | 3 +- .../unknown/ns1/{named.conf => named.conf.in} | 6 +- .../unknown/ns2/{named.conf => named.conf.in} | 6 +- .../unknown/ns3/{named.conf => named.conf.in} | 6 +- bin/tests/system/unknown/setup.sh | 4 + bin/tests/system/unknown/tests.sh | 90 +- bin/tests/system/upforwd/ans4/ans.pl | 11 +- bin/tests/system/upforwd/clean.sh | 3 +- .../upforwd/ns1/{named.conf => named.conf.in} | 6 +- .../upforwd/ns2/{named.conf => named.conf.in} | 6 +- .../upforwd/ns3/{named.conf => named.conf.in} | 6 +- bin/tests/system/upforwd/prereq.sh | 2 +- bin/tests/system/upforwd/setup.sh | 9 +- bin/tests/system/upforwd/tests.sh | 137 +- bin/tests/system/verify/tests.sh | 14 +- bin/tests/system/verify/zones/genzones.sh | 4 +- bin/tests/system/views/clean.sh | 7 +- .../named.conf => views/ns1/named.conf.in} | 6 +- .../views/ns2/{named1.conf => named1.conf.in} | 16 +- .../views/ns2/{named2.conf => named2.conf.in} | 15 +- .../views/ns3/{named1.conf => named1.conf.in} | 8 +- .../views/ns3/{named2.conf => named2.conf.in} | 10 +- .../views/ns5/{named.conf => named.conf.in} | 8 +- bin/tests/system/views/setup.sh | 17 +- bin/tests/system/views/tests.sh | 111 +- bin/tests/system/wildcard/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- bin/tests/system/wildcard/ns1/sign.sh | 14 +- .../ns2/{named.conf => named.conf.in} | 6 +- .../ns3/{named.conf => named.conf.in} | 6 +- .../ns4/{named.conf => named.conf.in} | 6 +- .../ns5/{named.conf => named.conf.in} | 6 +- bin/tests/system/wildcard/setup.sh | 8 + bin/tests/system/wildcard/tests.sh | 62 +- bin/tests/system/xfer/clean.sh | 7 +- .../xfer/ns1/{named.conf => named.conf.in} | 6 +- .../xfer/ns2/{named.conf => named.conf.in} | 15 +- .../xfer/ns3/{named.conf => named.conf.in} | 8 +- bin/tests/system/xfer/ns4/named.conf.base | 6 +- .../xfer/ns6/{named.conf => named.conf.in} | 6 +- .../xfer/ns7/{named.conf => named.conf.in} | 6 +- .../xfer/ns8/{named.conf => named.conf.in} | 4 +- bin/tests/system/xfer/prereq.sh | 4 +- bin/tests/system/xfer/setup.sh | 10 +- bin/tests/system/xfer/tests.sh | 208 ++- bin/tests/system/xferquota/clean.sh | 3 +- .../ns1/{named.conf => named.conf.in} | 8 +- .../ns2/{named.conf => named.conf.in} | 6 +- bin/tests/system/xferquota/setup.sh | 10 +- bin/tests/system/xferquota/tests.sh | 28 +- bin/tests/system/zero/ans5/ans.pl | 5 +- bin/tests/system/zero/clean.sh | 1 + .../zero/ns1/{named.conf => named.conf.in} | 7 +- .../zero/ns2/{named.conf => named.conf.in} | 6 +- .../zero/ns3/{named.conf => named.conf.in} | 7 +- .../zero/ns4/{named.conf => named.conf.in} | 6 +- bin/tests/system/zero/setup.sh | 7 + bin/tests/system/zero/tests.sh | 60 +- bin/tests/system/zonechecks/clean.sh | 1 + .../ns1/{named.conf => named.conf.in} | 6 +- .../ns2/{named.conf => named.conf.in} | 9 +- bin/tests/system/zonechecks/setup.sh | 3 + bin/tests/system/zonechecks/tests.sh | 105 +- configure | 4 +- configure.in | 2 +- 621 files changed, 7691 insertions(+), 7743 deletions(-) rename bin/tests/system/acl/ns2/{named1.conf => named1.conf.in} (84%) rename bin/tests/system/acl/ns2/{named2.conf => named2.conf.in} (86%) rename bin/tests/system/acl/ns2/{named3.conf => named3.conf.in} (86%) rename bin/tests/system/acl/ns2/{named4.conf => named4.conf.in} (86%) rename bin/tests/system/acl/ns2/{named5.conf => named5.conf.in} (84%) rename bin/tests/system/acl/ns2/{named6.conf => named6.conf.in} (82%) rename bin/tests/system/acl/ns2/{named7.conf => named7.conf.in} (84%) rename bin/tests/system/acl/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/acl/ns4/{named.conf => named.conf.in} (88%) rename bin/tests/system/additional/ns1/{named1.conf => named1.conf.in} (86%) rename bin/tests/system/additional/ns1/{named2.conf => named2.conf.in} (86%) rename bin/tests/system/additional/ns1/{named3.conf => named3.conf.in} (91%) rename bin/tests/system/additional/ns1/{named4.conf => named4.conf.in} (91%) rename bin/tests/system/additional/ns3/{named.conf => named.conf.in} (97%) rename bin/tests/system/addzone/ns1/{named.conf => named.conf.in} (89%) rename bin/tests/system/addzone/ns2/{named1.conf => named1.conf.in} (81%) rename bin/tests/system/addzone/ns2/{named2.conf => named2.conf.in} (89%) rename bin/tests/system/addzone/ns2/{named3.conf => named3.conf.in} (90%) rename bin/tests/system/addzone/ns3/{named1.conf => named1.conf.in} (79%) rename bin/tests/system/addzone/ns3/{named2.conf => named2.conf.in} (76%) rename bin/tests/system/auth/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/auth/ns2/{named.conf => named.conf.in} (94%) create mode 100644 bin/tests/system/auth/setup.sh rename bin/tests/system/autosign/ns1/{named.conf => named.conf.in} (83%) rename bin/tests/system/autosign/ns2/{named.conf => named.conf.in} (91%) rename bin/tests/system/autosign/ns3/{named.conf => named.conf.in} (98%) rename bin/tests/system/autosign/ns4/{named.conf => named.conf.in} (94%) rename bin/tests/system/autosign/ns5/{named.conf => named.conf.in} (86%) rename bin/tests/system/builtin/ns1/{named.conf => named.conf.in} (78%) rename bin/tests/system/builtin/ns2/{named.conf => named.conf.in} (78%) rename bin/tests/system/builtin/ns3/{named.conf => named.conf.in} (81%) create mode 100644 bin/tests/system/builtin/setup.sh rename bin/tests/system/cacheclean/ns1/{named.conf => named.conf.in} (95%) rename bin/tests/system/cacheclean/ns2/{named.conf => named.conf.in} (89%) create mode 100644 bin/tests/system/cacheclean/setup.sh rename bin/tests/system/case/ns1/{named.conf => named.conf.in} (95%) rename bin/tests/system/case/ns2/{named.conf => named.conf.in} (95%) rename bin/tests/system/chain/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/chain/ns2/{named.conf => named.conf.in} (97%) rename bin/tests/system/chain/ns5/{named.conf => named.conf.in} (94%) rename bin/tests/system/chain/ns7/{named.conf => named.conf.in} (86%) rename bin/tests/system/checknames/ns1/{named.conf => named.conf.in} (92%) rename bin/tests/system/checknames/ns2/{named.conf => named.conf.in} (85%) rename bin/tests/system/checknames/ns3/{named.conf => named.conf.in} (85%) rename bin/tests/system/checknames/ns4/{named.conf => named.conf.in} (87%) rename bin/tests/system/cookie/ns1/{named.conf => named.conf.in} (92%) rename bin/tests/system/cookie/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/cookie/ns3/{named.conf => named.conf.in} (92%) rename bin/tests/system/cookie/ns4/{named.conf => named.conf.in} (89%) rename bin/tests/system/cookie/ns5/{named.conf => named.conf.in} (90%) rename bin/tests/system/cookie/ns6/{named.conf => named.conf.in} (89%) create mode 100644 bin/tests/system/cookie/setup.sh rename bin/tests/system/database/ns1/{named.conf1 => named1.conf.in} (84%) rename bin/tests/system/database/ns1/{named.conf2 => named2.conf.in} (84%) rename bin/tests/system/digdelv/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/digdelv/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/digdelv/ns3/{named.conf => named.conf.in} (93%) create mode 100644 bin/tests/system/digdelv/setup.sh rename bin/tests/system/dlv/ns1/{named.conf => named.conf.in} (86%) rename bin/tests/system/dlv/ns2/{named.conf => named.conf.in} (86%) rename bin/tests/system/dlv/ns3/{named.conf => named.conf.in} (94%) rename bin/tests/system/dlv/ns4/{named.conf => named.conf.in} (86%) delete mode 100644 bin/tests/system/dlv/ns5/named.conf create mode 100644 bin/tests/system/dlv/ns5/named.conf.in rename bin/tests/system/dlv/ns6/{named.conf => named.conf.in} (94%) rename bin/tests/system/dlz/ns1/{named.conf => named.conf.in} (84%) create mode 100644 bin/tests/system/dlz/setup.sh create mode 100644 bin/tests/system/dlzexternal/ns1/dlzs.conf.in rename bin/tests/system/dns64/ns1/{named.conf => named.conf.in} (90%) rename bin/tests/system/dns64/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/dnssec/ns1/{named.conf => named.conf.in} (94%) rename bin/tests/system/dnssec/ns2/{named.conf => named.conf.in} (98%) rename bin/tests/system/dnssec/ns3/{named.conf => named.conf.in} (98%) rename bin/tests/system/dnssec/ns4/{named1.conf => named1.conf.in} (92%) rename bin/tests/system/dnssec/ns4/{named2.conf => named2.conf.in} (88%) rename bin/tests/system/dnssec/ns4/{named3.conf => named3.conf.in} (88%) rename bin/tests/system/dnssec/ns4/{named4.conf => named4.conf.in} (92%) rename bin/tests/system/dnssec/ns5/{named1.conf => named1.conf.in} (87%) rename bin/tests/system/dnssec/ns5/{named2.conf => named2.conf.in} (89%) rename bin/tests/system/dnssec/ns6/{named.conf => named.conf.in} (88%) rename bin/tests/system/dnssec/ns7/{named.conf => named.conf.in} (93%) rename bin/tests/system/dnstap/ns1/{named.conf => named.conf.in} (89%) rename bin/tests/system/dnstap/ns2/{named.conf => named.conf.in} (83%) rename bin/tests/system/dnstap/ns3/{named.conf => named.conf.in} (89%) rename bin/tests/system/dnstap/ns4/{named.conf => named.conf.in} (89%) create mode 100644 bin/tests/system/dnstap/setup.sh rename bin/tests/system/dscp/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/dscp/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/dscp/ns3/{named.conf => named.conf.in} (93%) rename bin/tests/system/dscp/ns4/{named.conf => named.conf.in} (93%) rename bin/tests/system/dscp/ns5/{named.conf => named.conf.in} (94%) rename bin/tests/system/dscp/ns6/{named.conf => named.conf.in} (93%) rename bin/tests/system/dscp/ns7/{named.conf => named.conf.in} (95%) create mode 100644 bin/tests/system/dscp/setup.sh rename bin/tests/system/dsdigest/ns1/{named.conf => named.conf.in} (96%) rename bin/tests/system/dsdigest/ns2/{named.conf => named.conf.in} (96%) rename bin/tests/system/dsdigest/ns3/{named.conf => named.conf.in} (96%) rename bin/tests/system/dsdigest/ns4/{named.conf => named.conf.in} (96%) rename bin/tests/system/dyndb/ns1/{named.conf => named.conf.in} (90%) create mode 100644 bin/tests/system/dyndb/setup.sh rename bin/tests/system/ednscompliance/ns1/{named.conf => named.conf.in} (92%) create mode 100644 bin/tests/system/ednscompliance/setup.sh rename bin/tests/system/emptyzones/ns1/{named1.conf => named1.conf.in} (87%) rename bin/tests/system/emptyzones/ns1/{named2.conf => named2.conf.in} (87%) rename bin/tests/system/fetchlimit/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/fetchlimit/ns2/{named.conf => named.conf.in} (77%) rename bin/tests/system/fetchlimit/ns3/{named1.conf => named1.conf.in} (89%) rename bin/tests/system/fetchlimit/ns3/{named2.conf => named2.conf.in} (86%) rename bin/tests/system/fetchlimit/ns3/{named3.conf => named3.conf.in} (86%) rename bin/tests/system/filter-aaaa/ns1/{named1.conf => named1.conf.in} (83%) rename bin/tests/system/filter-aaaa/ns1/{named2.conf => named2.conf.in} (83%) rename bin/tests/system/filter-aaaa/ns2/{named1.conf => named1.conf.in} (81%) rename bin/tests/system/filter-aaaa/ns2/{named2.conf => named2.conf.in} (81%) rename bin/tests/system/filter-aaaa/ns3/{named1.conf => named1.conf.in} (81%) rename bin/tests/system/filter-aaaa/ns3/{named2.conf => named2.conf.in} (81%) rename bin/tests/system/filter-aaaa/ns4/{named1.conf => named1.conf.in} (83%) rename bin/tests/system/filter-aaaa/ns4/{named2.conf => named2.conf.in} (83%) rename bin/tests/system/formerr/ns1/{named.conf => named.conf.in} (83%) create mode 100644 bin/tests/system/formerr/setup.sh rename bin/tests/system/forward/ns1/{named.conf => named.conf.in} (90%) rename bin/tests/system/forward/ns2/{named.conf => named.conf.in} (90%) rename bin/tests/system/forward/ns3/{named.conf => named.conf.in} (88%) rename bin/tests/system/forward/ns4/{named.conf => named.conf.in} (90%) rename bin/tests/system/forward/ns5/{named.conf => named.conf.in} (84%) create mode 100644 bin/tests/system/forward/setup.sh rename bin/tests/system/geoip/ns2/{named1.conf => named1.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named10.conf => named10.conf.in} (93%) rename bin/tests/system/geoip/ns2/{named11.conf => named11.conf.in} (93%) rename bin/tests/system/geoip/ns2/{named12.conf => named12.conf.in} (92%) rename bin/tests/system/geoip/ns2/{named13.conf => named13.conf.in} (86%) rename bin/tests/system/geoip/ns2/{named14.conf => named14.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named15.conf => named15.conf.in} (88%) rename bin/tests/system/geoip/ns2/{named2.conf => named2.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named3.conf => named3.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named4.conf => named4.conf.in} (93%) rename bin/tests/system/geoip/ns2/{named5.conf => named5.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named6.conf => named6.conf.in} (93%) rename bin/tests/system/geoip/ns2/{named7.conf => named7.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named8.conf => named8.conf.in} (94%) rename bin/tests/system/geoip/ns2/{named9.conf => named9.conf.in} (94%) rename bin/tests/system/glue/ns1/{named.conf => named.conf.in} (88%) rename bin/tests/system/inline/ns1/{named.conf => named.conf.in} (89%) rename bin/tests/system/inline/ns2/{named.conf => named.conf.in} (88%) rename bin/tests/system/inline/ns3/{named.conf => named.conf.in} (93%) rename bin/tests/system/inline/ns4/{named.conf => named.conf.in} (84%) rename bin/tests/system/inline/ns6/{named.conf => named.conf.in} (81%) rename bin/tests/system/inline/ns7/{named.conf => named.conf.in} (93%) rename bin/tests/system/integrity/ns1/{named.conf => named.conf.in} (96%) create mode 100644 bin/tests/system/integrity/setup.sh rename bin/tests/system/ixfr/ns3/{named.conf => named.conf.in} (86%) rename bin/tests/system/ixfr/ns4/{named.conf => named.conf.in} (86%) rename bin/tests/system/{padding/ns1/named.conf => keepalive/ns1/named.conf.in} (85%) rename bin/tests/system/keepalive/ns2/{named.conf => named.conf.in} (89%) rename bin/tests/system/keepalive/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/legacy/ns1/{named1.conf => named1.conf.in} (93%) rename bin/tests/system/legacy/ns1/{named2.conf => named2.conf.in} (93%) rename bin/tests/system/legacy/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/legacy/ns3/{named.conf => named.conf.in} (93%) rename bin/tests/system/legacy/ns4/{named.conf => named.conf.in} (93%) rename bin/tests/system/legacy/ns5/{named.conf => named.conf.in} (93%) rename bin/tests/system/legacy/ns6/{named.conf => named.conf.in} (93%) rename bin/tests/system/legacy/ns7/{named.conf => named.conf.in} (93%) rename bin/tests/system/limits/ns1/{named.conf => named.conf.in} (94%) create mode 100644 bin/tests/system/limits/setup.sh create mode 100644 bin/tests/system/logfileconfig/ns1/controls.conf.in rename bin/tests/system/logfileconfig/ns1/{rndc.conf => rndc.conf.in} (90%) rename bin/tests/system/masterfile/ns1/{named.conf => named.conf.in} (86%) rename bin/tests/system/masterfile/ns2/{named.conf => named.conf.in} (87%) create mode 100644 bin/tests/system/masterfile/setup.sh rename bin/tests/system/masterformat/ns1/{named.conf => named.conf.in} (90%) rename bin/tests/system/masterformat/ns2/{named.conf => named.conf.in} (93%) rename bin/tests/system/masterformat/ns3/{named.conf => named.conf.in} (77%) rename bin/tests/system/mkeys/ns1/{named1.conf => named1.conf.in} (88%) rename bin/tests/system/mkeys/ns1/{named2.conf => named2.conf.in} (87%) rename bin/tests/system/mkeys/ns1/{named3.conf => named3.conf.in} (86%) rename bin/tests/system/mkeys/ns2/{named.conf => named.conf.in} (87%) rename bin/tests/system/mkeys/ns3/{named.conf => named.conf.in} (90%) rename bin/tests/system/mkeys/ns4/{named.conf => named.conf.in} (88%) rename bin/tests/system/mkeys/ns5/{named.conf => named.conf.in} (89%) rename bin/tests/system/names/ns1/{named.conf => named.conf.in} (95%) rename bin/tests/system/{views/ns1/named.conf => notify/ns1/named.conf.in} (84%) rename bin/tests/system/notify/ns2/{named.conf => named.conf.in} (91%) rename bin/tests/system/notify/ns3/{named.conf => named.conf.in} (86%) rename bin/tests/system/notify/ns4/{named.conf => named.conf.in} (81%) delete mode 100644 bin/tests/system/notify/ns4/named.port create mode 100644 bin/tests/system/notify/ns4/named.port.in rename bin/tests/system/notify/ns5/{named.conf => named.conf.in} (92%) rename bin/tests/system/nslookup/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/nsupdate/ns1/{named.conf => named.conf.in} (94%) rename bin/tests/system/nsupdate/ns2/{named.conf => named.conf.in} (92%) rename bin/tests/system/nsupdate/ns3/{named.conf => named.conf.in} (86%) rename bin/tests/system/nsupdate/ns5/{named.conf => named.conf.in} (87%) rename bin/tests/system/nsupdate/{verylarge => verylarge.in} (99%) rename bin/tests/system/nzd2nzf/ns1/{named.conf => named.conf.in} (85%) rename bin/tests/system/{keepalive/ns1/named.conf => padding/ns1/named.conf.in} (85%) rename bin/tests/system/padding/ns2/{named.conf => named.conf.in} (90%) rename bin/tests/system/padding/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/padding/ns4/{named.conf => named.conf.in} (87%) rename bin/tests/system/pending/ns1/{named.conf => named.conf.in} (84%) rename bin/tests/system/pending/ns2/{named.conf => named.conf.in} (89%) rename bin/tests/system/pending/ns3/{named.conf => named.conf.in} (88%) rename bin/tests/system/pending/ns4/{named.conf => named.conf.in} (84%) rename bin/tests/system/pipelined/ns1/{named.conf => named.conf.in} (85%) rename bin/tests/system/pipelined/ns2/{named.conf => named.conf.in} (87%) rename bin/tests/system/pipelined/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/pipelined/ns4/{named.conf => named.conf.in} (87%) rename bin/tests/system/reclimit/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/reclimit/ns3/{named1.conf => named1.conf.in} (86%) rename bin/tests/system/reclimit/ns3/{named2.conf => named2.conf.in} (86%) rename bin/tests/system/reclimit/ns3/{named3.conf => named3.conf.in} (87%) rename bin/tests/system/reclimit/ns3/{named4.conf => named4.conf.in} (87%) rename bin/tests/system/redirect/ns1/{named.conf => named.conf.in} (90%) rename bin/tests/system/redirect/ns2/{named.conf => named.conf.in} (87%) rename bin/tests/system/redirect/ns3/{named.conf => named.conf.in} (95%) rename bin/tests/system/redirect/ns4/{named.conf => named.conf.in} (86%) rename bin/tests/system/resolver/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/resolver/ns4/{named.conf => named.conf.in} (85%) rename bin/tests/system/resolver/ns5/{named.conf => named.conf.in} (89%) rename bin/tests/system/resolver/ns6/{named.conf => named.conf.in} (92%) rename bin/tests/system/resolver/ns7/{named1.conf => named1.conf.in} (85%) rename bin/tests/system/resolver/ns7/{named2.conf => named2.conf.in} (80%) rename bin/tests/system/rndc/ns2/{named.conf => named.conf.in} (84%) rename bin/tests/system/rndc/ns3/{named.conf => named.conf.in} (81%) rename bin/tests/system/rndc/ns5/{named.conf => named.conf.in} (82%) rename bin/tests/system/rpz/{dnsrpzd.conf => dnsrpzd.conf.in} (56%) rename bin/tests/system/rpz/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/rpz/ns2/{named.conf => named.conf.in} (92%) rename bin/tests/system/rpz/ns3/{named.conf => named.conf.in} (95%) rename bin/tests/system/rpz/ns4/{named.conf => named.conf.in} (95%) rename bin/tests/system/rpz/ns5/{named.conf => named.conf.in} (96%) rename bin/tests/system/rpz/ns6/{named.conf => named.conf.in} (88%) rename bin/tests/system/rpz/ns7/{named.conf => named.conf.in} (88%) rename bin/tests/system/rpzrecurse/ans5/{ans.pl.in => ans.pl} (92%) rename bin/tests/system/rrl/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/rrl/ns2/{named.conf => named.conf.in} (92%) rename bin/tests/system/rrl/ns3/{named.conf => named.conf.in} (96%) rename bin/tests/system/rrl/ns4/{named.conf => named.conf.in} (92%) rename bin/tests/system/rrsetorder/ns1/{named.conf => named.conf.in} (88%) rename bin/tests/system/rrsetorder/ns2/{named.conf => named.conf.in} (88%) rename bin/tests/system/rrsetorder/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/rrsetorder/ns4/{named.conf => named.conf.in} (86%) create mode 100644 bin/tests/system/rrsetorder/setup.sh rename bin/tests/system/rsabigexponent/ns1/{named.conf => named.conf.in} (92%) rename bin/tests/system/rsabigexponent/ns2/{named.conf => named.conf.in} (92%) rename bin/tests/system/rsabigexponent/ns3/{named.conf => named.conf.in} (92%) rename bin/tests/system/runtime/ns2/{named-alt1.conf => named-alt1.conf.in} (92%) rename bin/tests/system/runtime/ns2/{named-alt2.conf => named-alt2.conf.in} (92%) rename bin/tests/system/runtime/ns2/{named-alt3.conf => named-alt3.conf.in} (93%) rename bin/tests/system/runtime/ns2/{named-alt4.conf => named-alt4.conf.in} (96%) rename bin/tests/system/runtime/ns2/{named-alt5.conf => named-alt5.conf.in} (96%) rename bin/tests/system/runtime/ns2/{named-alt6.conf => named-alt6.conf.in} (96%) rename bin/tests/system/runtime/ns2/{named1.conf => named1.conf.in} (85%) rename bin/tests/system/serve-stale/ans2/{ans.pl.in => ans.pl} (97%) rename bin/tests/system/sfcache/ns1/{named.conf => named.conf.in} (94%) rename bin/tests/system/sfcache/ns2/{named.conf => named.conf.in} (88%) rename bin/tests/system/sfcache/ns5/{named.conf => named.conf.in} (87%) rename bin/tests/system/sortlist/ns1/{named.conf => named.conf.in} (90%) create mode 100644 bin/tests/system/sortlist/setup.sh rename bin/tests/system/spf/ns1/{named.conf => named.conf.in} (94%) create mode 100644 bin/tests/system/spf/setup.sh rename bin/tests/system/staticstub/ns1/{named.conf => named.conf.in} (82%) delete mode 100644 bin/tests/system/staticstub/ns4/named.conf create mode 100644 bin/tests/system/staticstub/ns4/named.conf.in rename bin/tests/system/statistics/ns1/{named.conf => named.conf.in} (89%) rename bin/tests/system/statistics/ns2/{named.conf => named.conf.in} (75%) rename bin/tests/system/statistics/ns3/{named.conf => named.conf.in} (82%) create mode 100644 bin/tests/system/statistics/setup.sh rename bin/tests/system/statschannel/ns2/{named.conf => named.conf.in} (73%) create mode 100644 bin/tests/system/statschannel/setup.sh rename bin/tests/system/stub/ns1/{named.conf => named.conf.in} (93%) rename bin/tests/system/stub/ns2/{named.conf => named.conf.in} (94%) rename bin/tests/system/stub/ns3/{named.conf => named.conf.in} (94%) create mode 100644 bin/tests/system/stub/setup.sh rename bin/tests/system/synthfromdnssec/ns1/{named.conf => named.conf.in} (94%) rename bin/tests/system/synthfromdnssec/ns2/{named.conf => named.conf.in} (94%) rename bin/tests/system/synthfromdnssec/ns3/{named.conf => named.conf.in} (94%) rename bin/tests/system/synthfromdnssec/ns4/{named.conf => named.conf.in} (94%) rename bin/tests/system/synthfromdnssec/ns5/{named.conf => named.conf.in} (94%) rename bin/tests/system/tcp/ns1/{named.conf => named.conf.in} (86%) rename bin/tests/system/tcp/ns2/{named.conf => named.conf.in} (80%) rename bin/tests/system/tcp/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/tcp/ns4/{named.conf => named.conf.in} (87%) create mode 100644 bin/tests/system/tcp/setup.sh rename bin/tests/system/tsig/ns1/{named.conf => named.conf.in} (94%) rename bin/tests/system/tsiggss/ns1/{named.conf => named.conf.in} (87%) rename bin/tests/system/unknown/ns1/{named.conf => named.conf.in} (91%) rename bin/tests/system/unknown/ns2/{named.conf => named.conf.in} (85%) rename bin/tests/system/unknown/ns3/{named.conf => named.conf.in} (86%) rename bin/tests/system/upforwd/ns1/{named.conf => named.conf.in} (89%) rename bin/tests/system/upforwd/ns2/{named.conf => named.conf.in} (87%) rename bin/tests/system/upforwd/ns3/{named.conf => named.conf.in} (89%) rename bin/tests/system/{notify/ns1/named.conf => views/ns1/named.conf.in} (84%) rename bin/tests/system/views/ns2/{named1.conf => named1.conf.in} (79%) rename bin/tests/system/views/ns2/{named2.conf => named2.conf.in} (90%) rename bin/tests/system/views/ns3/{named1.conf => named1.conf.in} (83%) rename bin/tests/system/views/ns3/{named2.conf => named2.conf.in} (81%) rename bin/tests/system/views/ns5/{named.conf => named.conf.in} (81%) rename bin/tests/system/wildcard/ns1/{named.conf => named.conf.in} (90%) rename bin/tests/system/wildcard/ns2/{named.conf => named.conf.in} (83%) rename bin/tests/system/wildcard/ns3/{named.conf => named.conf.in} (84%) rename bin/tests/system/wildcard/ns4/{named.conf => named.conf.in} (85%) rename bin/tests/system/wildcard/ns5/{named.conf => named.conf.in} (85%) rename bin/tests/system/xfer/ns1/{named.conf => named.conf.in} (86%) rename bin/tests/system/xfer/ns2/{named.conf => named.conf.in} (86%) rename bin/tests/system/xfer/ns3/{named.conf => named.conf.in} (87%) rename bin/tests/system/xfer/ns6/{named.conf => named.conf.in} (89%) rename bin/tests/system/xfer/ns7/{named.conf => named.conf.in} (86%) rename bin/tests/system/xfer/ns8/{named.conf => named.conf.in} (89%) rename bin/tests/system/xferquota/ns1/{named.conf => named.conf.in} (81%) rename bin/tests/system/xferquota/ns2/{named.conf => named.conf.in} (87%) rename bin/tests/system/zero/ns1/{named.conf => named.conf.in} (83%) rename bin/tests/system/zero/ns2/{named.conf => named.conf.in} (85%) rename bin/tests/system/zero/ns3/{named.conf => named.conf.in} (83%) rename bin/tests/system/zero/ns4/{named.conf => named.conf.in} (85%) rename bin/tests/system/zonechecks/ns1/{named.conf => named.conf.in} (91%) rename bin/tests/system/zonechecks/ns2/{named.conf => named.conf.in} (81%) diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index 2ab0d3c586..ed3b31f146 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -46,7 +46,26 @@ feature-test@EXEEXT@: feature-test.@O@ # Define the tests that can be run in parallel. This should be identical to # the definition of PARALLELDIRS in conf.sh. -PARALLEL = allow_query catz rpzrecurse serve-stale +PARALLEL = acl additional addzone allow_query auth autosign \ + builtin cacheclean case catz cds chain \ + checkconf checknames checkzone \ + @CHECKDS@ @COVERAGE@ @KEYMGR@ \ + cookie database digdelv dlv dlz dlzexternal \ + dns64 dnssec @DNSTAP@ dscp dsdigest dyndb \ + ednscompliance emptyzones \ + fetchlimit filter-aaaa formerr forward \ + geoip glue inline integrity ixfr keepalive \ + legacy limits logfileconfig \ + masterfile masterformat metadata mkeys \ + names notify nslookup nsupdate nzd2nzf \ + padding pending pipelined \ + reclimit redirect resolver rndc rpz rpzrecurse \ + rrchecker rrl rrsetorder rsabigexponent runtime \ + serve-stale sfcache smartsign sortlist \ + spf staticstub statistics statschannel stub synthfromdnssec \ + tcp tools tsig tsiggss \ + unknown upforwd verify views wildcard \ + xfer xferquota zero zonechecks # Produce intermediate makefile that assigns unique port numbers to each # parallel test. The start port number of 5,000 is arbitrary - it must just @@ -56,11 +75,13 @@ PARALLEL = allow_query catz rpzrecurse serve-stale # underscores in target names and requires explicit differentiation # between a target name and a directory name (.PHONY is not supported). +.PHONY: parallel.mk + parallel.mk: - @PARALLEL_SANITIZED=`echo $(PARALLEL) | sed "s|\([^ ][^ ]*\)|test-\1|g;" | tr _ -` ; \ + PARALLEL_SANITIZED=`echo $(PARALLEL) | sed "s|\([^ ][^ ]*\)|test-\1|g;" | tr _ -` ; \ echo ".PHONY: $$PARALLEL_SANITIZED" > $@ ; \ echo "" >> $@ ; \ - echo "check: $$PARALLEL_SANITIZED" >> $@ ; \ + echo "test check: $$PARALLEL_SANITIZED" >> $@ ; \ port=$${STARTPORT:-5000} ; \ for directory in $(PARALLEL) ; do \ echo "" >> $@ ; \ diff --git a/bin/tests/system/README b/bin/tests/system/README index 4e59cf5aa5..29ad047ea8 100644 --- a/bin/tests/system/README +++ b/bin/tests/system/README @@ -334,7 +334,7 @@ are: PORT Number to be used for the query port. CONTROLPORT Number to be used as the RNDC control port. - EXTRAPORT1 - EXTRAPORT8 Eight port numbers that can be use as needed. + EXTRAPORT1 - EXTRAPORT8 Eight port numbers that can be used as needed. Two other environment variables are defined: diff --git a/bin/tests/system/acl/clean.sh b/bin/tests/system/acl/clean.sh index 508b807061..6164174ea8 100644 --- a/bin/tests/system/acl/clean.sh +++ b/bin/tests/system/acl/clean.sh @@ -11,7 +11,8 @@ # rm -f dig.out.* -rm -f ns2/example.db ns2/tsigzone.db ns2/example.db.jnl ns2/named.conf +rm -f ns2/example.db ns2/tsigzone.db ns2/example.db.jnl +rm -f */named.conf rm -f */named.memstats rm -f */named.run rm -f ns*/named.lock diff --git a/bin/tests/system/acl/ns2/named1.conf b/bin/tests/system/acl/ns2/named1.conf.in similarity index 84% rename from bin/tests/system/acl/ns2/named1.conf rename to bin/tests/system/acl/ns2/named1.conf.in index 9c28c996b9..dd67c39714 100644 --- a/bin/tests/system/acl/ns2/named1.conf +++ b/bin/tests/system/acl/ns2/named1.conf.in @@ -6,15 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; -controls { /* empty */ }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -24,8 +29,6 @@ options { check-integrity no; }; -include "../../common/controls.conf"; - key one { algorithm hmac-md5; secret "1234abcd8765"; diff --git a/bin/tests/system/acl/ns2/named2.conf b/bin/tests/system/acl/ns2/named2.conf.in similarity index 86% rename from bin/tests/system/acl/ns2/named2.conf rename to bin/tests/system/acl/ns2/named2.conf.in index 842f16c845..982b056a61 100644 --- a/bin/tests/system/acl/ns2/named2.conf +++ b/bin/tests/system/acl/ns2/named2.conf.in @@ -6,15 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named2.conf,v 1.3 2008/01/21 20:38:54 each Exp $ */ +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; -controls { /* empty */ }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -24,8 +29,6 @@ options { check-integrity no; }; -include "../../common/controls.conf"; - key one { algorithm hmac-md5; secret "1234abcd8765"; diff --git a/bin/tests/system/acl/ns2/named3.conf b/bin/tests/system/acl/ns2/named3.conf.in similarity index 86% rename from bin/tests/system/acl/ns2/named3.conf rename to bin/tests/system/acl/ns2/named3.conf.in index 3504687232..4eb8516491 100644 --- a/bin/tests/system/acl/ns2/named3.conf +++ b/bin/tests/system/acl/ns2/named3.conf.in @@ -6,15 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named3.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; -controls { /* empty */ }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -24,8 +29,6 @@ options { check-integrity no; }; -include "../../common/controls.conf"; - key one { algorithm hmac-md5; secret "1234abcd8765"; diff --git a/bin/tests/system/acl/ns2/named4.conf b/bin/tests/system/acl/ns2/named4.conf.in similarity index 86% rename from bin/tests/system/acl/ns2/named4.conf rename to bin/tests/system/acl/ns2/named4.conf.in index d16d9ebef9..a7f20de6f9 100644 --- a/bin/tests/system/acl/ns2/named4.conf +++ b/bin/tests/system/acl/ns2/named4.conf.in @@ -6,15 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named4.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; -controls { /* empty */ }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -24,8 +29,6 @@ options { check-integrity no; }; -include "../../common/controls.conf"; - key one { algorithm hmac-md5; secret "1234abcd8765"; diff --git a/bin/tests/system/acl/ns2/named5.conf b/bin/tests/system/acl/ns2/named5.conf.in similarity index 84% rename from bin/tests/system/acl/ns2/named5.conf rename to bin/tests/system/acl/ns2/named5.conf.in index 828ceb7b44..b8e82505f2 100644 --- a/bin/tests/system/acl/ns2/named5.conf +++ b/bin/tests/system/acl/ns2/named5.conf.in @@ -6,15 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.2 2008/01/10 01:10:01 marka Exp $ */ +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; -controls { /* empty */ }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -25,8 +30,6 @@ options { allow-query-on { 10.53.0.2; }; }; -include "../../common/controls.conf"; - key one { algorithm hmac-md5; secret "1234abcd8765"; diff --git a/bin/tests/system/acl/ns2/named6.conf b/bin/tests/system/acl/ns2/named6.conf.in similarity index 82% rename from bin/tests/system/acl/ns2/named6.conf rename to bin/tests/system/acl/ns2/named6.conf.in index c2ac78b62d..f78b4be7ee 100644 --- a/bin/tests/system/acl/ns2/named6.conf +++ b/bin/tests/system/acl/ns2/named6.conf.in @@ -6,13 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -23,8 +30,6 @@ options { allow-query-on { 10.53.0.2; }; }; -include "../../common/controls.conf"; - zone "." { type hint; file "../../common/root.hint"; diff --git a/bin/tests/system/acl/ns2/named7.conf b/bin/tests/system/acl/ns2/named7.conf.in similarity index 84% rename from bin/tests/system/acl/ns2/named7.conf rename to bin/tests/system/acl/ns2/named7.conf.in index eb58d4c925..5f6e1276ad 100644 --- a/bin/tests/system/acl/ns2/named7.conf +++ b/bin/tests/system/acl/ns2/named7.conf.in @@ -6,13 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -23,8 +30,6 @@ options { allow-query-on { 10.53.0.2; }; }; -include "../../common/controls.conf"; - view one { match-clients { ecs 192.0.2/24; }; diff --git a/bin/tests/system/acl/ns3/named.conf b/bin/tests/system/acl/ns3/named.conf.in similarity index 87% rename from bin/tests/system/acl/ns3/named.conf rename to bin/tests/system/acl/ns3/named.conf.in index a1531386ec..8260f3c5fe 100644 --- a/bin/tests/system/acl/ns3/named.conf +++ b/bin/tests/system/acl/ns3/named.conf.in @@ -10,7 +10,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -21,7 +21,7 @@ options { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; key rndc_key { diff --git a/bin/tests/system/acl/ns4/named.conf b/bin/tests/system/acl/ns4/named.conf.in similarity index 88% rename from bin/tests/system/acl/ns4/named.conf rename to bin/tests/system/acl/ns4/named.conf.in index 9bc07ab06b..2453701570 100644 --- a/bin/tests/system/acl/ns4/named.conf +++ b/bin/tests/system/acl/ns4/named.conf.in @@ -10,7 +10,7 @@ options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -21,7 +21,7 @@ options { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; key rndc_key { diff --git a/bin/tests/system/acl/setup.sh b/bin/tests/system/acl/setup.sh index 13a0996875..4bb9a1f385 100644 --- a/bin/tests/system/acl/setup.sh +++ b/bin/tests/system/acl/setup.sh @@ -9,6 +9,9 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +$SHELL clean.sh $SHELL ../genzone.sh 2 3 >ns2/example.db $SHELL ../genzone.sh 2 3 >ns2/tsigzone.db -cp -f ns2/named1.conf ns2/named.conf +copy_setports ns2/named1.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh index 18ee1ebe84..0954fdd55e 100644 --- a/bin/tests/system/acl/tests.sh +++ b/bin/tests/system/acl/tests.sh @@ -6,231 +6,228 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" +DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" status=0 t=0 -echo "I:testing basic ACL processing" +echo_i "testing basic ACL processing" # key "one" should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other key should be fine t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } -cp -f ns2/named2.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +copy_setports ns2/named2.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 # prefix 10/8 should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other address should work, as long as it sends key "one" t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } -echo "I:testing nested ACL processing" +echo_i "testing nested ACL processing" # all combinations of 10.53.0.{1|2} with key {one|two}, should succeed -cp -f ns2/named3.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +copy_setports ns2/named3.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # but only one or the other should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; } # and other values? right out t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two -cp -f ns2/named4.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +copy_setports ns2/named4.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } -echo "I:testing allow-query-on ACL processing" -cp -f ns2/named5.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "testing allow-query-on ACL processing" +copy_setports ns2/named5.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 t=`expr $t + 1` -$DIG +tcp soa example. \ - @10.53.0.2 -b 10.53.0.3 -p 5300 > dig.out.${t} -grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } +$DIG -p ${PORT} +tcp soa example. \ + @10.53.0.2 -b 10.53.0.3 > dig.out.${t} +grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } -echo "I:testing EDNS client-subnet ACL processing" -cp -f ns2/named6.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "testing EDNS client-subnet ACL processing" +copy_setports ns2/named6.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 +subnet="10.53.0/24" axfr -p 5300 > dig.out.${t} -grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } + @10.53.0.2 -b 10.53.0.2 +subnet="10.53.0/24" axfr > dig.out.${t} +grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } -echo "I:testing EDNS client-subnet response scope" -cp -f ns2/named7.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "testing EDNS client-subnet response scope" +copy_setports ns2/named7.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 5 t=`expr $t + 1` -$DIG example. soa @10.53.0.2 +subnet="10.53.0.1/32" -p 5300 > dig.out.${t} -grep "CLIENT-SUBNET.*10.53.0.1/32/0" dig.out.${t} > /dev/null || { echo "I:test $t failed" ; status=1; } +$DIG -p ${PORT} example. soa @10.53.0.2 +subnet="10.53.0.1/32" > dig.out.${t} +grep "CLIENT-SUBNET.*10.53.0.1/32/0" dig.out.${t} > /dev/null || { echo_i "test $t failed" ; status=1; } t=`expr $t + 1` -$DIG example. soa @10.53.0.2 +subnet="192.0.2.128/32" -p 5300 > dig.out.${t} -grep "CLIENT-SUBNET.*192.0.2.128/32/24" dig.out.${t} > /dev/null || { echo "I:test $t failed" ; status=1; } +$DIG -p ${PORT} example. soa @10.53.0.2 +subnet="192.0.2.128/32" > dig.out.${t} +grep "CLIENT-SUBNET.*192.0.2.128/32/24" dig.out.${t} > /dev/null || { echo_i "test $t failed" ; status=1; } # AXFR tests against ns3 -echo "I:testing allow-transfer ACLs against ns3 (no existing zones)" - -echo "I:calling addzone example.com on ns3" -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone 'example.com {type master; file "example.db"; }; ' +echo_i "testing allow-transfer ACLs against ns3 (no existing zones)" +echo_i "calling addzone example.com on ns3" +$RNDCCMD 10.53.0.3 addzone 'example.com {type master; file "example.db"; }; ' sleep 1 t=`expr $t + 1` ret=0 -echo "I:checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" -$DIG @10.53.0.3 -p 5300 example.com axfr > dig.out.${t} 2>&1 +echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" +$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:calling rndc reconfig" -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig +echo_i "calling rndc reconfig" +$RNDCCMD 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i sleep 1 t=`expr $t + 1` ret=0 -echo "I:re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" -$DIG @10.53.0.3 -p 5300 example.com axfr > dig.out.${t} 2>&1 +echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" +$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` # AXFR tests against ns4 -echo "I:testing allow-transfer ACLs against ns4 (1 pre-existing zone)" - -echo "I:calling addzone example.com on ns4" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 addzone 'example.com {type master; file "example.db"; }; ' +echo_i "testing allow-transfer ACLs against ns4 (1 pre-existing zone)" +echo_i "calling addzone example.com on ns4" +$RNDCCMD 10.53.0.4 addzone 'example.com {type master; file "example.db"; }; ' sleep 1 t=`expr $t + 1` ret=0 -echo "I:checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" -$DIG @10.53.0.4 -p 5300 example.com axfr > dig.out.${t} 2>&1 +echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" +$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:calling rndc reconfig" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig +echo_i "calling rndc reconfig" +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i sleep 1 t=`expr $t + 1` ret=0 -echo "I:re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" -$DIG @10.53.0.4 -p 5300 example.com axfr > dig.out.${t} 2>&1 +echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" +$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/additional/clean.sh b/bin/tests/system/additional/clean.sh index 235b730608..1d08ac14fe 100644 --- a/bin/tests/system/additional/clean.sh +++ b/bin/tests/system/additional/clean.sh @@ -12,6 +12,6 @@ rm -f dig.out.* rm -f */named.memstats -rm -f ns1/named.conf +rm -f */named.conf rm -f */named.run rm -f ns*/named.lock diff --git a/bin/tests/system/additional/ns1/named1.conf b/bin/tests/system/additional/ns1/named1.conf.in similarity index 86% rename from bin/tests/system/additional/ns1/named1.conf rename to bin/tests/system/additional/ns1/named1.conf.in index e1fcc5760f..6ee1f63609 100644 --- a/bin/tests/system/additional/ns1/named1.conf +++ b/bin/tests/system/additional/ns1/named1.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.5 2007/06/19 23:47:06 tbox Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; recursion no; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -24,7 +22,7 @@ options { include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "rt.example" { diff --git a/bin/tests/system/additional/ns1/named2.conf b/bin/tests/system/additional/ns1/named2.conf.in similarity index 86% rename from bin/tests/system/additional/ns1/named2.conf rename to bin/tests/system/additional/ns1/named2.conf.in index c9e84d417a..64377702ea 100644 --- a/bin/tests/system/additional/ns1/named2.conf +++ b/bin/tests/system/additional/ns1/named2.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.5 2007/06/19 23:47:06 tbox Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; recursion no; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -24,7 +22,7 @@ options { include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "rt.example" { diff --git a/bin/tests/system/additional/ns1/named3.conf b/bin/tests/system/additional/ns1/named3.conf.in similarity index 91% rename from bin/tests/system/additional/ns1/named3.conf rename to bin/tests/system/additional/ns1/named3.conf.in index 2fd39b8809..c6142ef993 100644 --- a/bin/tests/system/additional/ns1/named3.conf +++ b/bin/tests/system/additional/ns1/named3.conf.in @@ -11,7 +11,7 @@ options { notify-source 10.53.0.1; transfer-source 10.53.0.1; recursion no; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -23,7 +23,7 @@ options { include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "rt.example" { diff --git a/bin/tests/system/additional/ns1/named4.conf b/bin/tests/system/additional/ns1/named4.conf.in similarity index 91% rename from bin/tests/system/additional/ns1/named4.conf rename to bin/tests/system/additional/ns1/named4.conf.in index 3cad480694..115447c652 100644 --- a/bin/tests/system/additional/ns1/named4.conf +++ b/bin/tests/system/additional/ns1/named4.conf.in @@ -11,7 +11,7 @@ options { notify-source 10.53.0.1; transfer-source 10.53.0.1; recursion no; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -22,7 +22,7 @@ options { include "../../common/rndc.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "mx.example" { diff --git a/bin/tests/system/additional/ns3/named.conf b/bin/tests/system/additional/ns3/named.conf.in similarity index 97% rename from bin/tests/system/additional/ns3/named.conf rename to bin/tests/system/additional/ns3/named.conf.in index d367b48412..1019865853 100644 --- a/bin/tests/system/additional/ns3/named.conf +++ b/bin/tests/system/additional/ns3/named.conf.in @@ -12,7 +12,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/additional/setup.sh b/bin/tests/system/additional/setup.sh index e81257571c..5de1d35bfd 100644 --- a/bin/tests/system/additional/setup.sh +++ b/bin/tests/system/additional/setup.sh @@ -6,4 +6,9 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -cp -f ns1/named1.conf ns1/named.conf +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named1.conf.in ns1/named.conf +copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/additional/tests.sh b/bin/tests/system/additional/tests.sh index ecae72a2f8..20a7688cd9 100644 --- a/bin/tests/system/additional/tests.sh +++ b/bin/tests/system/additional/tests.sh @@ -6,51 +6,52 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.7 2011/11/06 23:46:40 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + status=0 n=0 dotests() { n=`expr $n + 1` - echo "I:test with RT, single zone (+rec) ($n)" + echo_i "test with RT, single zone (+rec) ($n)" ret=0 - $DIG +rec -t RT rt.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with RT, two zones (+rec) ($n)" + echo_i "test with RT, two zones (+rec) ($n)" ret=0 - $DIG +rec -t RT rt.rt2.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NAPTR, single zone (+rec) ($n)" + echo_i "test with NAPTR, single zone (+rec) ($n)" ret=0 - $DIG +rec -t NAPTR nap.naptr.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NAPTR, two zones (+rec) ($n)" + echo_i "test with NAPTR, two zones (+rec) ($n)" ret=0 - $DIG +rec -t NAPTR nap.hang3b.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with LP (+rec) ($n)" + echo_i "test with LP (+rec) ($n)" ret=0 - $DIG +rec -t LP nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 case $minimal in no) grep -w "NS" dig.out.$n > /dev/null || ret=1 @@ -74,13 +75,13 @@ dotests() { ;; esac if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NID (+rec) ($n)" + echo_i "test with NID (+rec) ($n)" ret=0 - $DIG +rec -t NID ns1.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 if [ $minimal = no ] ; then # change && to || when we support NID additional processing grep -w "L64" dig.out.$n > /dev/null && ret=1 @@ -90,13 +91,13 @@ dotests() { grep -w "L32" dig.out.$n > /dev/null && ret=1 fi if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NID + LP (+rec) ($n)" + echo_i "test with NID + LP (+rec) ($n)" ret=0 - $DIG +rec -t NID nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 if [ $minimal = no ] ; then # change && to || when we support NID additional processing grep -w "LP" dig.out.$n > /dev/null && ret=1 @@ -108,45 +109,45 @@ dotests() { grep -w "L32" dig.out.$n > /dev/null && ret=1 fi if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with RT, single zone (+norec) ($n)" + echo_i "test with RT, single zone (+norec) ($n)" ret=0 - $DIG +norec -t RT rt.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with RT, two zones (+norec) ($n)" + echo_i "test with RT, two zones (+norec) ($n)" ret=0 - $DIG +norec -t RT rt.rt2.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NAPTR, single zone (+norec) ($n)" + echo_i "test with NAPTR, single zone (+norec) ($n)" ret=0 - $DIG +norec -t NAPTR nap.naptr.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NAPTR, two zones (+norec) ($n)" + echo_i "test with NAPTR, two zones (+norec) ($n)" ret=0 - $DIG +norec -t NAPTR nap.hang3b.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with LP (+norec) ($n)" + echo_i "test with LP (+norec) ($n)" ret=0 - $DIG +norec -t LP nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 case $minimal in no) grep -w "NS" dig.out.$n > /dev/null || ret=1 @@ -170,13 +171,13 @@ dotests() { ;; esac if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NID (+norec) ($n)" + echo_i "test with NID (+norec) ($n)" ret=0 - $DIG +norec -t NID ns1.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 if [ $minimal = no ] ; then # change && to || when we support NID additional processing grep -w "L64" dig.out.$n > /dev/null && ret=1 @@ -186,13 +187,13 @@ dotests() { grep -w "L32" dig.out.$n > /dev/null && ret=1 fi if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` - echo "I:test with NID + LP (+norec) ($n)" + echo_i "test with NID + LP (+norec) ($n)" ret=0 - $DIG +norec -t NID nid2.nid.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 + $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 if [ $minimal = no ] ; then # change && to || when we support NID additional processing grep -w "LP" dig.out.$n > /dev/null && ret=1 @@ -204,123 +205,123 @@ dotests() { grep -w "L32" dig.out.$n > /dev/null && ret=1 fi if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi } -echo "I:testing with 'minimal-responses yes;'" +echo_i "testing with 'minimal-responses yes;'" minimal=yes dotests -echo "I:reconfiguring server: minimal-responses no" -cp ns1/named2.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' +echo_i "reconfiguring server: minimal-responses no" +copy_setports ns1/named2.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reconfig 2>&1 | sed 's/^/ns1 /' | cat_i sleep 2 -echo "I:testing with 'minimal-responses no;'" +echo_i "testing with 'minimal-responses no;'" minimal=no dotests n=`expr $n + 1` -echo "I:testing with 'minimal-any no;' ($n)" +echo_i "testing with 'minimal-any no;' ($n)" ret=0 -$DIG -t ANY www.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1 grep "ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 2" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi -echo "I:reconfiguring server: minimal-any yes" -cp ns1/named3.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' +echo_i "reconfiguring server: minimal-any yes" +copy_setports ns1/named3.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reconfig 2>&1 | sed 's/^/ns1 /' | cat_i sleep 2 n=`expr $n + 1` -echo "I:testing with 'minimal-any yes;' over UDP ($n)" +echo_i "testing with 'minimal-any yes;' over UDP ($n)" ret=0 -$DIG -t ANY +notcp www.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` -echo "I:testing with 'minimal-any yes;' over TCP ($n)" +echo_i "testing with 'minimal-any yes;' over TCP ($n)" ret=0 -$DIG -t ANY +tcp www.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY +tcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` -echo "I:testing with 'minimal-any yes;' over UDP ($n)" +echo_i "testing with 'minimal-any yes;' over UDP ($n)" ret=0 -$DIG -t ANY +notcp www.rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi -echo "I:testing with 'minimal-responses no-auth;'" +echo_i "testing with 'minimal-responses no-auth;'" minimal=no-auth dotests -echo "I:reconfiguring server: minimal-responses no-auth-recursive" -cp ns1/named4.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' +echo_i "reconfiguring server: minimal-responses no-auth-recursive" +copy_setports ns1/named4.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reconfig 2>&1 | sed 's/^/ns1 /' | cat_i sleep 2 -echo "I:testing with 'minimal-responses no-auth-recursive;'" +echo_i "testing with 'minimal-responses no-auth-recursive;'" minimal=no-auth-recursive dotests n=`expr $n + 1` -echo "I:testing returning TLSA records with MX query ($n)" +echo_i "testing returning TLSA records with MX query ($n)" ret=0 -$DIG -t mx mx.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1 grep "mx\.example\..*MX.0 mail\.mx\.example" dig.out.$n > /dev/null || ret=1 grep "mail\.mx\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1 grep "_25\._tcp\.mail\.mx\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` -echo "I:testing returning TLSA records with SRV query ($n)" +echo_i "testing returning TLSA records with SRV query ($n)" ret=0 -$DIG -t srv _xmpp-client._tcp.srv.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1 grep "_xmpp-client\._tcp\.srv\.example\..*SRV.1 0 5222 server\.srv\.example" dig.out.$n > /dev/null || ret=1 grep "server\.srv\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1 grep "_5222\._tcp\.server\.srv\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi -echo "I:reconfiguring server: minimal-responses no" -cp ns1/named2.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' +echo_i "reconfiguring server: minimal-responses no" +copy_setports ns1/named2.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reconfig 2>&1 | sed 's/^/ns1 /' | cat_i sleep 2 n=`expr $n + 1` -echo "I:testing NS handling in ANY responses (authoritative) ($n)" +echo_i "testing NS handling in ANY responses (authoritative) ($n)" ret=0 -$DIG -t ANY rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1 grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1 grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi n=`expr $n + 1` -echo "I:testing NS handling in ANY responses (recursive) ($n)" +echo_i "testing NS handling in ANY responses (recursive) ($n)" ret=0 -$DIG -t ANY rt.example @10.53.0.3 -p 5300 > dig.out.$n || ret=1 +$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1 grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1 grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then - echo "I: failed"; status=1 + echo_i " failed"; status=1 fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/addzone/clean.sh b/bin/tests/system/addzone/clean.sh index 074da01769..f3b4d31373 100644 --- a/bin/tests/system/addzone/clean.sh +++ b/bin/tests/system/addzone/clean.sh @@ -10,7 +10,7 @@ rm -f dig.out.* rm -f rndc.out* rm -f showzone.out* rm -f zonestatus.out* -rm -f ns2/named.conf +rm -f */named.conf rm -f */named.memstats rm -f ns1/*.nzf ns1/*.nzf~ rm -f ns1/*.nzd ns1/*.nzd-lock diff --git a/bin/tests/system/addzone/ns1/named.conf b/bin/tests/system/addzone/ns1/named.conf.in similarity index 89% rename from bin/tests/system/addzone/ns1/named.conf rename to bin/tests/system/addzone/ns1/named.conf.in index 04aeafcd98..e30fbcbb67 100644 --- a/bin/tests/system/addzone/ns1/named.conf +++ b/bin/tests/system/addzone/ns1/named.conf.in @@ -12,11 +12,11 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/addzone/ns2/named1.conf b/bin/tests/system/addzone/ns2/named1.conf.in similarity index 81% rename from bin/tests/system/addzone/ns2/named1.conf rename to bin/tests/system/addzone/ns2/named1.conf.in index 5bf42acb53..6e969dd714 100644 --- a/bin/tests/system/addzone/ns2/named1.conf +++ b/bin/tests/system/addzone/ns2/named1.conf.in @@ -6,12 +6,8 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.2 2010/08/11 18:14:19 each Exp $ */ - -controls { /* empty */ }; - options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -20,7 +16,11 @@ options { allow-new-zones yes; }; -include "../../common/controls.conf"; +include "../../common/rndc.key"; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; zone "." { type hint; diff --git a/bin/tests/system/addzone/ns2/named2.conf b/bin/tests/system/addzone/ns2/named2.conf.in similarity index 89% rename from bin/tests/system/addzone/ns2/named2.conf rename to bin/tests/system/addzone/ns2/named2.conf.in index 437b1b4616..d156b552c3 100644 --- a/bin/tests/system/addzone/ns2/named2.conf +++ b/bin/tests/system/addzone/ns2/named2.conf.in @@ -6,12 +6,15 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; +include "../../common/rndc.key"; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; -include "../../common/controls.conf"; options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/addzone/ns2/named3.conf b/bin/tests/system/addzone/ns2/named3.conf.in similarity index 90% rename from bin/tests/system/addzone/ns2/named3.conf rename to bin/tests/system/addzone/ns2/named3.conf.in index 2bb92f53f4..df32280ecb 100644 --- a/bin/tests/system/addzone/ns2/named3.conf +++ b/bin/tests/system/addzone/ns2/named3.conf.in @@ -6,12 +6,14 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; +include "../../common/rndc.key"; -include "../../common/controls.conf"; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; 10.53.0.4; 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/addzone/ns3/named1.conf b/bin/tests/system/addzone/ns3/named1.conf.in similarity index 79% rename from bin/tests/system/addzone/ns3/named1.conf rename to bin/tests/system/addzone/ns3/named1.conf.in index 14ea730050..9c08ad07da 100644 --- a/bin/tests/system/addzone/ns3/named1.conf +++ b/bin/tests/system/addzone/ns3/named1.conf.in @@ -6,17 +6,14 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -key rndc_key { - secret "1234abcd8765"; - algorithm hmac-sha256; -}; +include "../../common/rndc.key"; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/addzone/ns3/named2.conf b/bin/tests/system/addzone/ns3/named2.conf.in similarity index 76% rename from bin/tests/system/addzone/ns3/named2.conf rename to bin/tests/system/addzone/ns3/named2.conf.in index 0b2684ec4c..9b5ff25115 100644 --- a/bin/tests/system/addzone/ns3/named2.conf +++ b/bin/tests/system/addzone/ns3/named2.conf.in @@ -6,17 +6,14 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -key rndc_key { - secret "1234abcd8765"; - algorithm hmac-sha256; -}; +include "../../common/rndc.key"; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/addzone/setup.sh b/bin/tests/system/addzone/setup.sh index 9128078fc0..1c7ae52e26 100644 --- a/bin/tests/system/addzone/setup.sh +++ b/bin/tests/system/addzone/setup.sh @@ -14,9 +14,12 @@ $SHELL clean.sh cp -f ns1/redirect.db.1 ns1/redirect.db cp -f ns2/redirect.db.1 ns2/redirect.db cp -f ns3/redirect.db.1 ns3/redirect.db -cp -f ns2/named1.conf ns2/named.conf + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named1.conf.in ns2/named.conf +copy_setports ns3/named1.conf.in ns3/named.conf + cp -f ns2/default.nzf.in ns2/3bf305731dd26307.nzf -cp -f ns3/named1.conf ns3/named.conf rm -f ns3/*.nzf ns3/*.nzf~ rm -f ns3/*.nzd ns3/*.nzd-lock rm -f ns3/inlineslave.db diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh index 4692abaec5..8b61adbd2b 100755 --- a/bin/tests/system/addzone/tests.sh +++ b/bin/tests/system/addzone/tests.sh @@ -9,227 +9,229 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p 5300" +DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + status=0 n=0 -echo "I:checking normally loaded zone ($n)" +echo_i "checking normally loaded zone ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # When LMDB support is compiled in, this tests that migration from # NZF to NZD occurs during named startup -echo "I:checking previously added zone ($n)" +echo_i "checking previously added zone ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -n "$NZD" ]; then - echo "I:checking that existing NZF file was renamed after migration ($n)" + echo_i "checking that existing NZF file was renamed after migration ($n)" [ -e ns2/3bf305731dd26307.nzf~ ] || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:adding new zone ($n)" +echo_i "adding new zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone 'added.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking addzone errors are logged correctly" +echo_i "checking addzone errors are logged correctly" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 grep "addzone: 'mister' unexpected" ns2/named.run >/dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking modzone errors are logged correctly" +echo_i "checking modzone errors are logged correctly" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 grep "modzone: 'mister' unexpected" ns2/named.run >/dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:adding a zone that requires quotes ($n)" +echo_i "adding a zone that requires quotes ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone '"32/1.0.0.127-in-addr.added.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:adding a zone with a quote in the name ($n)" +echo_i "adding a zone with a quote in the name ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone '"foo\"bar.example" { check-names ignore; type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:adding new zone with missing master file ($n)" +echo_i "adding new zone with missing master file ($n)" ret=0 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1 grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'missing.example { type master; file "missing.db"; };' 2> rndc.out.ns2.$n grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1 grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1 $PERL ../digcomp.pl dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -z "$NZD" ]; then - echo "I:verifying no comments in NZF file ($n)" + echo_i "verifying no comments in NZF file ($n)" ret=0 hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` [ $hcount -eq 0 ] || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking rndc showzone with previously added zone ($n)" +echo_i "checking rndc showzone with previously added zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone previous.example > rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n expected='zone "previous.example" { type master; file "previous.db"; };' [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -n "$NZD" ]; then - echo "I:checking zone is present in NZD ($n)" + echo_i "checking zone is present in NZD ($n)" ret=0 $NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:deleting previously added zone ($n)" +echo_i "deleting previously added zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone previous.example 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone previous.example 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.previous.example' dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -n "$NZD" ]; then - echo "I:checking zone was deleted from NZD ($n)" + echo_i "checking zone was deleted from NZD ($n)" for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 $NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null && ret=1 [ $ret = 0 ] && break sleep 1 done - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi if [ -z "$NZD" ]; then - echo "I:checking NZF file now has comment ($n)" + echo_i "checking NZF file now has comment ($n)" ret=0 hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` [ $hcount -eq 1 ] || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:deleting newly added zone added.example ($n)" +echo_i "deleting newly added zone added.example ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone added.example 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone added.example 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:deleting newly added zone with escaped quote ($n)" +echo_i "deleting newly added zone with escaped quote ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc showzone with a normally-loaded zone ($n)" +echo_i "checking rndc showzone with a normally-loaded zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone normal.example > rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n expected='zone "normal.example" { type master; file "normal.db"; };' [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc showzone with a normally-loaded zone with trailing dot ($n)" +echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone finaldot.example > rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n expected='zone "finaldot.example." { type master; file "normal.db"; };' [ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc showzone with a normally-loaded redirect zone ($n)" +echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 showzone -redirect > rndc.out.ns1.$n +$RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n expected='zone "." { type redirect; file "redirect.db"; };' [ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc zonestatus with a normally-loaded redirect zone ($n)" +echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 zonestatus -redirect > rndc.out.ns1.$n +$RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1 grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc reload with a normally-loaded redirect zone ($n)" +echo_i "checking rndc reload with a normally-loaded redirect zone ($n)" ret=0 sleep 1 cp -f ns1/redirect.db.2 ns1/redirect.db -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload -redirect > rndc.out.ns1.$n -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 zonestatus -redirect > zonestatus.out.ns1.$n +$RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n +$RNDCCMD 10.53.0.1 zonestatus -redirect > zonestatus.out.ns1.$n grep "type: redirect" zonestatus.out.ns1.$n > /dev/null || ret=1 grep "serial: 1" zonestatus.out.ns1.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:delete a normally-loaded zone ($n)" +echo_i "delete a normally-loaded zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example > rndc.out.ns2.$n 2>&1 +$RNDCCMD 10.53.0.2 delzone normal.example > rndc.out.ns2.$n 2>&1 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n grep "is no longer active and will be deleted" rndc.out.ns2.$n > /dev/null || ret=1 grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n > /dev/null || ret=1 @@ -237,11 +239,11 @@ grep "must also be removed from named.conf." rndc.out.ns2.$n > /dev/null || ret= grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to add master zone with inline signing ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inline.example { type master; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' +echo_i "attempting to add master zone with inline signing ($n)" +$RNDCCMD 10.53.0.2 addzone 'inline.example { type master; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' for i in 1 2 3 4 5 do ret=0 @@ -252,19 +254,19 @@ grep '^a.inline.example' dig.out.ns2.$n > /dev/null || ret=1 sleep 1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to add master zone with inline signing and missing master ($n)" +echo_i "attempting to add master zone with inline signing and missing master ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlinemissing.example { type master; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type master; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to add slave zone with inline signing ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' +echo_i "attempting to add slave zone with inline signing ($n)" +$RNDCCMD 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' for i in 1 2 3 4 5 do ret=0 @@ -275,30 +277,30 @@ grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1 sleep 1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to delete slave zone with inline signing ($n)" +echo_i "attempting to delete slave zone with inline signing ($n)" ret=0 for i in 0 1 2 3 4 5 6 7 8 9 do test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break sleep 1 done -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone inlineslave.example 2>&1 > rndc.out2.test$n +$RNDCCMD 10.53.0.2 delzone inlineslave.example 2>&1 > rndc.out2.test$n test -f inlineslave.bk || grep '^inlineslave.bk$' rndc.out2.test$n > /dev/null || { - echo "I:failed to report inlineslave.bk"; ret=1; + echo_i "failed to report inlineslave.bk"; ret=1; } test ! -f inlineslave.bk.signed || grep '^inlineslave.bk.signed$' rndc.out2.test$n > /dev/null || { - echo "I:failed to report inlineslave.bk.signed"; ret=1; + echo_i "failed to report inlineslave.bk.signed"; ret=1; } n=`expr $n + 1` status=`expr $status + $ret` -echo "I:restoring slave zone with inline signing ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' +echo_i "restoring slave zone with inline signing ($n)" +$RNDCCMD 10.53.0.2 addzone 'inlineslave.example { type slave; masters { 10.53.0.1; }; file "inlineslave.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' for i in 1 2 3 4 5 do ret=0 @@ -309,17 +311,17 @@ grep '^a.inlineslave.example' dig.out.ns2.$n > /dev/null || ret=1 sleep 1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:deleting slave zone with automatic zone file removal ($n)" +echo_i "deleting slave zone with automatic zone file removal ($n)" ret=0 for i in 0 1 2 3 4 5 6 7 8 9 do test -f ns2/inlineslave.bk.signed -a -f ns2/inlineslave.bk && break sleep 1 done -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone -clean inlineslave.example 2>&1 > /dev/null +$RNDCCMD 10.53.0.2 delzone -clean inlineslave.example 2>&1 > /dev/null for i in 0 1 2 3 4 5 6 7 8 9 do ret=0 @@ -330,144 +332,144 @@ done n=`expr $n + 1` status=`expr $status + $ret` -echo "I:modifying zone configuration ($n)" +echo_i "modifying zone configuration ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'mod.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone 'mod.example { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.1.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 modzone 'mod.example { type master; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 modzone 'mod.example { type master; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that adding a 'stub' zone works ($n)" +echo_i "check that adding a 'stub' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that adding a 'static-stub' zone works ($n)" +echo_i "check that adding a 'static-stub' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that adding a 'master redirect' zone works ($n)" +echo_i "check that adding a 'master redirect' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1 grep "type redirect;" showzone.out.ns2.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi -echo "I:check that reloading a added 'master redirect' zone works ($n)" +echo_i "check that reloading a added 'master redirect' zone works ($n)" ret=0 sleep 1 cp -f ns2/redirect.db.2 ns2/redirect.db -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload -redirect > rndc.out.ns2.$n -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1 grep "serial: 1" zonestatus.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi -echo "I:check that retransfer of a added 'master redirect' zone fails ($n)" +echo_i "check that retransfer of a added 'master redirect' zone fails ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi -echo "I:check that deleting a 'master redirect' zone works ($n)" +echo_i "check that deleting a 'master redirect' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone -redirect > showzone.out.ns2.$n 2>&1 +$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 grep 'not found' showzone.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that adding a 'slave redirect' zone works ($n)" +echo_i "check that adding a 'slave redirect' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; masters { 10.53.0.3;}; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 addzone '"." { type redirect; masters { 10.53.0.3;}; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || ret=1 grep "type redirect;" showzone.out.ns2.$n > /dev/null || ret=1 sleep 1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that retransfering a added 'slave redirect' zone works ($n)" +echo_i "check that retransfering a added 'slave redirect' zone works ($n)" ret=0 cp -f ns3/redirect.db.2 ns3/redirect.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload . > showzone.out.ns3.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 reload . > showzone.out.ns3.$n 2>&1 || ret=1 sleep 1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 retransfer -redirect > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 || ret=1 sleep 1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 || ret=1 grep "type: redirect" zonestatus.out.ns2.$n > /dev/null || ret=1 grep "serial: 1" zonestatus.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that deleting a 'slave redirect' zone works ($n)" +echo_i "check that deleting a 'slave redirect' zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone -redirect > showzone.out.ns2.$n 2>&1 +$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 grep 'not found' showzone.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that zone type 'hint' is properly rejected ($n)" +echo_i "check that zone type 'hint' is properly rejected ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that zone type 'forward' is properly rejected ($n)" +echo_i "check that zone type 'forward' is properly rejected ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that zone type 'delegation-only' is properly rejected ($n)" +echo_i "check that zone type 'delegation-only' is properly rejected ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'in-view' zones are properly rejected ($n)" +echo_i "check that 'in-view' zones are properly rejected ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:reconfiguring server with multiple views" +echo_i "reconfiguring server with multiple views" rm -f ns2/named.conf -cp -f ns2/named2.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /' +copy_setports ns2/named2.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /' sleep 5 -echo "I:adding new zone to external view ($n)" +echo_i "adding new zone to external view ($n)" # NOTE: The internal view has "recursion yes" set, and so queries for # nonexistent zones should return NOERROR. The external view is # "recursion no", so queries for nonexistent zones should return @@ -479,53 +481,53 @@ $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -z "$NZD" ]; then - echo "I:checking new NZF file has comment ($n)" + echo_i "checking new NZF file has comment ($n)" ret=0 hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l` [ $hcount -eq 1 ] || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi if [ -n "$NZD" ]; then - echo "I:verifying added.example in external view created an external.nzd DB ($n)" + echo_i "verifying added.example in external view created an external.nzd DB ($n)" ret=0 [ -e ns2/external.nzd ] || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking rndc reload causes named to reload the external view's new zone config ($n)" +echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking rndc showzone with newly added zone ($n)" +echo_i "checking rndc showzone with newly added zone ($n)" # loop because showzone may complain if zones are still being # loaded from the NZDB at this point. for try in 0 1 2 3 4 5; do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null +$RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null if [ -z "$NZD" ]; then expected='zone "added.example" in external { type master; file "added.db"; };' else @@ -536,79 +538,79 @@ for try in 0 1 2 3 4 5; do sleep 1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:deleting newly added zone ($n)" +echo_i "deleting newly added zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to add zone to internal view ($n)" +echo_i "attempting to add zone to internal view ($n)" ret=0 $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type master; file "added.db"; };' 2> rndc.out.ns2.$n grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:attempting to delete a policy zone ($n)" +echo_i "attempting to delete a policy zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 +$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:adding new zone again to external view ($n)" +echo_i "adding new zone again to external view ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone 'added.example in external { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:reconfiguring server with multiple views and new-zones-directory" +echo_i "reconfiguring server with multiple views and new-zones-directory" rm -f ns2/named.conf -cp -f ns2/named3.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /' +copy_setports ns2/named3.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reconfig 2>&1 | sed 's/^/I:ns2 /' sleep 5 -echo "I:checking new zone is still loaded after dir change ($n)" +echo_i "checking new zone is still loaded after dir change ($n)" ret=0 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:deleting newly added zone from external ($n)" +echo_i "deleting newly added zone from external ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:adding new zone to directory view ($n)" +echo_i "adding new zone to directory view ($n)" ret=0 $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1 @@ -616,7 +618,7 @@ $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dirpre.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.dirpre.$n > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'added.example in directory { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 addzone 'added.example in directory { type master; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /' $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 @@ -625,78 +627,78 @@ $DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -n "$NZD" ]; then - echo "I:checking NZD file was created in new-zones-directory ($n)" + echo_i "checking NZD file was created in new-zones-directory ($n)" expect=ns2/new-zones/directory.nzd else - echo "I:checking NZF file was created in new-zones-directory ($n)" + echo_i "checking NZF file was created in new-zones-directory ($n)" expect=ns2/new-zones/directory.nzf fi -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /' sleep 2 [ -e "$expect" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:deleting newly added zone from directory ($n)" +echo_i "deleting newly added zone from directory ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:ensure the configuration context is cleaned up correctly ($n)" +echo_i "ensure the configuration context is cleaned up correctly ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 reconfig > /dev/null 2>&1 || ret=1 sleep 5 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 status > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check delzone after reconfig failure ($n)" +echo_i "check delzone after reconfig failure ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone 'inlineslave.example. IN { type slave; file "inlineslave.db"; masterfile-format text; masters { testmaster; }; };' > /dev/null 2>&1 || ret=1 -cp -f ns3/named2.conf ns3/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 addzone 'inlineslave.example. IN { type slave; file "inlineslave.db"; masterfile-format text; masters { testmaster; }; };' > /dev/null 2>&1 || ret=1 +copy_setports ns3/named2.conf.in ns3/named.conf +$RNDCCMD 10.53.0.3 reconfig > /dev/null 2>&1 && ret=1 sleep 5 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone inlineslave.example > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 delzone inlineslave.example > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if ! $FEATURETEST --with-lmdb then - echo "I:check that addzone is fully reversed on failure (--with-lmdb=no) ($n)" + echo_i "check that addzone is fully reversed on failure (--with-lmdb=no) ($n)" ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test1.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test2.baz" '{ type master; file "dne.db"; };' > /dev/null 2>&1 && ret=1 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test3.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone "test3.baz" > /dev/null 2>&1 || ret=1 + $RNDCCMD 10.53.0.3 addzone "test1.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 + $RNDCCMD 10.53.0.3 addzone "test2.baz" '{ type master; file "dne.db"; };' > /dev/null 2>&1 && ret=1 + $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 + $RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1 grep test2.baz ns3/_default.nzf > /dev/null && ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:check that named restarts with multiple added zones ($n)" +echo_i "check that named restarts with multiple added zones ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test4.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test5.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 addzone "test4.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 addzone "test5.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1 $PERL $SYSTEMTESTTOP/stop.pl . ns3 -$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns3 || ret=1 -$DIG -p 5300 @10.53.0.3 version.bind txt ch > dig.out.test$n || ret=1 +$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns3 || ret=1 +$DIG $DIGOPTS @10.53.0.3 version.bind txt ch > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/allow_query/setup.sh b/bin/tests/system/allow_query/setup.sh index 696c27079e..accd4a80c6 100644 --- a/bin/tests/system/allow_query/setup.sh +++ b/bin/tests/system/allow_query/setup.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: setup.sh,v 1.2 2010/11/16 01:37:36 sar Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index cb4fb59bbd..c240d63b99 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -6,14 +6,15 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: ans.pl,v 1.6 2012/02/22 23:47:34 tbox Exp $ - # # This is the name server from hell. It provides canned # responses based on pattern matching the queries, and # can be reprogrammed on-the-fly over a TCP connection. # -# The server listens for control connections on port 5301. +# The server listens for queries on port 5300 (or PORT). +# +# The server listens for control connections on port 5301 (or EXTRAPORT1). +# # A control connection is a TCP stream of lines like # # /pattern/ @@ -80,17 +81,22 @@ if (@ARGV > 0) { $server_addr = @ARGV[0]; } +my $mainport = int($ENV{'PORT'}); +if (!$mainport) { $mainport = 5300; } +my $ctrlport = int($ENV{'EXTRAPORT1'}); +if (!$ctrlport) { $ctrlport = 5301; } + # XXX: we should also be able to set the port numbers to listen on. my $ctlsock = IO::Socket::INET->new(LocalAddr => "$server_addr", - LocalPort => 5301, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; + LocalPort => $ctrlport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", - LocalPort => 5300, Proto => "udp", Reuse => 1) or die "$!"; + LocalPort => $mainport, Proto => "udp", Reuse => 1) or die "$!"; my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", - LocalPort => 5300, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; + LocalPort => $mainport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; -print "listening on $server_addr:5300,5301.\n"; +print "listening on $server_addr:$mainport,$ctrlport.\n"; print "Using Net::DNS $Net::DNS::VERSION\n"; my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; diff --git a/bin/tests/system/auth/clean.sh b/bin/tests/system/auth/clean.sh index b5fe2a3555..be74d1b385 100644 --- a/bin/tests/system/auth/clean.sh +++ b/bin/tests/system/auth/clean.sh @@ -6,6 +6,7 @@ rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f dig.out.test* rm -f ns2/example.com.bk rm -f ns2/example.net.bk diff --git a/bin/tests/system/auth/ns1/named.conf b/bin/tests/system/auth/ns1/named.conf.in similarity index 93% rename from bin/tests/system/auth/ns1/named.conf rename to bin/tests/system/auth/ns1/named.conf.in index 10eae79f9c..7d2ec72757 100644 --- a/bin/tests/system/auth/ns1/named.conf +++ b/bin/tests/system/auth/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/auth/ns2/named.conf b/bin/tests/system/auth/ns2/named.conf.in similarity index 94% rename from bin/tests/system/auth/ns2/named.conf rename to bin/tests/system/auth/ns2/named.conf.in index 56baca9b1c..7b1f91fe5e 100644 --- a/bin/tests/system/auth/ns2/named.conf +++ b/bin/tests/system/auth/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/auth/setup.sh b/bin/tests/system/auth/setup.sh new file mode 100644 index 0000000000..d4f9dbc358 --- /dev/null +++ b/bin/tests/system/auth/setup.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf diff --git a/bin/tests/system/auth/tests.sh b/bin/tests/system/auth/tests.sh index e3013cf133..9e7d29f3fa 100644 --- a/bin/tests/system/auth/tests.sh +++ b/bin/tests/system/auth/tests.sh @@ -9,25 +9,25 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp" +DIGOPTS="+tcp -p ${PORT}" status=0 n=0 n=`expr $n + 1` -echo "I:wait for zones to finish transfering to ns2 ($n)" +echo_i "wait for zones to finish transfering to ns2 ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 for zone in example.com example.net do - $DIG $DIGOPTS -p 5300 @10.53.0.2 soa $zone > dig.out.test$n || ret=1 + $DIG $DIGOPTS @10.53.0.2 soa $zone > dig.out.test$n || ret=1 grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1 done [ $ret -eq 0 ] && break sleep 1 done -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` # @@ -35,95 +35,95 @@ status=`expr $status + $ret` # should not be followed. If both requested and available, they should be. # n=`expr $n + 1` -echo "I:check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)" +echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)" ret=0 -$DIG $DIGOPTS +norec -p 5300 @10.53.0.1 www.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +norec @10.53.0.1 www.example.com > dig.out.test$n || ret=1 grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)" +echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)" ret=0 -$DIG $DIGOPTS +rec -p 5300 @10.53.0.1 www.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +rec @10.53.0.1 www.example.com > dig.out.test$n || ret=1 grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)" +echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)" ret=0 -$DIG $DIGOPTS +norec -p 5300 @10.53.0.2 www.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +norec @10.53.0.2 www.example.com > dig.out.test$n || ret=1 grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that cross-zone CNAME records returns target data (rd=1/ra=1) ($n)" +echo_i "check that cross-zone CNAME records returns target data (rd=1/ra=1) ($n)" ret=0 -$DIG $DIGOPTS -p 5300 @10.53.0.2 www.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 www.example.com > dig.out.test$n || ret=1 grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` # # In-zone CNAME records should always be followed regardless of RD and RA. # n=`expr $n + 1` -echo "I:check that in-zone CNAME records returns target data (rd=0/ra=0) ($n)" +echo_i "check that in-zone CNAME records returns target data (rd=0/ra=0) ($n)" ret=0 -$DIG $DIGOPTS +norec -p 5300 @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)" +echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)" ret=0 -$DIG $DIGOPTS +rec -p 5300 @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that in-zone CNAME records returns target data (rd=0/ra=1) ($n)" +echo_i "check that in-zone CNAME records returns target data (rd=0/ra=1) ($n)" ret=0 -$DIG $DIGOPTS +norec -p 5300 @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that in-zone CNAME records returns target data (rd=1/ra=1) ($n)" +echo_i "check that in-zone CNAME records returns target data (rd=1/ra=1) ($n)" ret=0 -$DIG $DIGOPTS -p 5300 @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1 grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/autosign/clean.sh b/bin/tests/system/autosign/clean.sh index 59bde3d969..f84fc24881 100644 --- a/bin/tests/system/autosign/clean.sh +++ b/bin/tests/system/autosign/clean.sh @@ -11,6 +11,7 @@ rm -f */core rm -f */example.bk rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f */trusted.conf */private.conf rm -f activate-now-publish-1day.key rm -f active.key inact.key del.key unpub.key standby.key rev.key diff --git a/bin/tests/system/autosign/ns1/named.conf b/bin/tests/system/autosign/ns1/named.conf.in similarity index 83% rename from bin/tests/system/autosign/ns1/named.conf rename to bin/tests/system/autosign/ns1/named.conf.in index d978dd93e1..f345c7a455 100644 --- a/bin/tests/system/autosign/ns1/named.conf +++ b/bin/tests/system/autosign/ns1/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2009/11/30 23:48:02 tbox Exp $ */ - // NS1 -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -32,7 +28,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/autosign/ns2/named.conf b/bin/tests/system/autosign/ns2/named.conf.in similarity index 91% rename from bin/tests/system/autosign/ns2/named.conf rename to bin/tests/system/autosign/ns2/named.conf.in index f98318398b..d13c9c6275 100644 --- a/bin/tests/system/autosign/ns2/named.conf +++ b/bin/tests/system/autosign/ns2/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.7 2011/04/29 23:47:17 tbox Exp $ */ - // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -33,7 +29,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/autosign/ns3/named.conf b/bin/tests/system/autosign/ns3/named.conf.in similarity index 98% rename from bin/tests/system/autosign/ns3/named.conf rename to bin/tests/system/autosign/ns3/named.conf.in index 8bbd2f23fb..06f404cc49 100644 --- a/bin/tests/system/autosign/ns3/named.conf +++ b/bin/tests/system/autosign/ns3/named.conf.in @@ -14,7 +14,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; session-keyfile "session.key"; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -33,7 +33,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/autosign/ns4/named.conf b/bin/tests/system/autosign/ns4/named.conf.in similarity index 94% rename from bin/tests/system/autosign/ns4/named.conf rename to bin/tests/system/autosign/ns4/named.conf.in index 9e593141d4..4353fd8298 100644 --- a/bin/tests/system/autosign/ns4/named.conf +++ b/bin/tests/system/autosign/ns4/named.conf.in @@ -8,13 +8,11 @@ // NS4 -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/autosign/ns5/named.conf b/bin/tests/system/autosign/ns5/named.conf.in similarity index 86% rename from bin/tests/system/autosign/ns5/named.conf rename to bin/tests/system/autosign/ns5/named.conf.in index e14415551b..3776961ce1 100644 --- a/bin/tests/system/autosign/ns5/named.conf +++ b/bin/tests/system/autosign/ns5/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2009/11/30 23:48:02 tbox Exp $ */ - // NS5 -controls { /* empty */ }; - options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/autosign/setup.sh b/bin/tests/system/autosign/setup.sh index 819d224071..0a78c6ee1f 100644 --- a/bin/tests/system/autosign/setup.sh +++ b/bin/tests/system/autosign/setup.sh @@ -13,5 +13,11 @@ SYSTEMTESTTOP=.. test -r $RANDFILE || $GENRANDOM 800 $RANDFILE +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf + echo "I:generating keys and preparing zones" cd ns1 && $SHELL keygen.sh diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index f25a00bbf1..1bc0c6f8c5 100755 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -12,7 +12,8 @@ SYSTEMTESTTOP=.. status=0 n=0 -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" # convert private-type records to readable form showprivate () { @@ -42,7 +43,7 @@ checkprivate () { fi echo "$x" - echo "I:failed" + echo_i "failed" return 1 } @@ -52,7 +53,7 @@ checkprivate () { # NSEC records to appear before proceeding with a counter to prevent # infinite loops if there is a error. # -echo "I:waiting for autosign changes to take effect" +echo_i "waiting for autosign changes to take effect" i=0 while [ $i -lt 30 ] do @@ -80,19 +81,19 @@ do done i=`expr $i + 1` if [ $ret = 0 ]; then break; fi - echo "I:waiting ... ($i)" + echo_i "waiting ... ($i)" sleep 2 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; else echo "I:done"; fi +if [ $ret != 0 ]; then echo_i "done"; fi status=`expr $status + $ret` # # Check that DNSKEY is initially signed with a KSK and not a ZSK. # -echo "I:check that zone with active and inactive KSK and active ZSK is properly" -echo "I: resigned after the active KSK is deleted - stage 1: Verify that DNSKEY" -echo "I: is initially signed with a KSK and not a ZSK. ($n)" +echo_i "check that zone with active and inactive KSK and active ZSK is properly" +echo_i " resigned after the active KSK is deleted - stage 1: Verify that DNSKEY" +echo_i " is initially signed with a KSK and not a ZSK. ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n @@ -118,18 +119,18 @@ awk='$4 == "RRSIG" && $5 == "DNSKEY" { printf "%05u\n", $11 }' id=`awk "${awk}" dig.out.ns3.test$n` $SETTIME -D now+5 ns3/Kinacksk3.example.+007+${id} -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys inacksk3.example +$RNDCCMD 10.53.0.3 loadkeys inacksk3.example n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # Check that zone is initially signed with a ZSK and not a KSK. # -echo "I:check that zone with active and inactive ZSK and active KSK is properly" -echo "I: resigned after the active ZSK is deleted - stage 1: Verify that zone" -echo "I: is initially signed with a ZSK and not a KSK. ($n)" +echo_i "check that zone with active and inactive ZSK and active KSK is properly" +echo_i " resigned after the active ZSK is deleted - stage 1: Verify that zone" +echo_i " is initially signed with a ZSK and not a KSK. ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n kskid=`awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n | @@ -146,12 +147,12 @@ count=`awk 'BEGIN { count = 0 } test $count -eq 3 || ret=1 id=`awk '$4 == "RRSIG" && $5 == "CNAME" { printf "%05u\n", $11 }' dig.out.ns3.test$n` $SETTIME -D now+5 ns3/Kinaczsk3.example.+007+${id} -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys inaczsk3.example +$RNDCCMD 10.53.0.3 loadkeys inaczsk3.example n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC->NSEC3 conversion prerequisites ($n)" +echo_i "checking NSEC->NSEC3 conversion prerequisites ($n)" ret=0 # these commands should result in an empty file: $DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.1.test$n || ret=1 @@ -159,20 +160,20 @@ grep "NSEC3PARAM" dig.out.ns3.1.test$n > /dev/null && ret=1 $DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.2.test$n || ret=1 grep "NSEC3PARAM" dig.out.ns3.2.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC3->NSEC conversion prerequisites ($n)" +echo_i "checking NSEC3->NSEC conversion prerequisites ($n)" ret=0 $DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:converting zones from nsec to nsec3" +echo_i "converting zones from nsec to nsec3" $NSUPDATE > /dev/null 2>&1 < nsupdate.out 2>&1 < dig.out.ns3.test$n || ret=1 grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for nsec3param signing record ($n)" +echo_i "checking for nsec3param signing record ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list autonsec3.example. > signing.out.test$n 2>&1 +$RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1 grep "Pending NSEC3 chain 1 0 20 DEAF" signing.out.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:resetting nsec3param via rndc signing ($n)" +echo_i "resetting nsec3param via rndc signing ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all autonsec3.example. > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 1 10 beef autonsec3.example. > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -clear all autonsec3.example. > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 beef autonsec3.example. > /dev/null 2>&1 for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list autonsec3.example. > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1 grep "Pending NSEC3 chain 1 1 10 BEEF" signing.out.test$n > /dev/null || ret=1 num=`grep "Pending " signing.out.test$n | wc -l` [ $num -eq 1 ] || ret=1 [ $ret -eq 0 ] && break - echo "I:waiting ... ($i)" + echo_i "waiting ... ($i)" sleep 2 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:signing preset nsec3 zone" +echo_i "signing preset nsec3 zone" zsk=`cat autozsk.key` ksk=`cat autoksk.key` $SETTIME -K ns3 -P now -A now $zsk > /dev/null 2>&1 $SETTIME -K ns3 -P now -A now $ksk > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys autonsec3.example. 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 loadkeys autonsec3.example. 2>&1 | sed 's/^/I:ns3 /' -echo "I:waiting for changes to take effect" +echo_i "waiting for changes to take effect" sleep 3 -echo "I:converting zone from nsec3 to nsec" +echo_i "converting zone from nsec3 to nsec" $NSUPDATE > /dev/null 2>&1 << END || status=1 -server 10.53.0.3 5300 +server 10.53.0.3 ${PORT} zone nsec3-to-nsec.example. update delete nsec3-to-nsec.example. NSEC3PARAM send END -echo "I:waiting for change to take effect" +echo_i "waiting for change to take effect" sleep 3 -echo "I:checking that expired RRSIGs from missing key are not deleted ($n)" +echo_i "checking that expired RRSIGs from missing key are not deleted ($n)" ret=0 missing=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < missingzsk.key` $JOURNALPRINT ns3/nozsk.example.db.jnl | \ awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$missing || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that expired RRSIGs from inactive key are not deleted ($n)" +echo_i "checking that expired RRSIGs from inactive key are not deleted ($n)" ret=0 inactive=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < inactivezsk.key` $JOURNALPRINT ns3/inaczsk.example.db.jnl | \ awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$inactive || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that non-replaceable RRSIGs are logged only once (missing private key) ($n)" +echo_i "checking that non-replaceable RRSIGs are logged only once (missing private key) ($n)" ret=0 loglines=`grep "Key nozsk.example/NSEC3RSASHA1/$missing .* retaining signatures" ns3/named.run | wc -l` [ "$loglines" -eq 1 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that non-replaceable RRSIGs are logged only once (inactive private key) ($n)" +echo_i "checking that non-replaceable RRSIGs are logged only once (inactive private key) ($n)" ret=0 loglines=`grep "Key inaczsk.example/NSEC3RSASHA1/$inactive .* retaining signatures" ns3/named.run | wc -l` [ "$loglines" -eq 1 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Send rndc sync command to ns1, ns2 and ns3, to force the dynamically # signed zones to be dumped to their zone files -echo "I:dumping zone files" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 sync 2>&1 | sed 's/^/I:ns1 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 sync 2>&1 | sed 's/^/I:ns2 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync 2>&1 | sed 's/^/I:ns3 /' +echo_i "dumping zone files" +$RNDCCMD 10.53.0.1 sync 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.2 sync 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.3 sync 2>&1 | sed 's/^/I:ns3 /' -echo "I:checking expired signatures were updated ($n)" +echo_i "checking expired signatures were updated ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 @@ -312,11 +313,11 @@ do [ $ret = 0 ] && break sleep 1 done -if [ $ret != 0 ]; then cat digcomp.out.test$n; echo "I:failed"; fi +if [ $ret != 0 ]; then cat digcomp.out.test$n; echo_i "failed"; fi n=`expr $n + 1` status=`expr $status + $ret` -echo "I:checking NSEC->NSEC3 conversion succeeded ($n)" +echo_i "checking NSEC->NSEC3 conversion succeeded ($n)" ret=0 $DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.ok.test$n > /dev/null || ret=1 @@ -326,10 +327,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking direct NSEC3 autosigning succeeded ($n)" +echo_i "checking direct NSEC3 autosigning succeeded ($n)" ret=0 $DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1 [ -s dig.out.ns3.ok.test$n ] || ret=1 @@ -340,17 +341,17 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC->NSEC3 conversion failed with NSEC-only key ($n)" +echo_i "checking NSEC->NSEC3 conversion failed with NSEC-only key ($n)" ret=0 grep "failed: REFUSED" nsupdate.out > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC3->NSEC conversion succeeded ($n)" +echo_i "checking NSEC3->NSEC conversion succeeded ($n)" ret=0 # this command should result in an empty file: $DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1 @@ -361,12 +362,12 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' ($n)" +echo_i "checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param none autonsec3.example. > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -nsec3param none autonsec3.example. > /dev/null 2>&1 sleep 2 # this command should result in an empty file: $DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1 @@ -377,56 +378,56 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking TTLs of imported DNSKEYs (no default) ($n)" +echo_i "checking TTLs of imported DNSKEYs (no default) ($n)" ret=0 $DIG $DIGOPTS +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 [ -s dig.out.ns3.test$n ] || ret=1 awk 'BEGIN {r=0} $2 != 300 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking TTLs of imported DNSKEYs (with default) ($n)" +echo_i "checking TTLs of imported DNSKEYs (with default) ($n)" ret=0 $DIG $DIGOPTS +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 [ -s dig.out.ns3.test$n ] || ret=1 awk 'BEGIN {r=0} $2 != 60 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking TTLs of imported DNSKEYs (mismatched) ($n)" +echo_i "checking TTLs of imported DNSKEYs (mismatched) ($n)" ret=0 $DIG $DIGOPTS +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 [ -s dig.out.ns3.test$n ] || ret=1 awk 'BEGIN {r=0} $2 != 30 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking TTLs of imported DNSKEYs (existing RRset) ($n)" +echo_i "checking TTLs of imported DNSKEYs (existing RRset) ($n)" ret=0 $DIG $DIGOPTS +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 [ -s dig.out.ns3.test$n ] || ret=1 awk 'BEGIN {r=0} $2 != 30 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation NSEC ($n)" +echo_i "checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation NSEC3 ($n)" +echo_i "checking positive validation NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -435,10 +436,10 @@ $DIG $DIGOPTS +noauth a.nsec3.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation OPTOUT ($n)" +echo_i "checking positive validation OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -447,10 +448,10 @@ $DIG $DIGOPTS +noauth a.optout.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NXDOMAIN NSEC ($n)" +echo_i "checking negative validation NXDOMAIN NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -458,10 +459,10 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NXDOMAIN NSEC3 ($n)" +echo_i "checking negative validation NXDOMAIN NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth q.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -471,10 +472,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NXDOMAIN OPTOUT ($n)" +echo_i "checking negative validation NXDOMAIN OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth q.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -485,10 +486,10 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NODATA NSEC ($n)" +echo_i "checking negative validation NODATA NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 @@ -497,10 +498,10 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NODATA NSEC3 ($n)" +echo_i "checking negative validation NODATA NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 @@ -511,10 +512,10 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation NODATA OPTOUT ($n)" +echo_i "checking negative validation NODATA OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 @@ -525,12 +526,12 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the insecure.example domain -echo "I:checking 1-server insecurity proof NSEC ($n)" +echo_i "checking 1-server insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -539,10 +540,10 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking 1-server negative insecurity proof NSEC ($n)" +echo_i "checking 1-server negative insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -553,12 +554,12 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the secure.example domain -echo "I:checking multi-stage positive validation NSEC/NSEC ($n)" +echo_i "checking multi-stage positive validation NSEC/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -568,10 +569,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC/NSEC3 ($n)" +echo_i "checking multi-stage positive validation NSEC/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -581,10 +582,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC/OPTOUT ($n)" +echo_i "checking multi-stage positive validation NSEC/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -594,10 +595,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/NSEC ($n)" +echo_i "checking multi-stage positive validation NSEC3/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -607,10 +608,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/NSEC3 ($n)" +echo_i "checking multi-stage positive validation NSEC3/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -620,10 +621,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/OPTOUT ($n)" +echo_i "checking multi-stage positive validation NSEC3/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -633,10 +634,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/NSEC ($n)" +echo_i "checking multi-stage positive validation OPTOUT/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -646,10 +647,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/NSEC3 ($n)" +echo_i "checking multi-stage positive validation OPTOUT/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -659,10 +660,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/OPTOUT ($n)" +echo_i "checking multi-stage positive validation OPTOUT/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -672,10 +673,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking empty NODATA OPTOUT ($n)" +echo_i "checking empty NODATA OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth empty.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -685,12 +686,12 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 #grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the insecure.secure.example domain (insecurity proof) -echo "I:checking 2-server insecurity proof ($n)" +echo_i "checking 2-server insecurity proof ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \ > dig.out.ns2.test$n || ret=1 @@ -701,12 +702,12 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check a negative response in insecure.secure.example -echo "I:checking 2-server insecurity proof with a negative answer ($n)" +echo_i "checking 2-server insecurity proof with a negative answer ($n)" ret=0 $DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \ || ret=1 @@ -717,39 +718,39 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking security root query ($n)" +echo_i "checking security root query ($n)" ret=0 $DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation RSASHA256 NSEC ($n)" +echo_i "checking positive validation RSASHA256 NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation RSASHA512 NSEC ($n)" +echo_i "checking positive validation RSASHA512 NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that positive validation in a privately secure zone works ($n)" +echo_i "checking that positive validation in a privately secure zone works ($n)" ret=0 $DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -759,10 +760,10 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that negative validation in a privately secure zone works ($n)" +echo_i "checking that negative validation in a privately secure zone works ($n)" ret=0 $DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -773,91 +774,91 @@ grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking privately secure to nxdomain works ($n)" +echo_i "checking privately secure to nxdomain works ($n)" ret=0 $DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Try validating with a revoked trusted key. # This should fail. -echo "I:checking that validation returns insecure due to revoked trusted key ($n)" +echo_i "checking that validation returns insecure due to revoked trusted key ($n)" ret=0 $DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "flags:.*; QUERY" dig.out.ns5.test$n > /dev/null || ret=1 grep "flags:.* ad.*; QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that revoked key is present ($n)" +echo_i "checking that revoked key is present ($n)" ret=0 id=`cat rev.key` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that revoked key self-signs ($n)" +echo_i "checking that revoked key self-signs ($n)" ret=0 id=`cat rev.key` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for unpublished key ($n)" +echo_i "checking for unpublished key ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < unpub.key` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for activated but unpublished key ($n)" +echo_i "checking for activated but unpublished key ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < activate-now-publish-1day.key` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that standby key does not sign records ($n)" +echo_i "checking that standby key does not sign records ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that deactivated key does not sign records ($n)" +echo_i "checking that deactivated key does not sign records ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < inact.key` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking insertion of public-only key ($n)" +echo_i "checking insertion of public-only key ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < nopriv.key` file="ns1/`cat nopriv.key`.key" keydata=`grep DNSKEY $file` $NSUPDATE > /dev/null 2>&1 < dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking key deletion ($n)" +echo_i "checking key deletion ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < del.key` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking secure-to-insecure transition, nsupdate ($n)" +echo_i "checking secure-to-insecure transition, nsupdate ($n)" ret=0 $NSUPDATE > /dev/null 2>&1 < dig.out.ns3.test$n || ret=1 egrep '(RRSIG|DNSKEY|NSEC)' dig.out.ns3.test$n > /dev/null && ret=1 [ $ret -eq 0 ] && break - echo "I:waiting ... ($i)" + echo_i "waiting ... ($i)" sleep 2 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking secure-to-insecure transition, scheduled ($n)" +echo_i "checking secure-to-insecure transition, scheduled ($n)" ret=0 file="ns3/`cat del1.key`.key" $SETTIME -I now -D now $file > /dev/null file="ns3/`cat del2.key`.key" $SETTIME -I now -D now $file > /dev/null -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /' for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 $DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1 egrep '(RRSIG|DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1 [ $ret -eq 0 ] && break - echo "I:waiting ... ($i)" + echo_i "waiting ... ($i)" sleep 2 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that serial number and RRSIGs are both updated (rt21045) ($n)" +echo_i "checking that serial number and RRSIGs are both updated (rt21045) ($n)" ret=0 oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'` oldinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u` $KEYGEN -a rsasha1 -3 -q -r $RANDFILE -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign prepub.example 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/I:ns1 /' newserial=$oldserial try=0 while [ $oldserial -eq $newserial -a $try -lt 42 ] @@ -942,15 +943,15 @@ newinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {p [ "$oldserial" = "$newserial" ] && ret=1 [ "$oldinception" = "$newinception" ] && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:preparing to test key change corner cases" -echo "I:removing a private key file" +echo_i "preparing to test key change corner cases" +echo_i "removing a private key file" file="ns1/`cat vanishing.key`.private" rm -f $file -echo "I:preparing ZSK roll" +echo_i "preparing ZSK roll" starttime=`$PERL -e 'print time(), "\n";'` oldfile=`cat active.key` oldid=`sed 's/^K.+007+0*\([0-9]\)/\1/' < active.key` @@ -962,35 +963,35 @@ $SETTIME -K ns1 -i 0 -S $oldfile $newfile > /dev/null # note previous zone serial number oldserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'` -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 loadkeys . 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.1 loadkeys . 2>&1 | sed 's/^/I:ns1 /' sleep 4 -echo "I:revoking key to duplicated key ID" +echo_i "revoking key to duplicated key ID" $SETTIME -R now -K ns2 Kbar.+005+30676.key > /dev/null -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 loadkeys bar. 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.2 loadkeys bar. 2>&1 | sed 's/^/I:ns2 /' -echo "I:waiting for changes to take effect" +echo_i "waiting for changes to take effect" sleep 5 -echo "I:checking former standby key is now active ($n)" +echo_i "checking former standby key is now active ($n)" ret=0 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking former standby key has only signed incrementally ($n)" +echo_i "checking former standby key has only signed incrementally ($n)" ret=0 $DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 grep 'RRSIG.*'" $oldid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that signing records have been marked as complete ($n)" +echo_i "checking that signing records have been marked as complete ($n)" ret=0 checkprivate . 10.53.0.1 || ret=1 checkprivate bar 10.53.0.2 || ret=1 @@ -1020,29 +1021,29 @@ checkprivate ttl4.example 10.53.0.3 || ret=1 n=`expr $n + 1` status=`expr $status + $ret` -echo "I:forcing full sign" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 sign . 2>&1 | sed 's/^/I:ns1 /' +echo_i "forcing full sign" +$RNDCCMD 10.53.0.1 sign . 2>&1 | sed 's/^/I:ns1 /' -echo "I:waiting for change to take effect" +echo_i "waiting for change to take effect" sleep 5 -echo "I:checking former standby key has now signed fully ($n)" +echo_i "checking former standby key has now signed fully ($n)" ret=0 $DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking SOA serial number has been incremented ($n)" +echo_i "checking SOA serial number has been incremented ($n)" ret=0 newserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'` [ "$newserial" != "$oldserial" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking delayed key publication/activation ($n)" +echo_i "checking delayed key publication/activation ($n)" ret=0 zsk=`cat delayzsk.key` ksk=`cat delayksk.key` @@ -1053,16 +1054,16 @@ $DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test # DNSKEY not expected: awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking scheduled key publication, not activation ($n)" +echo_i "checking scheduled key publication, not activation ($n)" ret=0 $SETTIME -K ns3 -P now+3s -A none $zsk > /dev/null 2>&1 $SETTIME -K ns3 -P now+3s -A none $ksk > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys delay.example. 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/I:ns2 /' -echo "I:waiting for changes to take effect" +echo_i "waiting for changes to take effect" sleep 5 $DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -1071,16 +1072,16 @@ awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n || ret=1 # RRSIG not expected: awk 'BEGIN {r=1} $4=="RRSIG" {r=0} END {exit r}' dig.out.ns3.test$n && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking scheduled key activation ($n)" +echo_i "checking scheduled key activation ($n)" ret=0 $SETTIME -K ns3 -A now+3s $zsk > /dev/null 2>&1 $SETTIME -K ns3 -A now+3s $ksk > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys delay.example. 2>&1 | sed 's/^/I:ns2 /' +$RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/I:ns2 /' -echo "I:waiting for changes to take effect" +echo_i "waiting for changes to take effect" sleep 5 $DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.1.test$n || ret=1 @@ -1094,10 +1095,10 @@ awk 'BEGIN {r=1} $4=="A" {r=0} END {exit r}' dig.out.ns3.2.test$n || ret=1 # RRSIG expected: awk 'BEGIN {r=1} $4=="RRSIG" {r=0} END {exit r}' dig.out.ns3.2.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking former active key was removed ($n)" +echo_i "checking former active key was removed ($n)" # # Work out how long we need to sleep. Allow 4 seconds for the records # to be removed. @@ -1106,25 +1107,25 @@ now=`$PERL -e 'print time(), "\n";'` sleep=`expr $starttime + 29 - $now` case $sleep in -*|0);; -*) echo "I:waiting for timer to have activated"; sleep $sleep;; +*) echo_i "waiting for timer to have activated"; sleep $sleep;; esac ret=0 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$oldid"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking private key file removal caused no immediate harm ($n)" +echo_i "checking private key file removal caused no immediate harm ($n)" ret=0 id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < vanishing.key` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking revoked key with duplicate key ID (failure expected) ($n)" +echo_i "checking revoked key with duplicate key ID (failure expected) ($n)" lret=0 id=30676 $DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || lret=1 @@ -1132,15 +1133,15 @@ grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null || lret=1 $DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || lret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || lret=1 n=`expr $n + 1` -if [ $lret != 0 ]; then echo "I:not yet implemented"; fi +if [ $lret != 0 ]; then echo_i "not yet implemented"; fi -echo "I:checking key event timers are always set ($n)" +echo_i "checking key event timers are always set ($n)" # this is a regression test for a bug in which the next key event could # be scheduled for the present moment, and then never fire. check for # visible evidence of this error in the logs: awk '/next key event/ {if ($1 == $8 && $2 == $9) exit 1}' */named.run || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # this confirms that key events are never scheduled more than @@ -1170,58 +1171,58 @@ check_interval () { return $? } -echo "I:checking automatic key reloading interval ($n)" +echo_i "checking automatic key reloading interval ($n)" ret=0 check_interval ns1 3600 || ret=1 check_interval ns2 1800 || ret=1 check_interval ns3 600 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for key reloading loops ($n)" +echo_i "checking for key reloading loops ($n)" ret=0 # every key event should schedule a successor, so these should be equal rekey_calls=`grep "reconfiguring zone keys" ns*/named.run | wc -l` rekey_events=`grep "next key event" ns*/named.run | wc -l` [ "$rekey_calls" = "$rekey_events" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:forcing full sign with unreadable keys ($n)" +echo_i "forcing full sign with unreadable keys ($n)" ret=0 chmod 0 ns1/K.+*+*.key ns1/K.+*+*.private || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 sign . 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.1 sign . 2>&1 | sed 's/^/I:ns1 /' $DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:test turning on auto-dnssec during reconfig ($n)" +echo_i "test turning on auto-dnssec during reconfig ($n)" ret=0 # first create a zone that doesn't have auto-dnssec -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/I:ns3 /' rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l` [ "$rekey_calls" -eq 0 ] || ret=1 # ...then we add auto-dnssec and reconfigure -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 modzone reconf.example '{ type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' 2>&1 | sed 's/^/I:ns3 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 modzone reconf.example '{ type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 reconfig 2>&1 | sed 's/^/I:ns3 /' for i in 0 1 2 3 4 5 6 7 8 9; do lret=0 rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l` [ "$rekey_calls" -gt 0 ] || lret=1 if [ "$lret" -eq 0 ]; then break; fi - echo "I:waiting ... ($i)" + echo_i "waiting ... ($i)" sleep 1 done n=`expr $n + 1` if [ "$lret" != 0 ]; then ret=$lret; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:test CDS and CDNSKEY auto generation ($n)" +echo_i "test CDS and CDNSKEY auto generation ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n $DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n @@ -1229,10 +1230,10 @@ grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n > /dev/null | grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n > /dev/null || ret=1 n=`expr $n + 1` if [ "$lret" != 0 ]; then ret=$lret; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY ($n)" +echo_i "test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 sync.example dnskey > dig.out.ns3.dnskeytest$n $DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n @@ -1244,10 +1245,10 @@ test ${lines:-0} -eq 2 || ret=1 lines=`awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.ns3.cdstest$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY ($n)" +echo_i "test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey > dig.out.ns3.dnskeytest$n $DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey > dig.out.ns3.cdnskeytest$n @@ -1259,16 +1260,16 @@ test ${lines:-0} -eq 1 || ret=1 lines=`awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.ns3.cdstest$n | wc -l` test ${lines:-0} -eq 1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'" +echo_i "setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'" $SETTIME -D sync now+2 `cat sync.key` > /dev/null -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys sync.example -echo "I:waiting for deletion to occur" +$RNDCCMD 10.53.0.3 loadkeys sync.example +echo_i "waiting for deletion to occur" sleep 3 -echo "I:checking that the CDS and CDNSKEY are deleted ($n)" +echo_i "checking that the CDS and CDNSKEY are deleted ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n $DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n @@ -1276,28 +1277,28 @@ grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n > /dev/null & grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n > /dev/null && ret=1 n=`expr $n + 1` if [ "$lret" != 0 ]; then ret=$lret; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that dnssec-settime -p Dsync works ($n)" +echo_i "check that dnssec-settime -p Dsync works ($n)" ret=0 $SETTIME -p Dsync `cat sync.key` > settime.out.$n|| ret=0 grep "SYNC Delete:" settime.out.$n >/dev/null || ret=0 n=`expr $n + 1` if [ "$lret" != 0 ]; then ret=$lret; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that dnssec-settime -p Psync works ($n)" +echo_i "check that dnssec-settime -p Psync works ($n)" ret=0 $SETTIME -p Psync `cat sync.key` > settime.out.$n|| ret=0 grep "SYNC Publish:" settime.out.$n >/dev/null || ret=0 n=`expr $n + 1` if [ "$lret" != 0 ]; then ret=$lret; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that zone with inactive KSK and active ZSK is properly autosigned ($n)" +echo_i "check that zone with inactive KSK and active ZSK is properly autosigned ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example > dig.out.ns3.test$n @@ -1312,23 +1313,23 @@ pattern="DNSKEY 7 2 [0-9]* [0-9]* [0-9]* ${kskid} " grep "${pattern}" dig.out.ns3.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that zone with inactive ZSK and active KSK is properly autosigned ($n)" +echo_i "check that zone with inactive ZSK and active KSK is properly autosigned ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example > dig.out.ns3.test$n grep "SOA 7 2" dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # Check that DNSKEY is now signed with the ZSK. # -echo "I:check that zone with active and inactive KSK and active ZSK is properly" -echo "I: resigned after the active KSK is deleted - stage 2: Verify that DNSKEY" -echo "I: is now signed with the ZSK. ($n)" +echo_i "check that zone with active and inactive KSK and active ZSK is properly" +echo_i " resigned after the active KSK is deleted - stage 2: Verify that DNSKEY" +echo_i " is now signed with the ZSK. ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n @@ -1349,15 +1350,15 @@ count=`awk 'BEGIN { count = 0 } test $count -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # Check that zone is now signed with the KSK. # -echo "I:check that zone with active and inactive ZSK and active KSK is properly" -echo "I: resigned after the active ZSK is deleted - stage 2: Verify that zone" -echo "I: is now signed with the KSK. ($n)" +echo_i "check that zone with active and inactive ZSK and active KSK is properly" +echo_i " resigned after the active ZSK is deleted - stage 2: Verify that zone" +echo_i " is now signed with the KSK. ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n kskid=`awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n | @@ -1372,8 +1373,8 @@ count=`awk 'BEGIN { count = 0 } END {print count}' dig.out.ns3.test$n` test $count -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/builtin/clean.sh b/bin/tests/system/builtin/clean.sh index 7422db75c2..89f20492fc 100644 --- a/bin/tests/system/builtin/clean.sh +++ b/bin/tests/system/builtin/clean.sh @@ -8,6 +8,7 @@ rm -f ns?/named.run rm -f ns?/named.memstats +rm -f ns?/named.conf rm -f rndc.status.ns* rm -f dig.out.ns* rm -f ns*/named.lock diff --git a/bin/tests/system/builtin/ns1/named.conf b/bin/tests/system/builtin/ns1/named.conf.in similarity index 78% rename from bin/tests/system/builtin/ns1/named.conf rename to bin/tests/system/builtin/ns1/named.conf.in index b548ec80c8..42820f0b33 100644 --- a/bin/tests/system/builtin/ns1/named.conf +++ b/bin/tests/system/builtin/ns1/named.conf.in @@ -6,17 +6,17 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/08/09 04:12:25 tbox Exp $ */ - include "../../common/rndc.key"; -controls { inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/builtin/ns2/named.conf b/bin/tests/system/builtin/ns2/named.conf.in similarity index 78% rename from bin/tests/system/builtin/ns2/named.conf rename to bin/tests/system/builtin/ns2/named.conf.in index 7042935b5c..a755fe32d8 100644 --- a/bin/tests/system/builtin/ns2/named.conf +++ b/bin/tests/system/builtin/ns2/named.conf.in @@ -6,17 +6,17 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/08/09 04:12:25 tbox Exp $ */ - include "../../common/rndc.key"; -controls { inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/builtin/ns3/named.conf b/bin/tests/system/builtin/ns3/named.conf.in similarity index 81% rename from bin/tests/system/builtin/ns3/named.conf rename to bin/tests/system/builtin/ns3/named.conf.in index 521092a713..cb744bbfa7 100644 --- a/bin/tests/system/builtin/ns3/named.conf +++ b/bin/tests/system/builtin/ns3/named.conf.in @@ -6,17 +6,17 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/08/09 04:12:25 tbox Exp $ */ - include "../../common/rndc.key"; -controls { inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/builtin/setup.sh b/bin/tests/system/builtin/setup.sh new file mode 100644 index 0000000000..08a9c49e8c --- /dev/null +++ b/bin/tests/system/builtin/setup.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/builtin/tests.sh b/bin/tests/system/builtin/tests.sh index 31180cdd49..98901df6c3 100644 --- a/bin/tests/system/builtin/tests.sh +++ b/bin/tests/system/builtin/tests.sh @@ -4,116 +4,117 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.3 2011/08/09 04:12:25 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + status=0 n=0 n=`expr $n + 1` -echo "I:Checking that reconfiguring empty zones is silent ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig +echo_i "Checking that reconfiguring empty zones is silent ($n)" +$RNDCCMD 10.53.0.1 reconfig ret=0 grep "automatic empty zone" ns1/named.run > /dev/null || ret=1 grep "received control channel command 'reconfig'" ns1/named.run > /dev/null || ret=1 grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1 sleep 1 grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` -echo "I:Checking that reloading empty zones is silent ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload > /dev/null +echo_i "Checking that reloading empty zones is silent ($n)" +$RNDCCMD 10.53.0.1 reload > /dev/null ret=0 grep "automatic empty zone" ns1/named.run > /dev/null || ret=1 grep "received control channel command 'reload'" ns1/named.run > /dev/null || ret=1 grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1 sleep 1 grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi VERSION=`../../../../isc-config.sh --version | cut -d = -f 2` HOSTNAME=`$FEATURETEST --gethostname` n=`expr $n + 1` ret=0 -echo "I:Checking that default version works for rndc ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 status > rndc.status.ns1.$n 2>&1 +echo_i "Checking that default version works for rndc ($n)" +$RNDCCMD 10.53.0.1 status > rndc.status.ns1.$n 2>&1 grep "^version: BIND $VERSION " rndc.status.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that custom version works for rndc ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > rndc.status.ns3.$n 2>&1 +echo_i "Checking that custom version works for rndc ($n)" +$RNDCCMD 10.53.0.3 status > rndc.status.ns3.$n 2>&1 grep "^version: BIND $VERSION ${DESCRIPTION}${DESCRIPTION:+ } (this is a test of version)" rndc.status.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that default version works for query ($n)" -$DIG +short version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n +echo_i "Checking that default version works for query ($n)" +$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n grep "^\"$VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that custom version works for query ($n)" -$DIG +short version.bind txt ch @10.53.0.3 -p 5300 > dig.out.ns3.$n +echo_i "Checking that custom version works for query ($n)" +$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that default hostname works for query ($n)" -$DIG +short hostname.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n +echo_i "Checking that default hostname works for query ($n)" +$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n grep "^\"$HOSTNAME\"$" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that custom hostname works for query ($n)" -$DIG +short hostname.bind txt ch @10.53.0.3 -p 5300 > dig.out.ns3.$n +echo_i "Checking that custom hostname works for query ($n)" +$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that default server-id is none for query ($n)" -$DIG id.server txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n +echo_i "Checking that default server-id is none for query ($n)" +$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that server-id hostname works for query ($n)" -$DIG +short id.server txt ch @10.53.0.2 -p 5300 > dig.out.ns2.$n +echo_i "Checking that server-id hostname works for query ($n)" +$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n grep "^\"$HOSTNAME\"$" dig.out.ns2.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that server-id hostname works for EDNS name server ID request ($n)" -$DIG +norec +nsid foo @10.53.0.2 -p 5300 > dig.out.ns2.$n +echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)" +$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n grep "^; NSID: .* (\"$HOSTNAME\")$" dig.out.ns2.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that custom server-id works for query ($n)" -$DIG +short id.server txt ch @10.53.0.3 -p 5300 > dig.out.ns3.$n +echo_i "Checking that custom server-id works for query ($n)" +$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi n=`expr $n + 1` ret=0 -echo "I:Checking that custom server-id works for EDNS name server ID request ($n)" -$DIG +norec +nsid foo @10.53.0.3 -p 5300 > dig.out.ns3.$n +echo_i "Checking that custom server-id works for EDNS name server ID request ($n)" +$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo I:failed; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed; status=`expr $status + $ret`"; fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/cacheclean/clean.sh b/bin/tests/system/cacheclean/clean.sh index edb9a6e856..34f287e088 100644 --- a/bin/tests/system/cacheclean/clean.sh +++ b/bin/tests/system/cacheclean/clean.sh @@ -15,5 +15,6 @@ rm -f dig.out.expire rm -f sed.out.* rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f ns2/named_dump.db.* rm -f ns*/named.lock diff --git a/bin/tests/system/cacheclean/ns1/named.conf b/bin/tests/system/cacheclean/ns1/named.conf.in similarity index 95% rename from bin/tests/system/cacheclean/ns1/named.conf rename to bin/tests/system/cacheclean/ns1/named.conf.in index 690111caa5..4f35511bca 100644 --- a/bin/tests/system/cacheclean/ns1/named.conf +++ b/bin/tests/system/cacheclean/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cacheclean/ns2/named.conf b/bin/tests/system/cacheclean/ns2/named.conf.in similarity index 89% rename from bin/tests/system/cacheclean/ns2/named.conf rename to bin/tests/system/cacheclean/ns2/named.conf.in index d351e2f088..e36fdffbf0 100644 --- a/bin/tests/system/cacheclean/ns2/named.conf +++ b/bin/tests/system/cacheclean/ns2/named.conf.in @@ -8,13 +8,11 @@ /* $Id: named.conf,v 1.10 2011/08/02 23:47:52 tbox Exp $ */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -29,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/cacheclean/setup.sh b/bin/tests/system/cacheclean/setup.sh new file mode 100644 index 0000000000..d4f9dbc358 --- /dev/null +++ b/bin/tests/system/cacheclean/setup.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh index c68f97c86f..47ef63f8a6 100644 --- a/bin/tests/system/cacheclean/tests.sh +++ b/bin/tests/system/cacheclean/tests.sh @@ -12,9 +12,9 @@ SYSTEMTESTTOP=.. status=0 n=0 -RNDCOPTS="-c ../common/rndc.conf -s 10.53.0.2 -p 9953" +RNDCOPTS="-c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT}" DIGOPTS="+nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm \ - +nostat @10.53.0.2 -p 5300" + +nostat @10.53.0.2 -p ${PORT}" # fill the cache with nodes from flushtest.example zone load_cache () { @@ -79,40 +79,40 @@ in_cache () { } n=`expr $n + 1` -echo "I:check correctness of routine cache cleaning ($n)" +echo_i "check correctness of routine cache cleaning ($n)" $DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1 grep ";" dig.out.ns2 $PERL ../digcomp.pl --lc dig.out.ns2 knowngood.dig.out || status=1 n=`expr $n + 1` -echo "I:only one tcp socket was used ($n)" +echo_i "only one tcp socket was used ($n)" tcpclients=`awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l` -test $tcpclients -eq 1 || { status=1; echo "I:failed"; } +test $tcpclients -eq 1 || { status=1; echo_i "failed"; } n=`expr $n + 1` -echo "I:reset and check that records are correctly cached initially ($n)" +echo_i "reset and check that records are correctly cached initially ($n)" ret=0 load_cache dump_cache nrecords=`grep flushtest.example ns2/named_dump.db.$n | grep -v '^;' | egrep '(TXT|ANY)'| wc -l` -[ $nrecords -eq 17 ] || { ret=1; echo "I: found $nrecords records expected 17"; } -if [ $ret != 0 ]; then echo "I:failed"; fi +[ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; } +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing of the full cache ($n)" +echo_i "check flushing of the full cache ($n)" ret=0 clear_cache dump_cache nrecords=`grep flushtest.example ns2/named_dump.db.$n | grep -v '^;' | wc -l` [ $nrecords -eq 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing of individual nodes (interior node) ($n)" +echo_i "check flushing of individual nodes (interior node) ($n)" ret=0 clear_cache load_cache @@ -120,21 +120,21 @@ load_cache in_cache txt top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname top1.flushtest.example in_cache txt top1.flushtest.example && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing of individual nodes (leaf node, under the interior node) ($n)" +echo_i "check flushing of individual nodes (leaf node, under the interior node) ($n)" ret=0 # leaf node, under the interior node (should still exist) in_cache txt third2.second1.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example in_cache txt third2.second1.top1.flushtest.example && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)" +echo_i "check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)" ret=0 # another leaf node, with both positive and negative cache entries in_cache a third1.second1.top1.flushtest.example || ret=1 @@ -142,18 +142,18 @@ in_cache txt third1.second1.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example in_cache a third1.second1.top1.flushtest.example && ret=1 in_cache txt third1.second1.top1.flushtest.example && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing a nonexistent name ($n)" +echo_i "check flushing a nonexistent name ($n)" ret=0 $RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing of namespaces ($n)" +echo_i "check flushing of namespaces ($n)" ret=0 clear_cache load_cache @@ -176,45 +176,45 @@ $RNDC $RNDCOPTS flushtree top2.flushtest.example in_cache txt second1.top2.flushtest.example && ret=1 in_cache txt second2.top2.flushtest.example && ret=1 in_cache txt second3.top2.flushtest.example && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushing a nonexistent namespace ($n)" +echo_i "check flushing a nonexistent namespace ($n)" ret=0 $RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check the number of cached records remaining ($n)" +echo_i "check the number of cached records remaining ($n)" ret=0 dump_cache nrecords=`grep flushtest.example ns2/named_dump.db.$n | grep -v '^;' | egrep '(TXT|ANY)' | wc -l` -[ $nrecords -eq 17 ] || { ret=1; echo "I: found $nrecords records expected 17"; } -if [ $ret != 0 ]; then echo "I:failed"; fi +[ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; } +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check the check that flushname of a partial match works ($n)" +echo_i "check the check that flushname of a partial match works ($n)" ret=0 in_cache txt second2.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushtree example in_cache txt second2.top1.flushtest.example && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check the number of cached records remaining ($n)" +echo_i "check the number of cached records remaining ($n)" ret=0 dump_cache nrecords=`grep flushtest.example ns2/named_dump.db.$n | grep -v '^;' | egrep '(TXT|ANY)' | wc -l` -[ $nrecords -eq 1 ] || { ret=1; echo "I: found $nrecords records expected 1"; } -if [ $ret != 0 ]; then echo "I:failed"; fi +[ $nrecords -eq 1 ] || { ret=1; echo_i "found $nrecords records expected 1"; } +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check flushtree clears adb correctly ($n)" +echo_i "check flushtree clears adb correctly ($n)" ret=0 load_cache dump_cache @@ -232,24 +232,24 @@ sed -n '/plain success\/timeout/,/Unassociated entries/p' \ grep 'plain success/timeout' sed.out.$n.b > /dev/null 2>&1 || ret=1 grep 'Unassociated entries' sed.out.$n.b > /dev/null 2>&1 || ret=1 grep 'ns.flushtest.example' sed.out.$n.b > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check expire option returned from master zone ($n)" +echo_i "check expire option returned from master zone ($n)" ret=0 -$DIG @10.53.0.1 -p 5300 +expire soa expire-test > dig.out.expire +$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire grep EXPIRE: dig.out.expire > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check expire option returned from slave zone ($n)" +echo_i "check expire option returned from slave zone ($n)" ret=0 -$DIG @10.53.0.2 -p 5300 +expire soa expire-test > dig.out.expire +$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire grep EXPIRE: dig.out.expire > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/case/clean.sh b/bin/tests/system/case/clean.sh index 4297a8b10c..e98c7f9a22 100644 --- a/bin/tests/system/case/clean.sh +++ b/bin/tests/system/case/clean.sh @@ -7,6 +7,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. rm -f dig.ns*.test* +rm -f ns*/named.conf rm -f ns*/named.lock rm -f ns*/named.memstats rm -f ns*/named.run diff --git a/bin/tests/system/case/ns1/named.conf b/bin/tests/system/case/ns1/named.conf.in similarity index 95% rename from bin/tests/system/case/ns1/named.conf rename to bin/tests/system/case/ns1/named.conf.in index 533cc7c1cd..9e988ac800 100644 --- a/bin/tests/system/case/ns1/named.conf +++ b/bin/tests/system/case/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/case/ns2/named.conf b/bin/tests/system/case/ns2/named.conf.in similarity index 95% rename from bin/tests/system/case/ns2/named.conf rename to bin/tests/system/case/ns2/named.conf.in index 9455d01ee7..5738ca07f5 100644 --- a/bin/tests/system/case/ns2/named.conf +++ b/bin/tests/system/case/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/case/setup.sh b/bin/tests/system/case/setup.sh index dc6068a8c6..bad7b34cfd 100644 --- a/bin/tests/system/case/setup.sh +++ b/bin/tests/system/case/setup.sh @@ -4,5 +4,10 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -sh clean.sh -cp ns1/dynamic.db.in ns1/dynamic.db +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +${SHELL} clean.sh +cp -f ns1/dynamic.db.in ns1/dynamic.db +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf diff --git a/bin/tests/system/case/tests.sh b/bin/tests/system/case/tests.sh index 50f7aa612b..32c121a83d 100644 --- a/bin/tests/system/case/tests.sh +++ b/bin/tests/system/case/tests.sh @@ -9,127 +9,127 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd" +DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" status=0 n=0 n=`expr $n + 1` -echo "I:waiting for zone transfer to complete ($n)" +echo_i "waiting for zone transfer to complete ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 do - $DIG $DIGOPTS soa example. @10.53.0.2 -p 5300 > dig.ns2.test$n + $DIG $DIGOPTS soa example. @10.53.0.2 > dig.ns2.test$n grep SOA dig.ns2.test$n > /dev/null && break sleep 1 done for i in 1 2 3 4 5 6 7 8 9 do - $DIG $DIGOPTS soa dynamic. @10.53.0.2 -p 5300 > dig.ns2.test$n + $DIG $DIGOPTS soa dynamic. @10.53.0.2 > dig.ns2.test$n grep SOA dig.ns2.test$n > /dev/null && break sleep 1 done n=`expr $n + 1` -echo "I:testing case preserving responses - no acl ($n)" +echo_i "testing case preserving responses - no acl ($n)" ret=0 -$DIG $DIGOPTS mx example. @10.53.0.1 -p 5300 > dig.ns1.test$n +$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1 grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing no-case-compress acl '{ 10.53.0.2; }' ($n)" +echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)" ret=0 # check that we preserve zone case for non-matching query (10.53.0.1) -$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 -p 5300 > dig.ns1.test$n +$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 > dig.ns1.test$n grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1 grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1 # check that we don't preserve zone case for match (10.53.0.2) -$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 -p 5300 > dig.ns2.test$n +$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 > dig.ns2.test$n grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1 grep "mail.example" dig.ns2.test$n > /dev/null || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing load of dynamic zone with various \$ORIGIN values ($n)" +echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)" ret=0 -$DIG axfr dynamic @10.53.0.1 -p 5300 > dig.ns1.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n $PERL ../digcomp.pl dig.ns1.test$n dynamic.good || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:transfer of dynamic zone with various \$ORIGIN values ($n)" +echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)" ret=0 -$DIG axfr dynamic @10.53.0.2 -p 5300 > dig.ns2.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n $PERL ../digcomp.pl dig.ns2.test$n dynamic.good || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:change SOA owner case via update ($n)" +echo_i "change SOA owner case via update ($n)" $NSUPDATE << EOF -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} zone dynamic update add dYNAMIc 0 SOA mname1. . 2000042408 20 20 1814400 3600 send EOF -$DIG axfr dynamic @10.53.0.1 -p 5300 > dig.ns1.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n $PERL ../digcomp.pl dig.ns1.test$n postupdate.good || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` for i in 1 2 3 4 5 6 7 8 9 do - $DIG soa dynamic @10.53.0.2 -p 5300 | grep 2000042408 > /dev/null && break + $DIG $DIGOPTS soa dynamic @10.53.0.2 | grep 2000042408 > /dev/null && break sleep 1 done n=`expr $n + 1` -echo "I:check SOA owner case is transfered to slave ($n)" +echo_i "check SOA owner case is transfered to slave ($n)" ret=0 -$DIG axfr dynamic @10.53.0.2 -p 5300 > dig.ns2.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n $PERL ../digcomp.pl dig.ns2.test$n postupdate.good || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` #update delete Ns1.DyNaMIC. 300 IN A 10.53.0.1 n=`expr $n + 1` -echo "I:change A record owner case via update ($n)" +echo_i "change A record owner case via update ($n)" $NSUPDATE << EOF -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} zone dynamic update add Ns1.DyNaMIC. 300 IN A 10.53.0.1 send EOF -$DIG axfr dynamic @10.53.0.1 -p 5300 > dig.ns1.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n $PERL ../digcomp.pl dig.ns1.test$n postns1.good || ret=1 -test $ret -eq 0 || echo "I:failed" +test $ret -eq 0 || echo_i "failed" status=`expr $status + $ret` for i in 1 2 3 4 5 6 7 8 9 do - $DIG soa dynamic @10.53.0.2 -p 5300 | grep 2000042409 > /dev/null && break + $DIG $DIGOPTS soa dynamic @10.53.0.2 | grep 2000042409 > /dev/null && break sleep 1 done n=`expr $n + 1` -echo "I:check A owner case is transfered to slave ($n)" +echo_i "check A owner case is transfered to slave ($n)" ret=0 -$DIG axfr dynamic @10.53.0.2 -p 5300 > dig.ns2.test$n +$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n $PERL ../digcomp.pl dig.ns2.test$n postns1.good || ret=1 status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 5a02c2a879..d3af71285b 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -1480,7 +1480,7 @@ ret=0 cat ns2/named.conf.in | sed -e "s/^#T2//" > ns2/named.conf.tmp copy_setports ns2/named.conf.tmp ns2/named.conf $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo_ "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` diff --git a/bin/tests/system/cds/tests.sh b/bin/tests/system/cds/tests.sh index 5e54cbaaaf..a4098ce895 100644 --- a/bin/tests/system/cds/tests.sh +++ b/bin/tests/system/cds/tests.sh @@ -12,7 +12,7 @@ SYSTEMTESTTOP=.. status=0 n=0 fail() { - echo "I:failed" + echo_i "failed" status=`expr $status + 1` } @@ -23,7 +23,7 @@ runcmd() { testcase() { n=`expr $n + 1` - echo "I:$name ($n)" + echo_i "$name ($n)" expect=$1 shift result=`runcmd "$@"` @@ -234,5 +234,5 @@ name='prefer CDNSKEY' out=DS.2-2 testcase 0 $CDS -D -s -7200 -f sig.cds.cdnskey.2 -d DS.1 $Z -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/chain/ans3/ans.pl b/bin/tests/system/chain/ans3/ans.pl index 65beae82b7..7eb3a84d57 100644 --- a/bin/tests/system/chain/ans3/ans.pl +++ b/bin/tests/system/chain/ans3/ans.pl @@ -22,7 +22,10 @@ $SIG{INT} = \&rmpid; $SIG{TERM} = \&rmpid; my $localaddr = "10.53.0.3"; -my $localport = 5300; + +my $localport = int($ENV{'PORT'}); +if (!$localport) { $localport = 5300; } + my $verbose = 0; my $ttl = 60; my $zone = "example.broken"; diff --git a/bin/tests/system/chain/ans4/README.anspy b/bin/tests/system/chain/ans4/README.anspy index 1ac6658da0..67bd237dc6 100644 --- a/bin/tests/system/chain/ans4/README.anspy +++ b/bin/tests/system/chain/ans4/README.anspy @@ -9,8 +9,9 @@ ans.py requires at least dnspython 1.12.0. "ans.py" is a fairly simple Python script that will respond as an authoritative server to DNS queries. It opens a UDP socket on 10.53.0.4 -and fd92:7065:b8e:ffff::8, port 5300 (these are for DNS queries) and a TCP -socket addresses on 10.53.0.4 at port 5301 (this is the control channel). +and fd92:7065:b8e:ffff::8, port 5300 (or PORT) (these are for DNS queries) +and a TCP socket addresses on 10.53.0.4 at port 5301 (or EXTRAPORT1) +(this is the control channel). Please note that all functionality and formatting are subject to change as we determine what features the tool will need. diff --git a/bin/tests/system/chain/ans4/ans.py b/bin/tests/system/chain/ans4/ans.py index b2733f04b7..42ff4adb21 100755 --- a/bin/tests/system/chain/ans4/ans.py +++ b/bin/tests/system/chain/ans4/ans.py @@ -266,16 +266,21 @@ def sigterm(signum, frame): ############################################################################ ip4 = "10.53.0.4" ip6 = "fd92:7065:b8e:ffff::4" -sock = 5300 + +try: port=int(os.environ['PORT']) +except: port=5300 + +try: ctrlport=int(os.environ['EXTRAPORT1']) +except: ctrlport=5300 query4_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) -query4_socket.bind((ip4, sock)) +query4_socket.bind((ip4, port)) havev6 = True try: query6_socket = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) try: - query6_socket.bind((ip6, sock)) + query6_socket.bind((ip6, port)) except: query6_socket.close() havev6 = False @@ -283,7 +288,7 @@ except: havev6 = False ctrl_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) -ctrl_socket.bind((ip4, sock + 1)) +ctrl_socket.bind((ip4, ctrlport)) ctrl_socket.listen(5) signal.signal(signal.SIGTERM, sigterm) @@ -295,10 +300,10 @@ f.close() running = True -print ("Listening on %s port %d" % (ip4, sock)) +print ("Listening on %s port %d" % (ip4, port)) if havev6: - print ("Listening on %s port %d" % (ip6, sock)) -print ("Control channel on %s port %d" % (ip4, sock + 1)) + print ("Listening on %s port %d" % (ip6, port)) +print ("Control channel on %s port %d" % (ip4, ctrlport)) print ("Ctrl-c to quit") if havev6: diff --git a/bin/tests/system/chain/clean.sh b/bin/tests/system/chain/clean.sh index de3c22d476..8b6ba8f115 100755 --- a/bin/tests/system/chain/clean.sh +++ b/bin/tests/system/chain/clean.sh @@ -7,5 +7,6 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. rm -f dig.out.* named*.pid +rm -f ns*/named.conf rm -f */named.memstats */named.recursing */named.lock */named.run */ans.run rm -f ns2/K* ns2/dsset-* ns2/example.db.signed diff --git a/bin/tests/system/chain/ns1/named.conf b/bin/tests/system/chain/ns1/named.conf.in similarity index 93% rename from bin/tests/system/chain/ns1/named.conf rename to bin/tests/system/chain/ns1/named.conf.in index 83a8afdff6..7942c90c09 100644 --- a/bin/tests/system/chain/ns1/named.conf +++ b/bin/tests/system/chain/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/chain/ns2/named.conf b/bin/tests/system/chain/ns2/named.conf.in similarity index 97% rename from bin/tests/system/chain/ns2/named.conf rename to bin/tests/system/chain/ns2/named.conf.in index 07d2401cc0..c284a7de3c 100644 --- a/bin/tests/system/chain/ns2/named.conf +++ b/bin/tests/system/chain/ns2/named.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/chain/ns5/named.conf b/bin/tests/system/chain/ns5/named.conf.in similarity index 94% rename from bin/tests/system/chain/ns5/named.conf rename to bin/tests/system/chain/ns5/named.conf.in index 70cb8ed65b..f20e4eeeaf 100644 --- a/bin/tests/system/chain/ns5/named.conf +++ b/bin/tests/system/chain/ns5/named.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/chain/ns7/named.conf b/bin/tests/system/chain/ns7/named.conf.in similarity index 86% rename from bin/tests/system/chain/ns7/named.conf rename to bin/tests/system/chain/ns7/named.conf.in index f0ba85159d..3982449154 100644 --- a/bin/tests/system/chain/ns7/named.conf +++ b/bin/tests/system/chain/ns7/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { directory "."; query-source address 10.53.0.7; notify-source 10.53.0.7; transfer-source 10.53.0.7; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.7; }; listen-on-v6 { fd92:7065:b8e:ffff::7; }; @@ -27,7 +25,7 @@ key rndc_key { }; controls { - inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/chain/prereq.sh b/bin/tests/system/chain/prereq.sh index 8d767357f9..eba0165cd7 100644 --- a/bin/tests/system/chain/prereq.sh +++ b/bin/tests/system/chain/prereq.sh @@ -17,11 +17,11 @@ then then : else - echo "I:This test requires the dnspython module." >&2 + echo_i "This test requires the dnspython module." >&2 exit 1 fi else - echo "I:This test requires Python and the dnspython module." >&2 + echo_i "This test requires Python and the dnspython module." >&2 exit 1 fi @@ -31,17 +31,17 @@ then then : else - echo "I:Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2 + echo_i "Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2 exit 1 fi else - echo "I:This test requires the perl Net::DNS library." >&2 + echo_i "This test requires the perl Net::DNS library." >&2 exit 1 fi if $PERL -e 'use Net::DNS::Nameserver;' 2>/dev/null then : else - echo "I:This test requires the Net::DNS::Nameserver library." >&2 + echo_i "This test requires the Net::DNS::Nameserver library." >&2 exit 1 fi diff --git a/bin/tests/system/chain/setup.sh b/bin/tests/system/chain/setup.sh index ff2ce9c816..f33324da45 100644 --- a/bin/tests/system/chain/setup.sh +++ b/bin/tests/system/chain/setup.sh @@ -13,5 +13,10 @@ $SHELL clean.sh test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns7/named.conf.in ns7/named.conf + cd ns2 $SHELL sign.sh diff --git a/bin/tests/system/chain/tests.sh b/bin/tests/system/chain/tests.sh index 8577d9624b..5307171dee 100644 --- a/bin/tests/system/chain/tests.sh +++ b/bin/tests/system/chain/tests.sh @@ -7,242 +7,243 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="-p 5300 " -SEND="$PERL $SYSTEMTESTTOP/send.pl 10.53.0.4 5301" +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" +SEND="$PERL $SYSTEMTESTTOP/send.pl 10.53.0.4 ${EXTRAPORT1}" status=0 n=0 n=`expr $n + 1` -echo "I:checking short DNAME from authoritative ($n)" +echo_i "checking short DNAME from authoritative ($n)" ret=0 -$DIG a.short-dname.example @10.53.0.2 a -p 5300 > dig.out.ns2.short || ret=1 +$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1 grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking short DNAME from recursive ($n)" +echo_i "checking short DNAME from recursive ($n)" ret=0 -$DIG a.short-dname.example @10.53.0.7 a -p 5300 > dig.out.ns4.short || ret=1 +$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1 grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking long DNAME from authoritative ($n)" +echo_i "checking long DNAME from authoritative ($n)" ret=0 -$DIG a.long-dname.example @10.53.0.2 a -p 5300 > dig.out.ns2.long || ret=1 +$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1 grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking long DNAME from recursive ($n)" +echo_i "checking long DNAME from recursive ($n)" ret=0 -$DIG a.long-dname.example @10.53.0.7 a -p 5300 > dig.out.ns4.long || ret=1 +$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1 grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking (too) long DNAME from authoritative ($n)" +echo_i "checking (too) long DNAME from authoritative ($n)" ret=0 -$DIG 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a -p 5300 > dig.out.ns2.toolong || ret=1 +$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1 grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking (too) long DNAME from recursive with cached DNAME ($n)" +echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)" ret=0 -$DIG 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a -p 5300 > dig.out.ns4.cachedtoolong || ret=1 +$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a > dig.out.ns4.cachedtoolong || ret=1 grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1 grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking (too) long DNAME from recursive without cached DNAME ($n)" +echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)" ret=0 -$DIG 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a -p 5300 > dig.out.ns4.uncachedtoolong || ret=1 +$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a > dig.out.ns4.uncachedtoolong || ret=1 grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1 grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to DNAME from authoritative ($n)" +echo_i "checking CNAME to DNAME from authoritative ($n)" ret=0 -$DIG cname.example @10.53.0.2 a -p 5300 > dig.out.ns2.cname +$DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to DNAME from recursive" +echo_i "checking CNAME to DNAME from recursive" ret=0 -$DIG cname.example @10.53.0.7 a -p 5300 > dig.out.ns4.cname +$DIG $DIGOPTS cname.example @10.53.0.7 a > dig.out.ns4.cname grep "status: NOERROR" dig.out.ns4.cname > /dev/null || ret=1 grep '^cname.example.' dig.out.ns4.cname > /dev/null || ret=1 grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking DNAME is returned with synthesized CNAME before DNAME ($n)" +echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)" ret=0 -$DIG @10.53.0.7 -p 5300 name.synth-then-dname.example.broken A > dig.out.test$n +$DIG $DIGOPTS @10.53.0.7 name.synth-then-dname.example.broken A > dig.out.test$n grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1 grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1 grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)" +echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)" ret=0 -$DIG @10.53.0.7 -p 5300 cname-to-synth2-then-dname.example.broken A > dig.out.test$n +$DIG $DIGOPTS @10.53.0.7 cname-to-synth2-then-dname.example.broken A > dig.out.test$n grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1 grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-dname\.example\.broken.$' dig.out.test$n > /dev/null || ret=1 grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1 grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME loops are detected ($n)" +echo_i "checking CNAME loops are detected ($n)" ret=0 -$DIG @10.53.0.7 -p 5300 loop.example > dig.out.test$n +$DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to external delegated zones is handled ($n)" +echo_i "checking CNAME to external delegated zones is handled ($n)" ret=0 -$DIG @10.53.0.7 -p 5300 a.example > dig.out.test$n +$DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to internal delegated zones is handled ($n)" +echo_i "checking CNAME to internal delegated zones is handled ($n)" ret=0 -$DIG @10.53.0.7 -p 5300 b.example > dig.out.test$n +$DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to signed external delgation is handled ($n)" +echo_i "checking CNAME to signed external delgation is handled ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.7 -p 5300 c.example > dig.out.$n +$DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i " failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME to signed internal delgation is handled ($n)" +echo_i "checking CNAME to signed internal delgation is handled ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.7 -p 5300 d.example > dig.out.$n +$DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i " failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking CNAME chains in various orders ($n)" +echo_i "checking CNAME chains in various orders ($n)" ret=0 echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "cname,cname,cname|1,1,2,2,3,4,s4,s3,s1" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "cname,cname,cname|2,1,3,4,s3,s1,s2,s4" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1 grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.3.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.4.$n 2>&1 grep 'status: NOERROR' dig.out.4.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.4.$n > /dev/null 2>&1 || ret=1 echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.5.$n 2>&1 grep 'status: NOERROR' dig.out.5.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.5.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "cname,cname,cname|4,3,3,3,s1,s1,1,3,4" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1 grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that only the initial CNAME is cached ($n)" +echo_i "checking that only the initial CNAME is cached ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1 sleep 1 $DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1 ttl=`awk '{print $2}' dig.out.2.$n` [ "$ttl" -eq 86400 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking DNAME chains in various orders ($n)" +echo_i "checking DNAME chains in various orders ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3' dig.out.1.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3' dig.out.2.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "dname,dname|2,3,s1,s2,s3,s4,1" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1 grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' -if [ $ret != 0 ]; then echo "I:failed"; fi +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking external CNAME/DNAME chains in various orders ($n)" +echo_i "checking external CNAME/DNAME chains in various orders ($n)" ret=0 echo "xname,dname|1,2,3,4,s1,s2,s3,s4" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1 grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "xname,dname|s2,2,s1,1,4,s4,3" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i echo "xname,dname|s2,2,2,2" | $SEND $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1 grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 flush 2>&1 | sed 's/^/I:ns7 /' -if [ $ret != 0 ]; then echo "I:failed"; fi +$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index c7d4867a1a..78c3a5e3d7 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -11,37 +11,37 @@ status=0 n=0 n=`expr $n + 1` -echo "I: checking that named-checkconf handles a known good config ($n)" +echo_i "checking that named-checkconf handles a known good config ($n)" ret=0 $CHECKCONF good.conf > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf prints a known good config ($n)" +echo_i "checking that named-checkconf prints a known good config ($n)" ret=0 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in [ -s good.conf.in ] || ret=1 $CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 cmp good.conf.in good.conf.out || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -x removes secrets ($n)" +echo_i "checking that named-checkconf -x removes secrets ($n)" ret=0 # ensure there is a secret and that it is not the check string. grep 'secret "' good.conf.in > /dev/null || ret=1 grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1 $CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1 grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` for bad in bad-*.conf do n=`expr $n + 1` - echo "I: checking that named-checkconf detects error in $bad ($n)" + echo_i "checking that named-checkconf detects error in $bad ($n)" ret=0 $CHECKCONF $bad > checkconf.out 2>&1 if [ $? != 1 ]; then ret=1; fi @@ -56,45 +56,45 @@ do grep "$pat" checkconf.out > /dev/null || ret=1 ;; esac - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done for good in good-*.conf do n=`expr $n + 1` - echo "I: checking that named-checkconf detects no error in $good ($n)" + echo_i "checking that named-checkconf detects no error in $good ($n)" ret=0 $CHECKCONF $good > /dev/null 2>&1 - if [ $? != 0 ]; then echo "I:failed"; ret=1; fi + if [ $? != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` done n=`expr $n + 1` -echo "I: checking that named-checkconf -z catches missing hint file ($n)" +echo_i "checking that named-checkconf -z catches missing hint file ($n)" ret=0 $CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1 grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf catches range errors ($n)" +echo_i "checking that named-checkconf catches range errors ($n)" ret=0 $CHECKCONF range.conf > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf warns of notify inconsistencies ($n)" +echo_i "checking that named-checkconf warns of notify inconsistencies ($n)" ret=0 warnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l` [ $warnings -eq 3 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking named-checkconf dnssec warnings ($n)" +echo_i "checking named-checkconf dnssec warnings ($n)" ret=0 $CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 $CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1 @@ -102,11 +102,11 @@ $CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret= $CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1 # this one should have no warnings $CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: range checking fields that do not allow zero ($n)" +echo_i "range checking fields that do not allow zero ($n)" ret=0 for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do cat > badzero.conf << EOF @@ -115,14 +115,14 @@ options { }; EOF $CHECKCONF badzero.conf > /dev/null 2>&1 - [ $? -eq 1 ] || { echo "I: options $field failed" ; ret=1; } + [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; } cat > badzero.conf << EOF view dummy { $field 0; }; EOF $CHECKCONF badzero.conf > /dev/null 2>&1 - [ $? -eq 1 ] || { echo "I: view $field failed" ; ret=1; } + [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; } cat > badzero.conf << EOF options { $field 0; @@ -131,7 +131,7 @@ view dummy { }; EOF $CHECKCONF badzero.conf > /dev/null 2>&1 - [ $? -eq 1 ] || { echo "I: options + view $field failed" ; ret=1; } + [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; } cat > badzero.conf << EOF zone dummy { type slave; @@ -140,13 +140,13 @@ zone dummy { }; EOF $CHECKCONF badzero.conf > /dev/null 2>&1 - [ $? -eq 1 ] || { echo "I: zone $field failed" ; ret=1; } + [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; } done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking options allowed in inline-signing slaves ($n)" +echo_i "checking options allowed in inline-signing slaves ($n)" ret=0 l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l` [ $l -eq 1 ] || ret=1 @@ -154,29 +154,29 @@ l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires in [ $l -eq 1 ] || ret=1 l=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l` [ $l -eq 1 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check file + inline-signing for slave zones ($n)" +echo_i "check file + inline-signing for slave zones ($n)" l=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l` [ $l -eq 0 ] || ret=1 l=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l` [ $l -eq 0 ] || ret=1 l=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l` [ $l -eq 1 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking named-checkconf DLZ warnings ($n)" +echo_i "checking named-checkconf DLZ warnings ($n)" ret=0 $CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking for missing key directory warning ($n)" +echo_i "checking for missing key directory warning ($n)" ret=0 rm -rf test.keydir l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l` @@ -189,209 +189,209 @@ mkdir test.keydir l=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l` [ $l -eq 0 ] || ret=1 rm -rf test.keydir -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi n=`expr $n + 1` -echo "I: checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)" +echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)" ret=0 $CHECKCONF -z max-ttl.conf > check.out 2>&1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z catches invalid max-ttl ($n)" +echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)" ret=0 $CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z skips zone check with alternate databases ($n)" +echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)" ret=0 $CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z skips zone check with DLZ ($n)" +echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)" ret=0 $CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z fails on view with ANY class ($n)" +echo_i "checking that named-checkconf -z fails on view with ANY class ($n)" ret=0 $CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z fails on view with CLASS255 class ($n)" +echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)" ret=0 $CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z passes on view with IN class ($n)" +echo_i "checking that named-checkconf -z passes on view with IN class ($n)" ret=0 $CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: checking that named-checkconf -z passes on view with CLASS1 class ($n)" +echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)" ret=0 $CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-names fails as configured ($n)" +echo_i "check that check-names fails as configured ($n)" ret=0 $CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1 grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-mx fails as configured ($n)" +echo_i "check that check-mx fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-dup-records fails as configured ($n)" +echo_i "check that check-dup-records fails as configured ($n)" ret=0 $CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "has semantically identical records" checkconf.out$n > /dev/null || ret=1 grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-mx fails as configured ($n)" +echo_i "check that check-mx fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-mx-cname fails as configured ($n)" +echo_i "check that check-mx-cname fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that check-srv-cname fails as configured ($n)" +echo_i "check that check-srv-cname fails as configured ($n)" ret=0 $CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that named-checkconf -p properly print a port range ($n)" +echo_i "check that named-checkconf -p properly print a port range ($n)" ret=0 $CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1 grep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that named-checkconf -z handles in-view ($n)" +echo_i "check that named-checkconf -z handles in-view ($n)" ret=0 $CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1 grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that named-checkconf prints max-cache-size correctly ($n)" +echo_i "check that named-checkconf prints max-cache-size correctly ($n)" ret=0 $CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1 grep "max-cache-size 60%;" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that named-checkconf -l print out the zone list ($n)" +echo_i "check that named-checkconf -l print out the zone list ($n)" ret=0 $CHECKCONF -l good.conf | grep -v "is not implemented" | grep -v "is obsolete" > checkconf.out$n || ret=1 diff good.zonelist checkconf.out$n > diff.out$n || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that 'dnssec-lookaside auto;' generates a warning ($n)" +echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" ret=0 $CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 grep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" +echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" ret=0 $CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 grep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)" +echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)" ret=0 $CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" +echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" ret=0 $CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] || ret=1 grep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -echo "I: check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)" +echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)" ret=0 $CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -echo "I: check that the 2017 ICANN ROOT KSK alone does not warning ($n)" +echo_i "check that the 2017 ICANN ROOT KSK alone does not warning ($n)" ret=0 $CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -echo "I: check that the dlv.isc.org KSK generates a warning ($n)" +echo_i "check that the dlv.isc.org KSK generates a warning ($n)" ret=0 $CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] || ret=1 grep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkds/tests.sh b/bin/tests/system/checkds/tests.sh index 06343e0ee0..eb5d4c9f19 100644 --- a/bin/tests/system/checkds/tests.sh +++ b/bin/tests/system/checkds/tests.sh @@ -22,80 +22,80 @@ chmod +x $DIG status=0 n=1 -echo "I:checking for correct DS, looking up key via 'dig' ($n)" +echo_i "checking for correct DS, looking up key via 'dig' ($n)" ret=0 $CHECKDS ok.example > checkds.out.$n 2>&1 || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for correct DS, obtaining key from file ($n)" +echo_i "checking for correct DS, obtaining key from file ($n)" ret=0 $CHECKDS -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for correct DLV, looking up key via 'dig' ($n)" +echo_i "checking for correct DLV, looking up key via 'dig' ($n)" ret=0 $CHECKDS -l dlv.example ok.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for correct DLV, obtaining key from file ($n)" +echo_i "checking for correct DLV, obtaining key from file ($n)" ret=0 $CHECKDS -l dlv.example -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for incorrect DS, lowronging up key via 'dig' ($n)" +echo_i "checking for incorrect DS, lowronging up key via 'dig' ($n)" ret=0 $CHECKDS wrong.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for incorrect DS, obtaining key from file ($n)" +echo_i "checking for incorrect DS, obtaining key from file ($n)" ret=0 $CHECKDS -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for incorrect DLV, lowronging up key via 'dig' ($n)" +echo_i "checking for incorrect DLV, lowronging up key via 'dig' ($n)" ret=0 $CHECKDS -l dlv.example wrong.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for incorrect DLV, obtaining key from file ($n)" +echo_i "checking for incorrect DLV, obtaining key from file ($n)" ret=0 $CHECKDS -l dlv.example -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for partially missing DS, looking up key via 'dig' ($n)" +echo_i "checking for partially missing DS, looking up key via 'dig' ($n)" ret=0 $CHECKDS missing.example > checkds.out.$n || ret=1 grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 @@ -103,10 +103,10 @@ grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for partially missing DS, obtaining key from file ($n)" +echo_i "checking for partially missing DS, obtaining key from file ($n)" ret=0 $CHECKDS -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 @@ -114,10 +114,10 @@ grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for partially missing DLV, looking up key via 'dig' ($n)" +echo_i "checking for partially missing DLV, looking up key via 'dig' ($n)" ret=0 $CHECKDS -l dlv.example missing.example > checkds.out.$n || ret=1 grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 @@ -125,10 +125,10 @@ grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for partially missing DLV, obtaining key from file ($n)" +echo_i "checking for partially missing DLV, obtaining key from file ($n)" ret=0 $CHECKDS -l dlv.example -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 @@ -136,50 +136,50 @@ grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for entirely missing DS, looking up key via 'dig' ($n)" +echo_i "checking for entirely missing DS, looking up key via 'dig' ($n)" ret=0 $CHECKDS none.example > checkds.out.$n && ret=1 grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for entirely missing DS, obtaining key from file ($n)" +echo_i "checking for entirely missing DS, obtaining key from file ($n)" ret=0 $CHECKDS -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for entirely missing DLV, looking up key via 'dig' ($n)" +echo_i "checking for entirely missing DLV, looking up key via 'dig' ($n)" ret=0 $CHECKDS -l dlv.example none.example > checkds.out.$n && ret=1 grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for entirely missing DLV, obtaining key from file ($n)" +echo_i "checking for entirely missing DLV, obtaining key from file ($n)" ret=0 $CHECKDS -l dlv.example -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking with prepared dsset file ($n)" +echo_i "checking with prepared dsset file ($n)" ret=0 $CHECKDS -f prep.example.db -s prep.example.ds.db prep.example > checkds.out.$n || ret=1 grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ $status = 0 ]; then $SHELL clean.sh; fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checknames/clean.sh b/bin/tests/system/checknames/clean.sh index 870b181165..5927eae8e8 100644 --- a/bin/tests/system/checknames/clean.sh +++ b/bin/tests/system/checknames/clean.sh @@ -6,8 +6,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $ - +rm -f ns*/named.conf rm -f dig.out.ns?.test* rm -f nsupdate.out.test* rm -f ns1/*.example.db diff --git a/bin/tests/system/checknames/ns1/named.conf b/bin/tests/system/checknames/ns1/named.conf.in similarity index 92% rename from bin/tests/system/checknames/ns1/named.conf rename to bin/tests/system/checknames/ns1/named.conf.in index 1d2c08caa7..a244c0f104 100644 --- a/bin/tests/system/checknames/ns1/named.conf +++ b/bin/tests/system/checknames/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.9 2007/06/19 23:47:01 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/checknames/ns2/named.conf b/bin/tests/system/checknames/ns2/named.conf.in similarity index 85% rename from bin/tests/system/checknames/ns2/named.conf rename to bin/tests/system/checknames/ns2/named.conf.in index 7088242b9e..cc0f4f7fdf 100644 --- a/bin/tests/system/checknames/ns2/named.conf +++ b/bin/tests/system/checknames/ns2/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.7 2007/06/18 23:47:27 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/checknames/ns3/named.conf b/bin/tests/system/checknames/ns3/named.conf.in similarity index 85% rename from bin/tests/system/checknames/ns3/named.conf rename to bin/tests/system/checknames/ns3/named.conf.in index 3eb532430c..6f3cf14baa 100644 --- a/bin/tests/system/checknames/ns3/named.conf +++ b/bin/tests/system/checknames/ns3/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.7 2007/06/18 23:47:27 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/checknames/ns4/named.conf b/bin/tests/system/checknames/ns4/named.conf.in similarity index 87% rename from bin/tests/system/checknames/ns4/named.conf rename to bin/tests/system/checknames/ns4/named.conf.in index 04415f9ed0..3394d08735 100644 --- a/bin/tests/system/checknames/ns4/named.conf +++ b/bin/tests/system/checknames/ns4/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.7 2007/06/18 23:47:27 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/checknames/setup.sh b/bin/tests/system/checknames/setup.sh index 326cb38547..8d65cd2bf3 100644 --- a/bin/tests/system/checknames/setup.sh +++ b/bin/tests/system/checknames/setup.sh @@ -4,7 +4,15 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: setup.sh,v 1.5 2007/06/19 23:47:01 tbox Exp $ +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf cp ns1/ignore.example.db.in ns1/ignore.example.db cp ns1/warn.example.db.in ns1/warn.example.db diff --git a/bin/tests/system/checknames/tests.sh b/bin/tests/system/checknames/tests.sh index 3fce045e1a..e304d0a617 100644 --- a/bin/tests/system/checknames/tests.sh +++ b/bin/tests/system/checknames/tests.sh @@ -6,83 +6,81 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.5 2007/06/19 23:47:01 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 n=1 -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" # Entry should exist. -echo "I: check for failure from on zone load for 'check-names fail;' ($n)" +echo_i "check for failure from on zone load for 'check-names fail;' ($n)" ret=0 $DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1 grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1 grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` # Entry should exist. -echo "I: check for warnings from on zone load for 'check-names warn;' ($n)" +echo_i "check for warnings from on zone load for 'check-names warn;' ($n)" ret=0 grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` # Entry should not exist. -echo "I: check for warnings from on zone load for 'check-names ignore;' ($n)" +echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)" ret=1 grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` # Entry should exist -echo "I: check that 'check-names response warn;' works ($n)" +echo_i "check that 'check-names response warn;' works ($n)" ret=0 $DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` # Entry should exist -echo "I: check that 'check-names response (owner) fails;' works ($n)" +echo_i "check that 'check-names response (owner) fails;' works ($n)" ret=0 $DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1 grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` # Entry should exist -echo "I: check that 'check-names response (rdata) fails;' works ($n)" +echo_i "check that 'check-names response (rdata) fails;' works ($n)" ret=0 $DIG $DIGOPTS mx.ignore.example. @10.53.0.1 MX > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS mx.ignore.example. @10.53.0.3 MX > dig.out.ns3.test$n || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1 grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that updates to 'check-names fail;' are rejected ($n)" +echo_i "check that updates to 'check-names fail;' are rejected ($n)" ret=0 not=1 $NSUPDATE -d < nsupdate.out.test$n 2>&1 || not=0 check-names off -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} update add xxx_xxx.fail.update. 600 A 10.10.10.1 send END @@ -90,31 +88,31 @@ if [ $not != 0 ]; then ret=1; fi $DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1 grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that updates to 'check-names warn;' succeed and are logged ($n)" +echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)" ret=0 $NSUPDATE -d < nsupdate.out.test$n 2>&1|| ret=1 check-names off -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} update add xxx_xxx.warn.update. 600 A 10.10.10.1 send END $DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that updates to 'check-names ignore;' succeed and are not logged ($n)" +echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)" ret=0 not=1 $NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 check-names off -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} update add xxx_xxx.ignore.update. 600 A 10.10.10.1 send END @@ -122,16 +120,16 @@ grep "xxx_xxx.ignore.update/A.*(check-names)" ns1/named.run > /dev/null || not=0 if [ $not != 0 ]; then ret=1; fi $DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I: check that updates to 'check-names master ignore;' succeed and are not logged ($n)" +echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)" ret=0 not=1 $NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 check-names off -server 10.53.0.4 5300 +server 10.53.0.4 ${PORT} update add xxx_xxx.master-ignore.update. 600 A 10.10.10.1 send END @@ -139,9 +137,9 @@ grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns1/named.run > /dev/null | if [ $not != 0 ]; then ret=1; fi $DIG $DIGOPTS xxx_xxx.master-ignore.update @10.53.0.4 A > dig.out.ns4.test$n || ret=1 grep NOERROR dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index feeba3318f..03c88358da 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -12,7 +12,7 @@ n=1 for db in zones/good*.db do - echo "I:checking $db ($n)" + echo_i "checking $db ($n)" ret=0 case $db in zones/good-gc-msdcs.db) @@ -26,13 +26,13 @@ do ;; esac n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done for db in zones/bad*.db do - echo "I:checking $db ($n)" + echo_i "checking $db ($n)" ret=0 case $db in zones/bad-dns-sd-reverse.db) @@ -43,11 +43,11 @@ do ;; esac n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done -echo "I:checking with journal file ($n)" +echo_i "checking with journal file ($n)" ret=0 $CHECKZONE -D -o test.orig.db test zones/test1.db > /dev/null 2>&1 || ret=1 $CHECKZONE -D -o test.changed.db test zones/test2.db > /dev/null 2>&1 || ret=1 @@ -60,10 +60,10 @@ mv -f test.orig.db.jnl test.journal $CHECKZONE -D -J test.journal -o test.out2.db test test.orig.db > /dev/null 2>&1 || ret=1 cmp -s test.changed.db test.out2.db || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking with spf warnings ($n)" +echo_i "checking with spf warnings ($n)" ret=0 $CHECKZONE example zones/spf.db > test.out1.$n 2>&1 || ret=1 $CHECKZONE -T ignore example zones/spf.db > test.out2.$n 2>&1 || ret=1 @@ -74,66 +74,66 @@ grep "'x.example' found type SPF" test.out2.$n > /dev/null && ret=1 grep "'y.example' found type SPF" test.out2.$n > /dev/null && ret=1 grep "'example' found type SPF" test.out2.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking with max ttl (text) ($n)" +echo_i "checking with max ttl (text) ($n)" ret=0 $CHECKZONE -l 300 example zones/good1.db > test.out1.$n 2>&1 && ret=1 $CHECKZONE -l 600 example zones/good1.db > test.out2.$n 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking with max ttl (raw) ($n)" +echo_i "checking with max ttl (raw) ($n)" ret=0 $CHECKZONE -f raw -l 300 example good1.db.raw > test.out1.$n 2>&1 && ret=1 $CHECKZONE -f raw -l 600 example good1.db.raw > test.out2.$n 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking with max ttl (map) ($n)" +echo_i "checking with max ttl (map) ($n)" ret=0 $CHECKZONE -f map -l 300 example good1.db.map > test.out1.$n 2>&1 && ret=1 $CHECKZONE -f map -l 600 example good1.db.map > test.out2.$n 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for no 'inherited owner' warning on '\$INCLUDE file' with no new \$ORIGIN ($n)" +echo_i "checking for no 'inherited owner' warning on '\$INCLUDE file' with no new \$ORIGIN ($n)" ret=0 $CHECKZONE example zones/nowarn.inherited.owner.db > test.out1.$n 2>&1 || ret=1 grep "inherited.owner" test.out1.$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for 'inherited owner' warning on '\$ORIGIN + \$INCLUDE file' ($n)" +echo_i "checking for 'inherited owner' warning on '\$ORIGIN + \$INCLUDE file' ($n)" ret=0 $CHECKZONE example zones/warn.inherit.origin.db > test.out1.$n 2>&1 || ret=1 grep "inherited.owner" test.out1.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for 'inherited owner' warning on '\$INCLUDE file origin' ($n)" +echo_i "checking for 'inherited owner' warning on '\$INCLUDE file origin' ($n)" ret=0 $CHECKZONE example zones/warn.inherited.owner.db > test.out1.$n 2>&1 || ret=1 grep "inherited.owner" test.out1.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that raw zone with bad class is handled ($n)" +echo_i "checking that raw zone with bad class is handled ($n)" ret=0 $CHECKZONE -f raw example zones/bad-badclass.raw > test.out.$n 2>&1 && ret=1 grep "failed: bad class" test.out.$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that expirations that loop using serial arithmetic are handled ($n)" +echo_i "checking that expirations that loop using serial arithmetic are handled ($n)" ret=0 q=-q test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 @@ -159,24 +159,24 @@ test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that nameserver below DNAME is reported even with occulted address record present ($n)" +echo_i "checking that nameserver below DNAME is reported even with occulted address record present ($n)" ret=0 $CHECKZONE example.com zones/ns-address-below-dname.db > test.out.$n 2>&1 && ret=1 grep "is below a DNAME" test.out.$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that delegating nameserver below DNAME is reported even with occulted address record present ($n)" +echo_i "checking that delegating nameserver below DNAME is reported even with occulted address record present ($n)" ret=0 $CHECKZONE example.com zones/delegating-ns-address-below-dname.db > test.out.$n 2>&1 || ret=1 grep "is below a DNAME" test.out.$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/cleanall.sh b/bin/tests/system/cleanall.sh index cc56c21368..6920734c1e 100644 --- a/bin/tests/system/cleanall.sh +++ b/bin/tests/system/cleanall.sh @@ -22,6 +22,8 @@ find . -type f \( \ status=0 +rm -f $SYSTEMTESTTOP/random.data + for d in $SUBDIRS do test ! -f $d/clean.sh || ( cd $d && $SHELL clean.sh ) diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 1d0d55fbe1..0047b552cc 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -71,31 +71,38 @@ KRB5_CONFIG=/dev/null # The "stress" test is not run by default since it creates enough # load on the machine to make it unusable to other users. -# v6synth +# The "dialup" and "delzone" tests are also not run by default because +# they take a very long time to complete. # -# List of tests that use ports 5300 and 9953. For this reason, these must -# be run sequentially. -SEQUENTIALDIRS="acl additional addzone auth autosign builtin \ - cacheclean case cds chain \ - checkconf @CHECKDS@ checknames checkzone cookie @COVERAGE@ \ - database digdelv dlv dlz dlzexternal \ - dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa \ - emptyzones fetchlimit filter-aaaa formerr geoip glue gost \ - inline integrity ixfr keepalive @KEYMGR@ legacy limits \ - logfileconfig masterfile masterformat metadata mkeys \ - names notify nslookup nsupdate nzd2nzf padding pending \ - pipelined @PKCS11_TEST@ reclimit redirect resolver rndc \ - rpz rrchecker rrl rrsetorder rsabigexponent \ - runtime sfcache smartsign sortlist spf staticstub \ - statistics statschannel stub synthfromdnssec tcp tkey tools \ - tsig tsiggss unknown upforwd verify views wildcard xfer \ - xferquota zero zonechecks" - -# List of tests that use unique ports (other than 5300 and 9953). These -# tests can be run in parallel. +# List of tests hard-coded to use ports 5300 and 9953. For this +# reason, these must be run sequentially. +SEQUENTIALDIRS="ecdsa eddsa gost @PKCS11_TEST@ tkey" + +# List of tests that use ports assigned by caller (other than 5300 +# and 9953). Because separate blocks of ports can be used for teach +# test, these tests can be run in parallel. # # This symbol must be kept in step with the PARALLEL macro in Makefile.in -PARALLELDIRS="allow_query catz rpzrecurse serve-stale" +PARALLELDIRS="acl additional addzone allow_query auth autosign \ + builtin cacheclean case catz cds chain \ + checkconf checknames checkzone \ + @CHECKDS@ @COVERAGE@ @KEYMGR@ \ + cookie database digdelv dlv dlz dlzexternal \ + dns64 dnssec @DNSTAP@ dscp dsdigest dyndb \ + ednscompliance emptyzones \ + fetchlimit filter-aaaa formerr forward \ + geoip glue inline integrity ixfr keepalive \ + legacy limits logfileconfig \ + masterfile masterformat metadata mkeys \ + names notify nslookup nsupdate nzd2nzf \ + padding pending pipelined \ + reclimit redirect resolver rndc rpz rpzrecurse \ + rrchecker rrlrrsetorder rsabigexponent runtime \ + serve-stale sfcache smartsign sortlist \ + spf staticstub statistics statschannel stub synthfromdnssec \ + tcp tools tsig tsiggss \ + unknown upforwd verify views wildcard \ + xfer xferquota zero zonechecks" SUBDIRS="$SEQUENTIALDIRS $PARALLELDIRS" @@ -224,6 +231,12 @@ echo_i() { done } +cat_i() { + while read LINE ; do + echoinfo "I:$SYSTESTDIR:$LINE" + done +} + # # Useful functions in test scripts # diff --git a/bin/tests/system/cookie/clean.sh b/bin/tests/system/cookie/clean.sh index 3f0e4c7709..02019605da 100644 --- a/bin/tests/system/cookie/clean.sh +++ b/bin/tests/system/cookie/clean.sh @@ -4,6 +4,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +rm -f ns*/named.conf rm -f dig.out.* rm -f ns1/named_dump.db rm -f ns*/named.memstats diff --git a/bin/tests/system/cookie/ns1/named.conf b/bin/tests/system/cookie/ns1/named.conf.in similarity index 92% rename from bin/tests/system/cookie/ns1/named.conf rename to bin/tests/system/cookie/ns1/named.conf.in index 8b6f4db7fd..9919349817 100644 --- a/bin/tests/system/cookie/ns1/named.conf +++ b/bin/tests/system/cookie/ns1/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.1 dscp 1; notify-source 10.53.0.1 dscp 2; transfer-source 10.53.0.1 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/ns2/named.conf b/bin/tests/system/cookie/ns2/named.conf.in similarity index 93% rename from bin/tests/system/cookie/ns2/named.conf rename to bin/tests/system/cookie/ns2/named.conf.in index 17e52c4053..bb7c830c28 100644 --- a/bin/tests/system/cookie/ns2/named.conf +++ b/bin/tests/system/cookie/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2 dscp 1; notify-source 10.53.0.2 dscp 2; transfer-source 10.53.0.2 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/ns3/named.conf b/bin/tests/system/cookie/ns3/named.conf.in similarity index 92% rename from bin/tests/system/cookie/ns3/named.conf rename to bin/tests/system/cookie/ns3/named.conf.in index 9f20f977f5..196565dee4 100644 --- a/bin/tests/system/cookie/ns3/named.conf +++ b/bin/tests/system/cookie/ns3/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.3 dscp 1; notify-source 10.53.0.3 dscp 2; transfer-source 10.53.0.3 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/ns4/named.conf b/bin/tests/system/cookie/ns4/named.conf.in similarity index 89% rename from bin/tests/system/cookie/ns4/named.conf rename to bin/tests/system/cookie/ns4/named.conf.in index 439117bb6d..3d1d1e7305 100644 --- a/bin/tests/system/cookie/ns4/named.conf +++ b/bin/tests/system/cookie/ns4/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/ns5/named.conf b/bin/tests/system/cookie/ns5/named.conf.in similarity index 90% rename from bin/tests/system/cookie/ns5/named.conf rename to bin/tests/system/cookie/ns5/named.conf.in index 7c8fc90025..93de7fe56b 100644 --- a/bin/tests/system/cookie/ns5/named.conf +++ b/bin/tests/system/cookie/ns5/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/ns6/named.conf b/bin/tests/system/cookie/ns6/named.conf.in similarity index 89% rename from bin/tests/system/cookie/ns6/named.conf rename to bin/tests/system/cookie/ns6/named.conf.in index 9c9750da4c..d1f220039f 100644 --- a/bin/tests/system/cookie/ns6/named.conf +++ b/bin/tests/system/cookie/ns6/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.6 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.6; notify-source 10.53.0.6; transfer-source 10.53.0.6; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/cookie/setup.sh b/bin/tests/system/cookie/setup.sh new file mode 100644 index 0000000000..c5c0abaf60 --- /dev/null +++ b/bin/tests/system/cookie/setup.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh index 833539dd3a..a0af7e0e03 100755 --- a/bin/tests/system/cookie/tests.sh +++ b/bin/tests/system/cookie/tests.sh @@ -6,11 +6,12 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.22 2012/02/09 23:47:18 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + status=0 n=0 @@ -33,109 +34,109 @@ havetc() { for bad in bad*.conf do n=`expr $n + 1` - echo "I:checking that named-checkconf detects error in $bad ($n)" + echo_i "checking that named-checkconf detects error in $bad ($n)" ret=0 $CHECKCONF $bad > /dev/null 2>&1 && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done for good in good*.conf do n=`expr $n + 1` - echo "I:checking that named-checkconf detects accepts $good ($n)" + echo_i "checking that named-checkconf detects accepts $good ($n)" ret=0 $CHECKCONF $good > /dev/null 2>&1 || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done n=`expr $n + 1` -echo "I:checking COOKIE token returned to empty COOKIE option ($n)" +echo_i "checking COOKIE token returned to empty COOKIE option ($n)" ret=0 -$DIG +qr +cookie version.bind txt ch @10.53.0.1 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +qr +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking response size without COOKIE ($n)" +echo_i "checking response size without COOKIE ($n)" ret=0 -$DIG large.example txt @10.53.0.1 -p 5300 +ignore > dig.out.test$n +$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking response size without valid COOKIE ($n)" +echo_i "checking response size without valid COOKIE ($n)" ret=0 -$DIG +cookie large.example txt @10.53.0.1 -p 5300 +ignore > dig.out.test$n +$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n || ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking response size with COOKIE ($n)" +echo_i "checking response size with COOKIE ($n)" ret=0 -$DIG +cookie large.example txt @10.53.0.1 -p 5300 > dig.out.test$n.l +$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l cookie=`getcookie dig.out.test$n.l` -$DIG +qr +cookie=$cookie large.example txt @10.53.0.1 -p 5300 +ignore > dig.out.test$n +$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n && ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking response size with COOKIE recursive ($n)" +echo_i "checking response size with COOKIE recursive ($n)" ret=0 -$DIG +qr +cookie=$cookie large.xxx txt @10.53.0.1 -p 5300 +ignore > dig.out.test$n +$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n && ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking COOKIE is learnt for TCP retry ($n)" +echo_i "checking COOKIE is learnt for TCP retry ($n)" ret=0 -$DIG +qr +cookie large.example txt @10.53.0.1 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 3 ]; then ret=1; fi checkfull=`getcookie dig.out.test$n | fullcookie` if [ $checkfull != 1 ]; then ret=1; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking for COOKIE value in adb ($n)" +echo_i "checking for COOKIE value in adb ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 dumpdb +$RNDCCMD 10.53.0.1 dumpdb sleep 1 grep "10.53.0.2.*\[cookie=" ns1/named_dump.db > /dev/null|| ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking require-server-cookie default (no) ($n)" +echo_i "checking require-server-cookie default (no) ($n)" ret=0 -$DIG +qr +cookie +nobadcookie soa @10.53.0.1 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n grep BADCOOKIE dig.out.test$n > /dev/null && ret=1 linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 2 ]; then ret=1; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking require-server-cookie yes ($n)" +echo_i "checking require-server-cookie yes ($n)" ret=0 -$DIG +qr +cookie +nobadcookie soa @10.53.0.3 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 linecount=`getcookie dig.out.test$n | wc -l` if [ $linecount != 2 ]; then ret=1; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # @@ -156,87 +157,87 @@ status=`expr $status + $ret` # n=`expr $n + 1` -echo "I:get NS4 cookie for cross server checking ($n)" +echo_i "get NS4 cookie for cross server checking ($n)" ret=0 -$DIG +cookie -b 10.53.0.4 soa . @10.53.0.4 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 ns4cookie=`getcookie dig.out.test$n` test -n "$ns4cookie" || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:get NS5 cookie for cross server checking ($n)" +echo_i "get NS5 cookie for cross server checking ($n)" ret=0 -$DIG +cookie -b 10.53.0.4 soa . @10.53.0.5 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 ns5cookie=`getcookie dig.out.test$n` test -n "$ns5cookie" || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:get NS6 cookie for cross server checking ($n)" +echo_i "get NS6 cookie for cross server checking ($n)" ret=0 -$DIG +cookie -b 10.53.0.4 soa . @10.53.0.6 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 ns6cookie=`getcookie dig.out.test$n` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS4 cookie on NS5 (expect success) ($n)" +echo_i "test NS4 cookie on NS5 (expect success) ($n)" ret=0 -$DIG +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS4 cookie on NS6 (expect badcookie) ($n)" +echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)" ret=0 -$DIG +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS5 cookie on NS4 (expect success) ($n)" +echo_i "test NS5 cookie on NS4 (expect success) ($n)" ret=0 -$DIG +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS5 cookie on NS6 (expect badcookie) ($n)" +echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)" ret=0 -$DIG +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS6 cookie on NS4 (expect badcookie) ($n)" +echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)" ret=0 -$DIG +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test NS6 cookie on NS5 (expect success) ($n)" +echo_i "test NS6 cookie on NS5 (expect success) ($n)" ret=0 -$DIG +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/coverage/prereq.sh b/bin/tests/system/coverage/prereq.sh index 0eacf1db84..673708b806 100644 --- a/bin/tests/system/coverage/prereq.sh +++ b/bin/tests/system/coverage/prereq.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2014, 2016 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/bin/tests/system/coverage/tests.sh b/bin/tests/system/coverage/tests.sh index 295c2ab358..6ef1ff1fc0 100644 --- a/bin/tests/system/coverage/tests.sh +++ b/bin/tests/system/coverage/tests.sh @@ -24,11 +24,11 @@ matchall () { done } -echo "I:checking for DNSSEC key coverage issues" +echo_i "checking for DNSSEC key coverage issues" ret=0 for dir in [0-9][0-9]-*; do ret=0 - echo "I:$dir" + echo_i "$dir" args= warn= error= ok= retcode= match= . $dir/expect $COVERAGE $args -K $dir example.com > coverage.$n 2>&1 @@ -68,9 +68,9 @@ for dir in [0-9][0-9]-*; do fi n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/database/clean.sh b/bin/tests/system/database/clean.sh index feda9aaae2..c99245a962 100644 --- a/bin/tests/system/database/clean.sh +++ b/bin/tests/system/database/clean.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.3 2011/03/01 23:48:05 tbox Exp $ - rm -f ns1/named.conf ns1/named.run ns1/named.memstats rm -f dig.out.* rm -f ns*/named.lock diff --git a/bin/tests/system/database/ns1/named.conf1 b/bin/tests/system/database/ns1/named1.conf.in similarity index 84% rename from bin/tests/system/database/ns1/named.conf1 rename to bin/tests/system/database/ns1/named1.conf.in index f883a67e5b..965eed4a0d 100644 --- a/bin/tests/system/database/ns1/named.conf1 +++ b/bin/tests/system/database/ns1/named1.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf1,v 1.3 2011/03/01 23:48:06 tbox Exp $ */ - // NS1 key rndc_key { @@ -16,14 +14,14 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/database/ns1/named.conf2 b/bin/tests/system/database/ns1/named2.conf.in similarity index 84% rename from bin/tests/system/database/ns1/named.conf2 rename to bin/tests/system/database/ns1/named2.conf.in index fd4fc1b776..347870c52e 100644 --- a/bin/tests/system/database/ns1/named.conf2 +++ b/bin/tests/system/database/ns1/named2.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf2,v 1.3 2011/03/01 23:48:06 tbox Exp $ */ - // NS1 key rndc_key { @@ -16,14 +14,14 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/database/setup.sh b/bin/tests/system/database/setup.sh index 90686d6d95..f6b933c053 100644 --- a/bin/tests/system/database/setup.sh +++ b/bin/tests/system/database/setup.sh @@ -6,6 +6,8 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: setup.sh,v 1.3 2011/03/01 23:48:05 tbox Exp $ +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh -cp ns1/named.conf1 ns1/named.conf +$SHELL clean.sh +copy_setports ns1/named1.conf.in ns1/named.conf diff --git a/bin/tests/system/database/tests.sh b/bin/tests/system/database/tests.sh index b9972db0f3..53586ad433 100644 --- a/bin/tests/system/database/tests.sh +++ b/bin/tests/system/database/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.3 2011/03/01 23:48:05 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -16,23 +14,23 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" -RNDCCMD="$RNDC -s 10.53.0.1 -p 9953 -c ../common/rndc.conf" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" +RNDCCMD="$RNDC -s 10.53.0.1 -p ${CONTROLPORT} -c ../common/rndc.conf" # Check the example. domain -echo "I:checking pre reload zone ($n)" +echo_i "checking pre reload zone ($n)" ret=0 $DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "hostmaster\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -cp ns1/named.conf2 ns1/named.conf +copy_setports ns1/named2.conf.in ns1/named.conf $RNDCCMD reload 2>&1 >/dev/null -echo "I:checking post reload zone ($n)" +echo_i "checking post reload zone ($n)" ret=1 try=0 while test $try -lt 6 @@ -45,8 +43,8 @@ do test $ret -eq 0 && break done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/digdelv/clean.sh b/bin/tests/system/digdelv/clean.sh index f016c0c13c..e18e36f025 100644 --- a/bin/tests/system/digdelv/clean.sh +++ b/bin/tests/system/digdelv/clean.sh @@ -8,6 +8,7 @@ rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f delv.out.test* rm -f dig.out.*test* rm -f dig.out.mm.* diff --git a/bin/tests/system/digdelv/ns1/named.conf b/bin/tests/system/digdelv/ns1/named.conf.in similarity index 93% rename from bin/tests/system/digdelv/ns1/named.conf rename to bin/tests/system/digdelv/ns1/named.conf.in index 31168c2ea2..be23c92491 100644 --- a/bin/tests/system/digdelv/ns1/named.conf +++ b/bin/tests/system/digdelv/ns1/named.conf.in @@ -8,11 +8,9 @@ // NS1 -controls { /* empty */ }; - options { query-source address 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { fd92:7065:b8e:ffff::1; }; @@ -26,4 +24,3 @@ zone "." { type master; file "root.db"; }; - diff --git a/bin/tests/system/digdelv/ns2/named.conf b/bin/tests/system/digdelv/ns2/named.conf.in similarity index 93% rename from bin/tests/system/digdelv/ns2/named.conf rename to bin/tests/system/digdelv/ns2/named.conf.in index 674d22a0f4..f21f4cbb86 100644 --- a/bin/tests/system/digdelv/ns2/named.conf +++ b/bin/tests/system/digdelv/ns2/named.conf.in @@ -8,11 +8,9 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { fd92:7065:b8e:ffff::2; }; diff --git a/bin/tests/system/digdelv/ns3/named.conf b/bin/tests/system/digdelv/ns3/named.conf.in similarity index 93% rename from bin/tests/system/digdelv/ns3/named.conf rename to bin/tests/system/digdelv/ns3/named.conf.in index 8f20f222de..d39c45bd19 100644 --- a/bin/tests/system/digdelv/ns3/named.conf +++ b/bin/tests/system/digdelv/ns3/named.conf.in @@ -6,11 +6,9 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3 dscp 1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { fd92:7065:b8e:ffff::3; }; diff --git a/bin/tests/system/digdelv/setup.sh b/bin/tests/system/digdelv/setup.sh new file mode 100644 index 0000000000..e877403d82 --- /dev/null +++ b/bin/tests/system/digdelv/setup.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index e02c82ad92..3fe130585e 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -10,101 +10,101 @@ SYSTEMTESTTOP=.. status=0 n=0 # using dig insecure mode as not testing dnssec here -DIGOPTS="-i -p 5300" -SENDCMD="$PERL $SYSTEMTESTTOP/send.pl 10.53.0.4 5301" +DIGOPTS="-i -p ${PORT}" +SENDCMD="$PERL $SYSTEMTESTTOP/send.pl 10.53.0.4 ${EXTRAPORT1}" if [ -x ${DIG} ] ; then n=`expr $n + 1` - echo "I:checking dig short form works ($n)" + echo_i "checking dig short form works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +short a a.example > dig.out.test$n || ret=1 if test `wc -l < dig.out.test$n` != 1 ; then ret=1 ; fi - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig split width works ($n)" + echo_i "checking dig split width works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +split=4 -t sshfp foo.example > dig.out.test$n || ret=1 grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +unknownformat works ($n)" + echo_i "checking dig +unknownformat works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +unknownformat a a.example > dig.out.test$n || ret=1 grep "CLASS1[ ][ ]*TYPE1[ ][ ]*\\\\# 4 0A000001" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig with reverse lookup works ($n)" + echo_i "checking dig with reverse lookup works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 -x 127.0.0.1 > dig.out.test$n 2>&1 || ret=1 # doesn't matter if has answer grep -i "127\.in-addr\.arpa\." < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig over TCP works ($n)" + echo_i "checking dig over TCP works ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 a a.example > dig.out.test$n || ret=1 grep "10\.0\.0\.1$" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)" + echo_i "checking dig +multi +norrcomments works for dnskey (when default is rrcomments)($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)" + echo_i "checking dig +multi +norrcomments works for soa (when default is rrcomments)($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > dig.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +rrcomments works for DNSKEY($n)" + echo_i "checking dig +rrcomments works for DNSKEY($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +short +rrcomments works for DNSKEY ($n)" + echo_i "checking dig +short +rrcomments works for DNSKEY ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +short +nosplit works($n)" + echo_i "checking dig +short +nosplit works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "Z8plc4Rb9VIE5x7KNHAYTvTO5d4S8M=$" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +short +rrcomments works($n)" + echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "S8M= ; ZSK; alg = RSAMD5 ; key id = 30795$" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig multi flag is local($n)" + echo_i "checking dig multi flag is local($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 -t DNSKEY dnskey.example +nomulti dnskey.example +nomulti > dig.out.nn.$n || ret=1 $DIG $DIGOPTS +tcp @10.53.0.3 -t DNSKEY dnskey.example +multi dnskey.example +nomulti > dig.out.mn.$n || ret=1 @@ -118,61 +118,61 @@ if [ -x ${DIG} ] ; then test $lcmm -ge $lcmn || ret=1 test $lcnm -ge $lcnn || ret=1 test $lcmn -ge $lcnn || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +noheader-only works ($n)" + echo_i "checking dig +noheader-only works ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +noheader-only A example > dig.out.test$n || ret=1 grep "Got answer:" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +short +rrcomments works($n)" + echo_i "checking dig +short +rrcomments works($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1 grep "S8M= ; ZSK; alg = RSAMD5 ; key id = 30795$" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I:checking dig +header-only works ($n)" + echo_i "checking dig +header-only works ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +header-only example > dig.out.test$n || ret=1 grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1 grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +header-only works (with class and type set) ($n)" + echo_i "checking dig +header-only works (with class and type set) ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +header-only -c IN -t A example > dig.out.test$n || ret=1 grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1 grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +zflag works, and that BIND properly ignores it ($n)" + echo_i "checking dig +zflag works, and that BIND properly ignores it ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.3 +zflag +qr A example > dig.out.test$n || ret=1 sed -n '/Sending:/,/Got answer:/p' dig.out.test$n | grep "^;; flags: rd ad; MBZ: 0x4;" > /dev/null || ret=1 sed -n '/Got answer:/,/AUTHORITY SECTION:/p' dig.out.test$n | grep "^;; flags: qr rd ra; QUERY: 1" > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +qr +ednsopt=08 does not cause an INSIST failure ($n)" + echo_i "checking dig +qr +ednsopt=08 does not cause an INSIST failure ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +ednsopt=08 +qr a a.example > dig.out.test$n || ret=1 grep "INSIST" < dig.out.test$n > /dev/null && ret=1 grep "FORMERR" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I:checking dig +ttlunits works ($n)" + echo_i "checking dig +ttlunits works ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +ttlunits A weeks.example > dig.out.test$n || ret=1 grep "^weeks.example. 3w" < dig.out.test$n > /dev/null || ret=1 @@ -184,11 +184,11 @@ if [ -x ${DIG} ] ; then grep "^minutes.example. 45m" < dig.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.2 +ttlunits A seconds.example > dig.out.test$n || ret=1 grep "^seconds.example. 45s" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig respects precedence of options with +ttlunits ($n)" + echo_i "checking dig respects precedence of options with +ttlunits ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +ttlunits +nottlid A weeks.example > dig.out.test$n || ret=1 grep "^weeks.example. IN" < dig.out.test$n > /dev/null || ret=1 @@ -196,11 +196,11 @@ if [ -x ${DIG} ] ; then grep "^weeks.example. 3w" < dig.out.test$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp @10.53.0.2 +nottlid +nottlunits A weeks.example > dig.out.test$n || ret=1 grep "^weeks.example. 1814400" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - + n=`expr $n + 1` - echo "I:checking dig preserves origin on TCP retries ($n)" + echo_i "checking dig preserves origin on TCP retries ($n)" ret=0 # Ask ans4 to still accept TCP connections, but not respond to queries echo "//" | $SENDCMD @@ -208,90 +208,90 @@ if [ -x ${DIG} ] ; then l=`grep "trying origin bar" dig.out.test$n | wc -l` [ ${l:-0} -eq 2 ] || ret=1 grep "using root origin" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig -6 -4 ($n)" + echo_i "checking dig -6 -4 ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 -4 -6 A a.example > dig.out.test$n 2>&1 && ret=1 grep "only one of -4 and -6 allowed" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - + n=`expr $n + 1` - echo "I:checking dig @IPv6addr -4 A a.example ($n)" + echo_i "checking dig @IPv6addr -4 A a.example ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null then ret=0 $DIG $DIGOPTS +tcp @fd92:7065:b8e:ffff::2 -4 A a.example > dig.out.test$n 2>&1 && ret=1 grep "address family not supported" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi - + n=`expr $n + 1` - echo "I:checking dig @IPv4addr -6 +mapped A a.example ($n)" + echo_i "checking dig @IPv4addr -6 +mapped A a.example ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null && [ `uname -s` != "OpenBSD" ] then ret=0 ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 -6 +mapped A a.example > dig.out.test$n 2>&1 || ret=1 - grep "SERVER: ::ffff:10.53.0.2#5300" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + grep "SERVER: ::ffff:10.53.0.2#${PORT}" < dig.out.test$n > /dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 or IPv4-to-IPv6 mapping unavailable; skipping" + echo_i "IPv6 or IPv4-to-IPv6 mapping unavailable; skipping" fi n=`expr $n + 1` - echo "I:checking dig +tcp @IPv4addr -6 +nomapped A a.example ($n)" + echo_i "checking dig +tcp @IPv4addr -6 +nomapped A a.example ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null then ret=0 ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1 - grep "SERVER: ::ffff:10.53.0.2#5300" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + grep "SERVER: ::ffff:10.53.0.2#${PORT}" < dig.out.test$n > /dev/null && ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi n=`expr $n + 1` - echo "I:checking dig +notcp @IPv4addr -6 +nomapped A a.example ($n)" + echo_i "checking dig +notcp @IPv4addr -6 +nomapped A a.example ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 2>/dev/null then ret=0 ret=0 $DIG $DIGOPTS +notcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1 - grep "SERVER: ::ffff:10.53.0.2#5300" < dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + grep "SERVER: ::ffff:10.53.0.2#${PORT}" < dig.out.test$n > /dev/null && ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi - + n=`expr $n + 1` - echo "I:checking dig +subnet ($n)" + echo_i "checking dig +subnet ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1 grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet +subnet ($n)" + echo_i "checking dig +subnet +subnet ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1 grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet with various prefix lengths ($n)" + echo_i "checking dig +subnet with various prefix lengths ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24; do $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=255.255.255.255/$i A a.example > dig.out.$i.test$n 2>&1 || ret=1 @@ -313,118 +313,118 @@ if [ -x ${DIG} ] ; then grep "FORMERR" < dig.out.$i.test$n > /dev/null && ret=1 grep "CLIENT-SUBNET: $addr/$i/0" < dig.out.$i.test$n > /dev/null || ret=1 done - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet=0/0 ($n)" + echo_i "checking dig +subnet=0/0 ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=0/0 A a.example > dig.out.test$n 2>&1 || ret=1 grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1 grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1 grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet=0 ($n)" + echo_i "checking dig +subnet=0 ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=0 A a.example > dig.out.test$n 2>&1 || ret=1 grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1 grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1 grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet=::/0 ($n)" + echo_i "checking dig +subnet=::/0 ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=::/0 A a.example > dig.out.test$n 2>&1 || ret=1 grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1 grep "CLIENT-SUBNET: ::/0/0" < dig.out.test$n > /dev/null || ret=1 grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +ednsopt=8:00000000 (family=0, source=0, scope=0) ($n)" + echo_i "checking dig +ednsopt=8:00000000 (family=0, source=0, scope=0) ($n)" ret=0 $DIG $DIGOPTS +tcp @10.53.0.2 +ednsopt=8:00000000 A a.example > dig.out.test$n 2>&1 || ret=1 grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1 grep "CLIENT-SUBNET: 0/0/0" < dig.out.test$n > /dev/null || ret=1 grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +ednsopt=8:00030000 (family=3, source=0, scope=0) ($n)" + echo_i "checking dig +ednsopt=8:00030000 (family=3, source=0, scope=0) ($n)" ret=0 $DIG $DIGOPTS +qr +tcp @10.53.0.2 +ednsopt=8:00030000 A a.example > dig.out.test$n 2>&1 || ret=1 grep "status: FORMERR" < dig.out.test$n > /dev/null || ret=1 grep "CLIENT-SUBNET: 00 03 00 00" < dig.out.test$n > /dev/null || ret=1 lines=`grep "CLIENT-SUBNET: 00 03 00 00" dig.out.test$n | wc -l` [ ${lines:-0} -eq 1 ] || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +subnet with prefix lengths between byte boundaries ($n)" + echo_i "checking dig +subnet with prefix lengths between byte boundaries ($n)" ret=0 for p in 9 10 11 12 13 14 15; do $DIG $DIGOPTS +tcp @10.53.0.2 +subnet=10.53/$p A a.example > dig.out.test.$p.$n 2>&1 || ret=1 grep "FORMERR" < dig.out.test.$p.$n > /dev/null && ret=1 grep "CLIENT-SUBNET.*/$p/0" < dig.out.test.$p.$n > /dev/null || ret=1 done - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - + n=`expr $n + 1` - echo "I:checking dig +sp works as an abbreviated form of split ($n)" + echo_i "checking dig +sp works as an abbreviated form of split ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +sp=4 -t sshfp foo.example > dig.out.test$n || ret=1 grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig -c works ($n)" + echo_i "checking dig -c works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 -c CHAOS -t txt version.bind > dig.out.test$n || ret=1 grep "version.bind. 0 CH TXT" < dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +dscp ($n)" + echo_i "checking dig +dscp ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +dscp=32 a a.example > /dev/null 2>&1 || ret=1 $DIG $DIGOPTS @10.53.0.3 +dscp=-1 a a.example > /dev/null 2>&1 && ret=1 $DIG $DIGOPTS @10.53.0.3 +dscp=64 a a.example > /dev/null 2>&1 && ret=1 #TODO add a check to make sure dig is actually setting the dscp on the query #we might have to add better logging to named for this - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +ednsopt with option number ($n)" + echo_i "checking dig +ednsopt with option number ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +ednsopt=3 a.example > dig.out.test$n 2>&1 || ret=1 grep 'NSID: .* ("ns3")' dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking dig +ednsopt with option name ($n)" + echo_i "checking dig +ednsopt with option name ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +ednsopt=nsid a.example > dig.out.test$n 2>&1 || ret=1 grep 'NSID: .* ("ns3")' dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` if $FEATURETEST --with-idn then - echo "I:checking dig +idnout ($n)" + echo_i "checking dig +idnout ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +noidnout xn--caf-dma.example. > dig.out.1.test$n 2>&1 || ret=1 $DIG $DIGOPTS @10.53.0.3 +idnout xn--caf-dma.example. > dig.out.2.test$n 2>&1 || ret=1 @@ -432,47 +432,47 @@ if [ -x ${DIG} ] ; then grep "^xn--caf-dma.example" dig.out.2.test$n > /dev/null && ret=1 grep 10.1.2.3 dig.out.1.test$n > /dev/null || ret=1 grep 10.1.2.3 dig.out.2.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:skipping 'dig +idnout' as IDN support is not enabled ($n)" + echo_i "skipping 'dig +idnout' as IDN support is not enabled ($n)" fi n=`expr $n + 1` - echo "I:checking that dig warns about .local queries ($n)" + echo_i "checking that dig warns about .local queries ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 local soa > dig.out.test$n 2>&1 || ret=1 grep ";; WARNING: .local is reserved for Multicast DNS" dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:check that dig processes +ednsopt=key-tag and FORMERR is returned ($n)" + echo_i "check that dig processes +ednsopt=key-tag and FORMERR is returned ($n)" $DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag a.example +qr > dig.out.test$n 2>&1 || ret=1 grep "; KEY-TAG$" dig.out.test$n > /dev/null || ret=1 grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:check that dig processes +ednsopt=key-tag: ($n)" + echo_i "check that dig processes +ednsopt=key-tag: ($n)" $DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag:00010002 a.example +qr > dig.out.test$n 2>&1 || ret=1 grep "; KEY-TAG: 1, 2$" dig.out.test$n > /dev/null || ret=1 grep "status: FORMERR" dig.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:check that dig processes +ednsopt=key-tag: and FORMERR is returned ($n)" + echo_i "check that dig processes +ednsopt=key-tag: and FORMERR is returned ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 +ednsopt=key-tag:0001000201 a.example +qr > dig.out.test$n 2>&1 || ret=1 grep "; KEY-TAG: 00 01 00 02 01" dig.out.test$n > /dev/null || ret=1 grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:check that dig gracefully handles bad escape in domain name ($n)" + echo_i "check that dig gracefully handles bad escape in domain name ($n)" ret=0 $DIG $DIGOPTS @10.53.0.3 '\0.' > dig.out.test$n 2>&1 digstatus=$? @@ -480,51 +480,51 @@ if [ -x ${DIG} ] ; then test $digstatus -eq 10 || ret=1 grep REQUIRE dig.out.test$n > /dev/null && ret=1 grep "is not a legal name (bad escape)" dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "$DIG is needed, so skipping these dig tests" + echo_i "$DIG is needed, so skipping these dig tests" fi # using delv insecure mode as not testing dnssec here -DELVOPTS="-i -p 5300" +DELVOPTS="-i -p ${PORT}" if [ -x ${DELV} ] ; then n=`expr $n + 1` - echo "I:checking delv short form works ($n)" + echo_i "checking delv short form works ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 +short a a.example > delv.out.test$n || ret=1 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv split width works ($n)" + echo_i "checking delv split width works ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 +split=4 -t sshfp foo.example > delv.out.test$n || ret=1 grep " 9ABC DEF6 7890 " < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +unknownformat works ($n)" + echo_i "checking delv +unknownformat works ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 +unknownformat a a.example > delv.out.test$n || ret=1 grep "CLASS1[ ][ ]*TYPE1[ ][ ]*\\\\# 4 0A000001" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv -4 -6 ($n)" + echo_i "checking delv -4 -6 ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 -4 -6 A a.example > delv.out.test$n 2>&1 && ret=1 grep "only one of -4 and -6 allowed" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv with IPv6 on IPv4 does not work ($n)" + echo_i "checking delv with IPv6 on IPv4 does not work ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::3 2>/dev/null then ret=0 @@ -535,14 +535,14 @@ if [ -x ${DELV} ] ; then # it should have no results but error output grep "testing" < delv.out.test$n > /dev/null && ret=1 grep "Use of IPv4 disabled by -6" delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi n=`expr $n + 1` - echo "I:checking delv with IPv4 on IPv6 does not work ($n)" + echo_i "checking delv with IPv4 on IPv6 does not work ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::3 2>/dev/null then ret=0 @@ -553,125 +553,125 @@ if [ -x ${DELV} ] ; then # it should have no results but error output grep "testing" delv.out.test$n > /dev/null && ret=1 grep "Use of IPv6 disabled by -4" delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi n=`expr $n + 1` - echo "I:checking delv with reverse lookup works ($n)" + echo_i "checking delv with reverse lookup works ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 -x 127.0.0.1 > delv.out.test$n 2>&1 || ret=1 # doesn't matter if has answer grep -i "127\.in-addr\.arpa\." < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv over TCP works ($n)" + echo_i "checking delv over TCP works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 a a.example > delv.out.test$n || ret=1 grep "10\.0\.0\.1$" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)" + echo_i "checking delv +multi +norrcomments works for dnskey (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)" + echo_i "checking delv +multi +norrcomments works for soa (when default is rrcomments)($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +multi +norrcomments SOA example > delv.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +rrcomments works for DNSKEY($n)" + echo_i "checking delv +rrcomments works for DNSKEY($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +short +rrcomments works for DNSKEY ($n)" + echo_i "checking delv +short +rrcomments works for DNSKEY ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "; ZSK; alg = RSAMD5 ; key id = 30795" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +short +rrcomments works ($n)" + echo_i "checking delv +short +rrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "S8M= ; ZSK; alg = RSAMD5 ; key id = 30795$" < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +short +nosplit works ($n)" + echo_i "checking delv +short +nosplit works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "Z8plc4Rb9VIE5x7KNHAYTvTO5d4S8M=" < delv.out.test$n > /dev/null || ret=1 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 14 || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv +short +nosplit +norrcomments works ($n)" + echo_i "checking delv +short +nosplit +norrcomments works ($n)" ret=0 $DELV $DELVOPTS +tcp @10.53.0.3 +short +nosplit +norrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1 grep "Z8plc4Rb9VIE5x7KNHAYTvTO5d4S8M=$" < delv.out.test$n > /dev/null || ret=1 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi f=`awk '{print NF}' < delv.out.test$n` test "${f:-0}" -eq 4 || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - + n=`expr $n + 1` - echo "I:checking delv +sp works as an abbriviated form of split ($n)" + echo_i "checking delv +sp works as an abbriviated form of split ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 +sp=4 -t sshfp foo.example > delv.out.test$n || ret=1 grep " 9ABC DEF6 7890 " < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - + n=`expr $n + 1` - echo "I:checking delv +sh works as an abbriviated form of short ($n)" + echo_i "checking delv +sh works as an abbriviated form of short ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 +sh a a.example > delv.out.test$n || ret=1 if test `wc -l < delv.out.test$n` != 1 ; then ret=1 ; fi - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv -c IN works ($n)" + echo_i "checking delv -c IN works ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 -c IN -t a a.example > delv.out.test$n || ret=1 grep "a.example." < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` - echo "I:checking delv -c CH is ignored, and treated like IN ($n)" + echo_i "checking delv -c CH is ignored, and treated like IN ($n)" ret=0 $DELV $DELVOPTS @10.53.0.3 -c CH -t a a.example > delv.out.test$n || ret=1 grep "a.example." < delv.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "$DELV is needed, so skipping these delv tests" + echo_i "$DELV is needed, so skipping these delv tests" fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh index 584c52e854..8f1413236a 100644 --- a/bin/tests/system/dlv/clean.sh +++ b/bin/tests/system/dlv/clean.sh @@ -7,6 +7,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. rm -f ns*/named.run +rm -f ns*/named.conf rm -f ns1/K* rm -f ns1/dsset-* rm -f ns1/*.signed diff --git a/bin/tests/system/dlv/ns1/named.conf b/bin/tests/system/dlv/ns1/named.conf.in similarity index 86% rename from bin/tests/system/dlv/ns1/named.conf rename to bin/tests/system/dlv/ns1/named.conf.in index 299b4e844d..b4b22c7ddc 100644 --- a/bin/tests/system/dlv/ns1/named.conf +++ b/bin/tests/system/dlv/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.6 2011/05/26 23:47:28 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index d69ebac124..36af850d08 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=../.. (cd ../ns2 && $SHELL -e ./sign.sh || exit 1) -echo "I:dlv/ns1/sign.sh" +echo_i "dlv/ns1/sign.sh" zone=. infile=root.db.in @@ -25,7 +25,7 @@ cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" grep -v '^;' $keyname2.key | $PERL -n -e ' local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; diff --git a/bin/tests/system/dlv/ns2/named.conf b/bin/tests/system/dlv/ns2/named.conf.in similarity index 86% rename from bin/tests/system/dlv/ns2/named.conf rename to bin/tests/system/dlv/ns2/named.conf.in index 303a13d0d8..ece497ba0b 100644 --- a/bin/tests/system/dlv/ns2/named.conf +++ b/bin/tests/system/dlv/ns2/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.6 2011/05/26 23:47:28 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh index 91d3aa1676..764465a04f 100755 --- a/bin/tests/system/dlv/ns2/sign.sh +++ b/bin/tests/system/dlv/ns2/sign.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=../.. (cd ../ns3 && $SHELL -e ./sign.sh || exit 1) -echo "I:dlv/ns2/sign.sh" +echo_i "dlv/ns2/sign.sh" zone=druz. infile=druz.db.in @@ -29,4 +29,4 @@ $SIGNER -r $RANDFILE -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2 $CHECKZONE -q -D -i none druz druz.pre | sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed -echo "I: signed $zone" +echo_i "signed $zone" diff --git a/bin/tests/system/dlv/ns3/named.conf b/bin/tests/system/dlv/ns3/named.conf.in similarity index 94% rename from bin/tests/system/dlv/ns3/named.conf rename to bin/tests/system/dlv/ns3/named.conf.in index 9c5a19e542..c400d7c50a 100644 --- a/bin/tests/system/dlv/ns3/named.conf +++ b/bin/tests/system/dlv/ns3/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.6 2011/05/26 23:47:28 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index ea7b73f63d..ba408e98f4 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=../.. (cd ../ns6 && $SHELL -e ./sign.sh) -echo "I:dlv/ns3/sign.sh" +echo_i "dlv/ns3/sign.sh" dlvzone=dlv.utld. dlvsets= @@ -30,7 +30,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child3.utld. @@ -46,7 +46,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child4.utld. @@ -61,7 +61,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child5.utld. @@ -77,7 +77,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child7.utld. @@ -92,7 +92,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child8.utld. @@ -106,7 +106,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child9.utld. @@ -121,7 +121,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child10.utld. infile=child.db.in @@ -135,7 +135,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child1.druz. infile=child.db.in @@ -151,7 +151,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child3.druz. @@ -168,7 +168,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child4.druz. @@ -184,7 +184,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child5.druz. @@ -201,7 +201,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child7.druz. @@ -217,7 +217,7 @@ dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile $SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child8.druz. @@ -231,7 +231,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child9.druz. @@ -246,7 +246,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=child10.druz. infile=child.db.in @@ -261,7 +261,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=dlv.utld. @@ -275,7 +275,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" grep -v '^;' $keyname2.key | $PERL -n -e ' diff --git a/bin/tests/system/dlv/ns4/named.conf b/bin/tests/system/dlv/ns4/named.conf.in similarity index 86% rename from bin/tests/system/dlv/ns4/named.conf rename to bin/tests/system/dlv/ns4/named.conf.in index e5c0a59a94..cdeb761593 100644 --- a/bin/tests/system/dlv/ns4/named.conf +++ b/bin/tests/system/dlv/ns4/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.4 2007/06/19 23:47:02 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlv/ns5/named.conf b/bin/tests/system/dlv/ns5/named.conf deleted file mode 100644 index 5090ee3a58..0000000000 --- a/bin/tests/system/dlv/ns5/named.conf +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2004, 2006, 2007, 2011, 2013, 2016, 2017 Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - */ - -/* $Id: named.conf,v 1.10 2011/05/26 23:47:28 tbox Exp $ */ - -/* - * Choose a keyname that is unlikely to clash with any real key names. - * This allows it to be added to the system's rndc.conf with minimal - * likelyhood of collision. - * - * e.g. - * key "cc64b3d1db63fc88d7cb5d2f9f57d258" { - * algorithm hmac-sha256; - * secret "34f88008d07deabbe65bd01f1d233d47"; - * }; - * - * server "10.53.0.5" { - * key cc64b3d1db63fc88d7cb5d2f9f57d258; - * port 5353; - * }; - * - * rndc -s 10.53.0.5 - */ - -key "cc64b3d1db63fc88d7cb5d2f9f57d258" { - algorithm hmac-sha256; - secret "34f88008d07deabbe65bd01f1d233d47"; -}; - -controls { - inet 10.53.0.5 port 5353 allow { any; } - keys { cc64b3d1db63fc88d7cb5d2f9f57d258; }; -}; - -include "trusted.conf"; -include "trusted-dlv.conf"; - -options { - query-source address 10.53.0.5; - notify-source 10.53.0.5; - transfer-source 10.53.0.5; - port 5300; - pid-file "named.pid"; - listen-on { 10.53.0.5; }; - listen-on-v6 { none; }; - recursion yes; - notify yes; - dnssec-enable yes; - dnssec-validation yes; - dnssec-lookaside "." trust-anchor "dlv.utld"; -}; - -zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/dlv/ns5/named.conf.in b/bin/tests/system/dlv/ns5/named.conf.in new file mode 100644 index 0000000000..defe25a826 --- /dev/null +++ b/bin/tests/system/dlv/ns5/named.conf.in @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2004, 2006, 2007, 2011, 2013, 2016, 2017 Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +include "trusted.conf"; +include "trusted-dlv.conf"; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + dnssec-enable yes; + dnssec-validation yes; + dnssec-lookaside "." trust-anchor "dlv.utld"; +}; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/dlv/ns6/named.conf b/bin/tests/system/dlv/ns6/named.conf.in similarity index 94% rename from bin/tests/system/dlv/ns6/named.conf rename to bin/tests/system/dlv/ns6/named.conf.in index ae617b89a6..d98699a0cd 100644 --- a/bin/tests/system/dlv/ns6/named.conf +++ b/bin/tests/system/dlv/ns6/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.6 2011/05/26 23:47:28 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.6; notify-source 10.53.0.6; transfer-source 10.53.0.6; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh index 533cd5987c..165b59c17a 100755 --- a/bin/tests/system/dlv/ns6/sign.sh +++ b/bin/tests/system/dlv/ns6/sign.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh -echo "I:dlv/ns6/sign.sh" +echo_i "dlv/ns6/sign.sh" zone=grand.child1.utld. infile=child.db.in @@ -22,7 +22,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child3.utld. @@ -37,7 +37,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child4.utld. @@ -52,7 +52,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child5.utld. @@ -67,7 +67,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child7.utld. @@ -82,7 +82,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child8.utld. @@ -97,7 +97,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child9.utld. @@ -112,7 +112,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child10.utld. infile=child.db.in @@ -126,7 +126,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child1.druz. infile=child.db.in @@ -139,7 +139,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child3.druz. @@ -154,7 +154,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child4.druz. @@ -169,7 +169,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child5.druz. @@ -184,7 +184,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child7.druz. @@ -199,7 +199,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child8.druz. @@ -214,7 +214,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child9.druz. @@ -229,7 +229,7 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" zone=grand.child10.druz. infile=child.db.in @@ -243,4 +243,4 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh index 1f31316168..6608b8ab09 100644 --- a/bin/tests/system/dlv/setup.sh +++ b/bin/tests/system/dlv/setup.sh @@ -11,4 +11,11 @@ SYSTEMTESTTOP=.. test -r $RANDFILE || $GENRANDOM 800 $RANDFILE +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf + (cd ns1 && $SHELL -e sign.sh) diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh index da4fb1ef44..d5684fcf0a 100644 --- a/bin/tests/system/dlv/tests.sh +++ b/bin/tests/system/dlv/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.8 2011/05/26 23:47:28 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -16,39 +14,39 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" -echo "I:checking that DNSKEY reference by DLV validates as secure ($n)" +echo_i "checking that DNSKEY reference by DLV validates as secure ($n)" ret=0 $DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that child DNSKEY reference by DLV validates as secure ($n)" +echo_i "checking that child DNSKEY reference by DLV validates as secure ($n)" ret=0 $DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that SOA reference by DLV in a DRUZ with DS validates as secure ($n)" +echo_i "checking that SOA reference by DLV in a DRUZ with DS validates as secure ($n)" ret=0 $DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that child SOA reference by DLV in a DRUZ with DS validates as secure ($n)" +echo_i "checking that child SOA reference by DLV in a DRUZ with DS validates as secure ($n)" ret=0 $DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dlz/clean.sh b/bin/tests/system/dlz/clean.sh index 3bc18af032..4f55ac2b51 100644 --- a/bin/tests/system/dlz/clean.sh +++ b/bin/tests/system/dlz/clean.sh @@ -6,8 +6,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.2 2010/08/16 04:46:15 marka Exp $ - +rm -f ns*/named.conf rm -f dig.out.* rm -f */named.memstats rm -f */named.run diff --git a/bin/tests/system/dlz/ns1/named.conf b/bin/tests/system/dlz/ns1/named.conf.in similarity index 84% rename from bin/tests/system/dlz/ns1/named.conf rename to bin/tests/system/dlz/ns1/named.conf.in index f18cdae31b..45a4a7c74c 100644 --- a/bin/tests/system/dlz/ns1/named.conf +++ b/bin/tests/system/dlz/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.2 2010/08/16 04:46:15 marka Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dlz/prereq.sh.in b/bin/tests/system/dlz/prereq.sh.in index 9e7a68b42d..398d00c743 100644 --- a/bin/tests/system/dlz/prereq.sh.in +++ b/bin/tests/system/dlz/prereq.sh.in @@ -6,12 +6,11 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: prereq.sh.in,v 1.2 2011/04/19 22:30:52 each Exp $ - -TOP=${SYSTEMTESTTOP:=.}/../../../.. +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh if [ "@DLZ_SYSTEM_TEST@" != "filesystem" ]; then - echo "I:DLZ filesystem driver not supported" + echo_i "DLZ filesystem driver not supported" exit 255 fi exit 0 diff --git a/bin/tests/system/dlz/setup.sh b/bin/tests/system/dlz/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/dlz/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/dlz/tests.sh b/bin/tests/system/dlz/tests.sh index b1a46582cf..0b155526ea 100644 --- a/bin/tests/system/dlz/tests.sh +++ b/bin/tests/system/dlz/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.4 2011/04/19 23:47:52 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -16,11 +14,11 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" # Check the example.com. domain -echo "I:checking DNAME at apex works ($n)" +echo_i "checking DNAME at apex works ($n)" ret=0 $DIG $DIGOPTS +norec foo.example.com. \ @10.53.0.1 a > dig.out.ns1.test$n || ret=1 @@ -29,46 +27,46 @@ grep "example.com..*DNAME.*example.net." dig.out.ns1.test$n > /dev/null || ret=1 grep "foo.example.com..*CNAME.*foo.example.net." dig.out.ns1.test$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking DLZ IXFR=2010062899 (less than serial) ($n)" +echo_i "checking DLZ IXFR=2010062899 (less than serial) ($n)" ret=0 $DIG $DIGOPTS ixfr=2010062899 example.com @10.53.0.1 +all > dig.out.ns1.test$n grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null || ret=1 grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking DLZ IXFR=2010062900 (equal serial) ($n)" +echo_i "checking DLZ IXFR=2010062900 (equal serial) ($n)" ret=0 $DIG $DIGOPTS ixfr=2010062900 example.com @10.53.0.1 +all > dig.out.ns1.test$n grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking DLZ IXFR=2010062901 (greater than serial) ($n)" +echo_i "checking DLZ IXFR=2010062901 (greater than serial) ($n)" ret=0 $DIG $DIGOPTS ixfr=2010062901 example.com @10.53.0.1 +all > dig.out.ns1.test$n grep "example.com..*IN.IXFR" dig.out.ns1.test$n > /dev/null || ret=1 grep "example.com..*10.IN.DNAME.example.net." dig.out.ns1.test$n > /dev/null && ret=1 grep "example.com..*10.IN.NS.example.com." dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking DLZ with a malformed SOA record" +echo_i "checking DLZ with a malformed SOA record" ret=0 $DIG $DIGOPTS broken.com type600 @10.53.0.1 > dig.out.ns1.test$n grep status: dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dlzexternal/clean.sh b/bin/tests/system/dlzexternal/clean.sh index cad3f4710d..cce160363a 100644 --- a/bin/tests/system/dlzexternal/clean.sh +++ b/bin/tests/system/dlzexternal/clean.sh @@ -12,6 +12,7 @@ rm -f ns1/update.txt rm -f */named.memstats +rm -f */named.conf rm -f */named.run rm -f ns1/ddns.key rm -f dig.out* diff --git a/bin/tests/system/dlzexternal/ns1/.gitignore b/bin/tests/system/dlzexternal/ns1/.gitignore index 58e5c9282d..40cc821d6c 100644 --- a/bin/tests/system/dlzexternal/ns1/.gitignore +++ b/bin/tests/system/dlzexternal/ns1/.gitignore @@ -1 +1,2 @@ named.conf +dlzs.conf diff --git a/bin/tests/system/dlzexternal/ns1/dlzs.conf.in b/bin/tests/system/dlzexternal/ns1/dlzs.conf.in new file mode 100644 index 0000000000..128352b53c --- /dev/null +++ b/bin/tests/system/dlzexternal/ns1/dlzs.conf.in @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +dlz "example one" { + database "dlopen ../driver.@SO@ example.nil"; +}; + +dlz "example two" { + database "dlopen ../driver.@SO@ alternate.nil"; +}; + +dlz "unsearched1" { + database "dlopen ../driver.@SO@ other.nil"; + search no; +}; + +dlz "unsearched2" { + database "dlopen ../driver.@SO@ zone.nil"; + search no; +}; + +dlz redzone { + database "dlopen ../driver.@SO@ ."; + search no; +}; diff --git a/bin/tests/system/dlzexternal/ns1/named.conf.in b/bin/tests/system/dlzexternal/ns1/named.conf.in index 9083d2abd1..5f650db0f2 100644 --- a/bin/tests/system/dlzexternal/ns1/named.conf.in +++ b/bin/tests/system/dlzexternal/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf.in,v 1.3 2011/03/10 23:47:50 tbox Exp $ */ - -controls { }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; session-keyfile "session.key"; listen-on { 10.53.0.1; 127.0.0.1; }; @@ -31,31 +27,10 @@ key rndc_key { include "ddns.key"; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; -}; - -dlz "example one" { - database "dlopen ../driver.@SO@ example.nil"; -}; - -dlz "example two" { - database "dlopen ../driver.@SO@ alternate.nil"; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; -dlz "unsearched1" { - database "dlopen ../driver.@SO@ other.nil"; - search no; -}; - -dlz "unsearched2" { - database "dlopen ../driver.@SO@ zone.nil"; - search no; -}; - -dlz redzone { - database "dlopen ../driver.@SO@ ."; - search no; -}; +include "dlzs.conf"; zone zone.nil { type master; diff --git a/bin/tests/system/dlzexternal/prereq.sh b/bin/tests/system/dlzexternal/prereq.sh index e016e66e53..8f0c601b26 100644 --- a/bin/tests/system/dlzexternal/prereq.sh +++ b/bin/tests/system/dlzexternal/prereq.sh @@ -10,7 +10,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh $FEATURETEST --have-dlopen || { - echo "I:dlopen() not supported - skipping dlzexternal test" + echo_i "dlopen() not supported - skipping dlzexternal test" exit 255 } exit 0 diff --git a/bin/tests/system/dlzexternal/setup.sh b/bin/tests/system/dlzexternal/setup.sh index c0cf30a34e..9af5067ecd 100644 --- a/bin/tests/system/dlzexternal/setup.sh +++ b/bin/tests/system/dlzexternal/setup.sh @@ -12,3 +12,5 @@ SYSTEMTESTTOP=.. test -r $RANDFILE || $GENRANDOM 800 $RANDFILE $DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key + +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index cf0713575f..b0d7415edf 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -12,11 +12,12 @@ SYSTEMTESTTOP=.. status=0 n=0 -DIGOPTS="@10.53.0.1 -p 5300 +nocookie" +DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" newtest() { n=`expr $n + 1` - echo "${1} (${n})" + echo_i "${1} (${n})" ret=0 } @@ -28,15 +29,15 @@ test_update() { should_fail="$5" cat < ns1/update.txt -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} update add $host $cmd send EOF - newtest "I:testing update for $host $type $cmd${comment:+ }$comment" + newtest "testing update for $host $type $cmd${comment:+ }$comment" $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 || { [ "$should_fail" ] || \ - echo "I:update failed for $host $type $cmd" + echo_i "update failed for $host $type $cmd" return 1 } @@ -44,7 +45,7 @@ EOF lines=`echo "$out" | grep "$digout" | wc -l` [ $lines -eq 1 ] || { [ "$should_fail" ] || \ - echo "I:dig output incorrect for $host $type $cmd: $out" + echo_i "dig output incorrect for $host $type $cmd: $out" return 1 } return 0 @@ -62,15 +63,15 @@ status=`expr $status + $ret` test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 status=`expr $status + $ret` -newtest "I:testing nxrrset" +newtest "testing nxrrset" $DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1 status=`expr $status + $ret` -newtest "I:testing prerequisites are checked correctly" +newtest "testing prerequisites are checked correctly" cat > ns1/update.txt << EOF -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} prereq nxdomain testdc3.example.nil update add testdc3.example.nil 86500 in a 10.53.0.12 send @@ -78,70 +79,70 @@ EOF $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1 out=`$DIG $DIGOPTS +short a testdc3.example.nil` [ "$out" = "10.53.0.12" ] && ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing passing client info into DLZ driver" +newtest "testing passing client info into DLZ driver" out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'` addr=`eval echo "$out" | cut -f1 -d'#'` [ "$addr" = "10.53.0.1" ] || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing DLZ driver is cleaned up on reload" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' +newtest "testing DLZ driver is cleaned up on reload" +$RNDCCMD 10.53.0.1 reload 2>&1 | sed 's/^/ns1 /' | cat_i for i in 0 1 2 3 4 5 6 7 8 9; do ret=0 grep 'dlz_example: shutting down zone example.nil' ns1/named.run > /dev/null 2>&1 || ret=1 [ "$ret" -eq 0 ] && break sleep 1 done -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing multiple DLZ drivers" +newtest "testing multiple DLZ drivers" test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 status=`expr $status + $ret` -newtest "I:testing AXFR from DLZ drivers" +newtest "testing AXFR from DLZ drivers" $DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.ns1.test$n lines=`cat dig.out.ns1.test$n | wc -l` [ ${lines:-0} -eq 4 ] || ret=1 $DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.ns1.test$n lines=`cat dig.out.ns1.test$n | wc -l` [ ${lines:-0} -eq 5 ] || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing unsearched/unregistered DLZ zone is not found" +newtest "testing unsearched/unregistered DLZ zone is not found" $DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing unsearched/registered DLZ zone is found" +newtest "testing unsearched/registered DLZ zone is found" $DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing unsearched/registered DLZ zone is found" +newtest "testing unsearched/registered DLZ zone is found" $DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing correct behavior with findzone returning ISC_R_NOMORE" +newtest "testing correct behavior with findzone returning ISC_R_NOMORE" $DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1 # we should only find one logged lookup per searched DLZ database lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l` [ $lines -eq 1 ] || ret=1 lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l` [ $lines -eq 1 ] || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing findzone can return different results per client" +newtest "testing findzone can return different results per client" $DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1 # we should only find one logged lookup per searched DLZ database lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` @@ -154,45 +155,45 @@ lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` [ $lines -gt 2 ] || ret=1 lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` [ $lines -gt 2 ] || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing zone returning oversized data" +newtest "testing zone returning oversized data" $DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1 grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:testing zone returning oversized data at zone origin" +newtest "testing zone returning oversized data at zone origin" $DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1 grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 -[ "$ret" -eq 0 ] || echo "I:failed" +[ "$ret" -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -newtest "I:checking redirected lookup for nonexistent name" +newtest "checking redirected lookup for nonexistent name" $DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -newtest "I:checking no redirected lookup for nonexistent type" +newtest "checking no redirected lookup for nonexistent type" $DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -newtest "I:checking redirected lookup for a long nonexistent name" +newtest "checking redirected lookup for a long nonexistent name" $DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l` [ "$lookups" -eq 1 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dns64/clean.sh b/bin/tests/system/dns64/clean.sh index 13ac11d606..4bb91c6897 100644 --- a/bin/tests/system/dns64/clean.sh +++ b/bin/tests/system/dns64/clean.sh @@ -6,6 +6,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +rm -f ns*/named.conf rm -f ns1/K* rm -f ns1/signed.db* rm -f ns1/dsset-signed. diff --git a/bin/tests/system/dns64/ns1/named.conf b/bin/tests/system/dns64/ns1/named.conf.in similarity index 90% rename from bin/tests/system/dns64/ns1/named.conf rename to bin/tests/system/dns64/ns1/named.conf.in index 9a1c5c2015..5b024893ea 100644 --- a/bin/tests/system/dns64/ns1/named.conf +++ b/bin/tests/system/dns64/ns1/named.conf.in @@ -6,19 +6,15 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2010/12/08 23:51:56 tbox Exp $ */ - // NS1 -controls { /* empty */ }; - acl rfc1918 { 10/8; 192.168/16; 172.16/12; }; options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dns64/ns2/named.conf b/bin/tests/system/dns64/ns2/named.conf.in similarity index 93% rename from bin/tests/system/dns64/ns2/named.conf rename to bin/tests/system/dns64/ns2/named.conf.in index 6c8f2d0da5..91f3b3b422 100644 --- a/bin/tests/system/dns64/ns2/named.conf +++ b/bin/tests/system/dns64/ns2/named.conf.in @@ -6,19 +6,15 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.4 2011/01/07 23:47:07 tbox Exp $ */ - // NS2 -controls { /* empty */ }; - acl rfc1918 { 10/8; 192.168/16; 172.16/12; }; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dns64/setup.sh b/bin/tests/system/dns64/setup.sh index 103031153c..f907636639 100644 --- a/bin/tests/system/dns64/setup.sh +++ b/bin/tests/system/dns64/setup.sh @@ -13,4 +13,7 @@ $SHELL clean.sh test -r $RANDFILE || $GENRANDOM 800 $RANDFILE +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf + cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/dns64/tests.sh b/bin/tests/system/dns64/tests.sh index 05c43e6c38..5be5dd48e1 100644 --- a/bin/tests/system/dns64/tests.sh +++ b/bin/tests/system/dns64/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.5 2011/02/03 07:35:55 marka Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -16,76 +14,76 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" for conf in conf/good*.conf do - echo "I:checking that $conf is accepted ($n)" + echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done for conf in conf/bad*.conf do - echo "I:checking that $conf is rejected ($n)" + echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done # Check the example. domain -echo "I: checking non-excluded AAAA lookup works ($n)" +echo_i "checking non-excluded AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA lookup works ($n)" +echo_i "checking excluded only AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A lookup works ($n)" +echo_i "checking excluded AAAA and non-mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A lookup works ($n)" +echo_i "checking excluded only AAAA and mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking default exclude acl ignores mapped A records (all mapped) ($n)" +echo_i "checking default exclude acl ignores mapped A records (all mapped) ($n)" ret=0 $DIG $DIGOPTS a-and-mapped.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::1.2.3.5" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking default exclude acl ignores mapped A records (some mapped) ($n)" +echo_i "checking default exclude acl ignores mapped A records (some mapped) ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa-and-mapped.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 @@ -93,457 +91,457 @@ grep "2001:eeee::4" dig.out.ns2.test$n > /dev/null || ret=1 grep "::ffff:1.2.3.4" dig.out.ns2.test$n > /dev/null && ret=1 grep "::ffff:1.2.3.5" dig.out.ns2.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking default exclude acl works with AAAA only ($n)" +echo_i "checking default exclude acl works with AAAA only ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking default exclude acl A only lookup works ($n)" +echo_i "checking default exclude acl A only lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially excluded only AAAA lookup works ($n)" +echo_i "checking partially excluded only AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS partially-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded AAAA and non-mapped A lookup works ($n)" +echo_i "checking partially-excluded AAAA and non-mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded only AAAA and mapped A lookup works ($n)" +echo_i "checking partially-excluded only AAAA and mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only lookup works ($n)" +echo_i "checking AAAA only lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only lookup works ($n)" +echo_i "checking A only lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA lookup works ($n)" +echo_i "checking A and AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A lookup works ($n)" +echo_i "checking non-mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA lookup works ($n)" +echo_i "checking NODATA AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA lookup works ($n)" +echo_i "checking non-existent AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME lookup works ($n)" +echo_i "checking non-excluded AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME lookup works ($n)" +echo_i "checking excluded only AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME lookup works ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME lookup works ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME lookup works ($n)" +echo_i "checking AAAA only via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME lookup works ($n)" +echo_i "checking A only via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME lookup works ($n)" +echo_i "checking A and AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME lookup works ($n)" +echo_i "checking non-mapped A via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME lookup works ($n)" +echo_i "checking NODATA AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME lookup works ($n)" +echo_i "checking non-existent AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the example. domain recursive only -echo "I: checking non-excluded AAAA lookup works, recursive only ($n)" +echo_i "checking non-excluded AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA lookup works, recursive only ($n)" +echo_i "checking excluded only AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A lookup works, recursive only ($n)" +echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A lookup works, recursive only ($n)" +echo_i "checking excluded only AAAA and mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially excluded only AAAA lookup works, recursive only ($n)" +echo_i "checking partially excluded only AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS partially-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded AAAA and non-mapped A lookup works, recursive only ($n)" +echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded only AAAA and mapped A lookup works, recursive only ($n)" +echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only lookup works, recursive only ($n)" +echo_i "checking AAAA only lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only lookup works, recursive only ($n)" +echo_i "checking A only lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA lookup works, recursive only ($n)" +echo_i "checking A and AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A lookup works, recursive only ($n)" +echo_i "checking non-mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA lookup works, recursive only ($n)" +echo_i "checking NODATA AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA lookup works, recursive only ($n)" +echo_i "checking non-existent AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME lookup works, recursive only ($n)" +echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME lookup works, recursive only ($n)" +echo_i "checking excluded only AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME lookup works, recursive only ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:304" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME lookup works, recursive only ($n)" +echo_i "checking AAAA only via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME lookup works, recursive only ($n)" +echo_i "checking A only via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME lookup works, recursive only ($n)" +echo_i "checking A and AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME lookup works, recursive only ($n)" +echo_i "checking non-mapped A via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME lookup works, recursive only ($n)" +echo_i "checking NODATA AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME lookup works, recursive only ($n)" +echo_i "checking non-existent AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the example. domain recursive only w/o recursion -echo "I: checking non-excluded AAAA lookup works, recursive only +norec ($n)" +echo_i "checking non-excluded AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA lookup works, recursive only +norec ($n)" +echo_i "checking excluded only AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" +echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" +echo_i "checking excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially excluded only AAAA lookup works, recursive only +norec ($n)" +echo_i "checking partially excluded only AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec partially-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 @@ -551,10 +549,10 @@ grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" +echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec partially-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 @@ -562,10 +560,10 @@ grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking partially-excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" +echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec partially-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 @@ -573,724 +571,724 @@ grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only lookup works, recursive only +norec ($n)" +echo_i "checking AAAA only lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only lookup works, recursive only +norec ($n)" +echo_i "checking A only lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA lookup works, recursive only +norec ($n)" +echo_i "checking A and AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A lookup works, recursive only +norec ($n)" +echo_i "checking non-mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA lookup works, recursive only +norec ($n)" +echo_i "checking NODATA AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA lookup works, recursive only +norec ($n)" +echo_i "checking non-existent AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking excluded only AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking AAAA only via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking A only via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-only.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking A and AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking non-mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking NODATA AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME lookup works, recursive only +norec ($n)" +echo_i "checking non-existent AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the example. domain from non client -echo "I: checking non-excluded AAAA from non-client lookup works ($n)" +echo_i "checking non-excluded AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA from non-client lookup works ($n)" +echo_i "checking excluded only AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A from non-client lookup works ($n)" +echo_i "checking excluded AAAA and non-mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A from non-client lookup works ($n)" +echo_i "checking excluded only AAAA and mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only from non-client lookup works ($n)" +echo_i "checking AAAA only from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only from non-client lookup works ($n)" +echo_i "checking A only from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA from non-client lookup works ($n)" +echo_i "checking A and AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A from non-client lookup works ($n)" +echo_i "checking non-mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA from non-client lookup works ($n)" +echo_i "checking NODATA AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA from non-client lookup works ($n)" +echo_i "checking non-existent AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME from non-client lookup works ($n)" +echo_i "checking non-excluded AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME from non-client lookup works ($n)" +echo_i "checking excluded only AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME from non-client lookup works ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME from non-client lookup works ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME from non-client lookup works ($n)" +echo_i "checking AAAA only via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME from non-client lookup works ($n)" +echo_i "checking A only via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME from non-client lookup works ($n)" +echo_i "checking A and AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME from non-client lookup works ($n)" +echo_i "checking non-mapped A via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME from non-client lookup works ($n)" +echo_i "checking NODATA AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME from non-client lookup works ($n)" +echo_i "checking non-existent AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the signed. domain -echo "I: checking non-excluded AAAA lookup is signed zone works ($n)" +echo_i "checking non-excluded AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA lookup is signed zone works ($n)" +echo_i "checking excluded only AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A lookup is signed zone works ($n)" +echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A lookup is signed zone works ($n)" +echo_i "checking excluded only AAAA and mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:304" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only lookup is signed zone works ($n)" +echo_i "checking AAAA only lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only lookup is signed zone works ($n)" +echo_i "checking A only lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA lookup is signed zone works ($n)" +echo_i "checking A and AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A lookup is signed zone works ($n)" +echo_i "checking non-mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA lookup is signed zone works ($n)" +echo_i "checking NODATA AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA lookup is signed zone works ($n)" +echo_i "checking non-existent AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME lookup is signed zone works ($n)" +echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME lookup is signed zone works ($n)" +echo_i "checking excluded only AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME lookup is signed zone works ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:304" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME lookup is signed zone works ($n)" +echo_i "checking AAAA only via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME lookup is signed zone works ($n)" +echo_i "checking A only via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME lookup is signed zone works ($n)" +echo_i "checking A and AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME lookup is signed zone works ($n)" +echo_i "checking non-mapped A via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.signed." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME lookup is signed zone works ($n)" +echo_i "checking NODATA AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.signed." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME lookup is signed zone works ($n)" +echo_i "checking non-existent AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the signed. domain -echo "I: checking non-excluded AAAA lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-excluded AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded only AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded only AAAA and mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only lookup is signed zone works with +dnssec ($n)" +echo_i "checking AAAA only lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only lookup is signed zone works with +dnssec ($n)" +echo_i "checking A only lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA lookup is signed zone works with +dnssec ($n)" +echo_i "checking A and AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA lookup is signed zone works with +dnssec ($n)" +echo_i "checking NODATA AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-existent AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-excluded AAAA via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded only AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking excluded only AAAA and mapped A via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AAAA only via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking AAAA only via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A only via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking A only via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking A and AAAA via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking A and AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.signed." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking NODATA AAAA via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking NODATA AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.signed." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking non-existent AAAA via CNAME lookup is signed zone works with +dnssec ($n)" +echo_i "checking non-existent AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking reverse mapping ($n)" +echo_i "checking reverse mapping ($n)" ret=0 $DIG $DIGOPTS -x 2001:aaaa::10.0.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "CNAME.1.0.0.10.IN-ADDR.ARPA.$" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` list=`$DIG $DIGOPTS -b 10.53.0.6 @10.53.0.2 +short aaaa a-only.example | sort` for a in $list do ret=0 - echo "I: checking reverse mapping of $a ($n)" + echo_i "checking reverse mapping of $a ($n)" $DIG $DIGOPTS -x $a @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "CNAME.5.3.2.1.IN-ADDR.ARPA." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done @@ -1301,103 +1299,103 @@ fin=`expr "${rev}" : "............${regex}"` while test "${rev}" != "${fin}" do ret=0 - echo "I: checking $rev ($n)" + echo_i "checking $rev ($n)" $DIG $DIGOPTS $rev ptr @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep -i "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` rev=`expr "${rev}" : "${regex}"` done -echo "I: checking dns64-server and dns64-contact ($n)" +echo_i "checking dns64-server and dns64-contact ($n)" ret=0 $DIG $DIGOPTS soa 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.a.a.1.0.0.2.ip6.arpa @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "SOA.dns64.example.net..hostmaster.example.net." dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL less than 600 from zone ($n)" +echo_i "checking TTL less than 600 from zone ($n)" ret=0 #expect 500 $DIG $DIGOPTS aaaa ttl-less-than-600.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL more than 600 from zone ($n)" +echo_i "checking TTL more than 600 from zone ($n)" ret=0 #expect 700 $DIG $DIGOPTS aaaa ttl-more-than-600.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL less than minimum from zone ($n)" +echo_i "checking TTL less than minimum from zone ($n)" ret=0 #expect 1100 $DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL limited to minimum from zone ($n)" +echo_i "checking TTL limited to minimum from zone ($n)" ret=0 #expect 1200 $DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL less than 600 via cache ($n)" +echo_i "checking TTL less than 600 via cache ($n)" ret=0 #expect 500 $DIG $DIGOPTS aaaa ttl-less-than-600.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL more than 600 via cache ($n)" +echo_i "checking TTL more than 600 via cache ($n)" ret=0 #expect 700 $DIG $DIGOPTS aaaa ttl-more-than-600.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL less than minimum via cache ($n)" +echo_i "checking TTL less than minimum via cache ($n)" ret=0 #expect 1100 $DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TTL limited to minimum via cache ($n)" +echo_i "checking TTL limited to minimum via cache ($n)" ret=0 #expect 1200 $DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking synthesis of AAAA from RPZ-remapped A ($n)" +echo_i "checking synthesis of AAAA from RPZ-remapped A ($n)" ret=0 $DIG $DIGOPTS aaaa rpz.example +rec -b 10.53.0.7 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i 'rpz.example.*IN.AAAA.2001:96::a0a:a0a' dig.out.ns2.test$n >/dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 5abf6250b3..05c5d9dff0 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -10,6 +10,7 @@ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed rm -f */example.bk rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f */named.secroots rm -f */tmp* */*.jnl */*.bk */*.jbk rm -f */trusted.conf */managed.conf */revoked.conf @@ -75,8 +76,6 @@ rm -f ns3/ttlpatch.example.db ns3/ttlpatch.example.db.signed rm -f ns3/ttlpatch.example.db.patched rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db rm -f ns4/managed-keys.bind* -rm -f ns4/named.conf -rm -f ns4/named.conf ns5/named.conf rm -f ns4/named_dump.db rm -f ns6/optout-tld.db rm -f ns7/multiple.example.bk ns7/nsec3.example.bk ns7/optout.example.bk diff --git a/bin/tests/system/dnssec/dnssec_update_test.pl b/bin/tests/system/dnssec/dnssec_update_test.pl index 721f8b8973..a9e988d94b 100644 --- a/bin/tests/system/dnssec/dnssec_update_test.pl +++ b/bin/tests/system/dnssec/dnssec_update_test.pl @@ -23,8 +23,6 @@ # # perl -MCPAN -e "install Net::DNS" # -# $Id: dnssec_update_test.pl,v 1.7 2010/08/13 23:47:03 tbox Exp $ -# use Getopt::Std; use Net::DNS; @@ -51,7 +49,7 @@ my $failures = 0; sub assert { my ($cond, $explanation) = @_; if (!$cond) { - print "I:Test Failed: $explanation ***\n"; + print "Test Failed: $explanation ***\n"; $failures++ } } @@ -72,13 +70,13 @@ sub test { my $rcode = $reply->header->rcode; assert($rcode eq $expected, "expected $expected, got $rcode"); } else { - print "I:Update failed: ", $res->errorstring, "\n"; + print "Update failed: ", $res->errorstring, "\n"; } } sub section { my ($msg) = @_; - print "I:$msg\n"; + print "$msg\n"; } section("Add a name"); @@ -88,9 +86,9 @@ section("Delete the name"); test("NOERROR", ["update", rr_del("a.$zone")]); if ($failures) { - print "I:$failures update tests failed.\n"; + print "$failures update tests failed.\n"; } else { - print "I:All update tests successful.\n"; + print "All update tests successful.\n"; } exit $failures; diff --git a/bin/tests/system/dnssec/ns1/named.conf b/bin/tests/system/dnssec/ns1/named.conf.in similarity index 94% rename from bin/tests/system/dnssec/ns1/named.conf rename to bin/tests/system/dnssec/ns1/named.conf.in index d2d754b4eb..479b63a259 100644 --- a/bin/tests/system/dnssec/ns1/named.conf +++ b/bin/tests/system/dnssec/ns1/named.conf.in @@ -8,13 +8,11 @@ // NS1 -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dnssec/ns2/named.conf b/bin/tests/system/dnssec/ns2/named.conf.in similarity index 98% rename from bin/tests/system/dnssec/ns2/named.conf rename to bin/tests/system/dnssec/ns2/named.conf.in index 3a22345d88..d4d8812dde 100644 --- a/bin/tests/system/dnssec/ns2/named.conf +++ b/bin/tests/system/dnssec/ns2/named.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf.in similarity index 98% rename from bin/tests/system/dnssec/ns3/named.conf rename to bin/tests/system/dnssec/ns3/named.conf.in index f330359211..637f0005d5 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf.in @@ -8,13 +8,11 @@ // NS3 -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -32,7 +30,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnssec/ns4/named1.conf b/bin/tests/system/dnssec/ns4/named1.conf.in similarity index 92% rename from bin/tests/system/dnssec/ns4/named1.conf rename to bin/tests/system/dnssec/ns4/named1.conf.in index 6caaff7baa..7635cd7e19 100644 --- a/bin/tests/system/dnssec/ns4/named1.conf +++ b/bin/tests/system/dnssec/ns4/named1.conf.in @@ -8,13 +8,11 @@ // NS4 -controls { /* empty */ }; - options { query-source address 10.53.0.4 dscp 1; notify-source 10.53.0.4 dscp 2; transfer-source 10.53.0.4 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -41,7 +39,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnssec/ns4/named2.conf b/bin/tests/system/dnssec/ns4/named2.conf.in similarity index 88% rename from bin/tests/system/dnssec/ns4/named2.conf rename to bin/tests/system/dnssec/ns4/named2.conf.in index 88db76c29c..4a6bd41ea2 100644 --- a/bin/tests/system/dnssec/ns4/named2.conf +++ b/bin/tests/system/dnssec/ns4/named2.conf.in @@ -8,14 +8,12 @@ // NS4 -controls { /* empty */ }; - options { query-source address 10.53.0.4 dscp 4; notify-source 10.53.0.4 dscp 5; transfer-source 10.53.0.4 dscp 6; dscp 16; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -32,7 +30,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnssec/ns4/named3.conf b/bin/tests/system/dnssec/ns4/named3.conf.in similarity index 88% rename from bin/tests/system/dnssec/ns4/named3.conf rename to bin/tests/system/dnssec/ns4/named3.conf.in index 9798976912..0df51edaac 100644 --- a/bin/tests/system/dnssec/ns4/named3.conf +++ b/bin/tests/system/dnssec/ns4/named3.conf.in @@ -8,13 +8,11 @@ // NS4 -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -32,7 +30,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnssec/ns4/named4.conf b/bin/tests/system/dnssec/ns4/named4.conf.in similarity index 92% rename from bin/tests/system/dnssec/ns4/named4.conf rename to bin/tests/system/dnssec/ns4/named4.conf.in index 79d8bc9f65..ee99f6b48d 100644 --- a/bin/tests/system/dnssec/ns4/named4.conf +++ b/bin/tests/system/dnssec/ns4/named4.conf.in @@ -8,13 +8,11 @@ // NS4 -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -26,7 +24,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; key auth { diff --git a/bin/tests/system/dnssec/ns5/named1.conf b/bin/tests/system/dnssec/ns5/named1.conf.in similarity index 87% rename from bin/tests/system/dnssec/ns5/named1.conf rename to bin/tests/system/dnssec/ns5/named1.conf.in index eaa0edfa3d..a22f6559f8 100644 --- a/bin/tests/system/dnssec/ns5/named1.conf +++ b/bin/tests/system/dnssec/ns5/named1.conf.in @@ -8,13 +8,11 @@ // NS5 -controls { /* empty */ }; - options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; @@ -29,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; diff --git a/bin/tests/system/dnssec/ns5/named2.conf b/bin/tests/system/dnssec/ns5/named2.conf.in similarity index 89% rename from bin/tests/system/dnssec/ns5/named2.conf rename to bin/tests/system/dnssec/ns5/named2.conf.in index 57d4db31f5..db6b530d0b 100644 --- a/bin/tests/system/dnssec/ns5/named2.conf +++ b/bin/tests/system/dnssec/ns5/named2.conf.in @@ -8,22 +8,20 @@ // NS5 -controls { /* empty */ }; - key rndc_key { secret "1234abcd8765"; algorithm hmac-sha256; }; controls { - inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; 127.0.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dnssec/ns6/named.conf b/bin/tests/system/dnssec/ns6/named.conf.in similarity index 88% rename from bin/tests/system/dnssec/ns6/named.conf rename to bin/tests/system/dnssec/ns6/named.conf.in index 2e453ce7f1..50b4286568 100644 --- a/bin/tests/system/dnssec/ns6/named.conf +++ b/bin/tests/system/dnssec/ns6/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.12 2007/06/18 23:47:28 tbox Exp $ */ - // NS6 -controls { /* empty */ }; - options { query-source address 10.53.0.6; notify-source 10.53.0.6; transfer-source 10.53.0.6; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dnssec/ns7/named.conf b/bin/tests/system/dnssec/ns7/named.conf.in similarity index 93% rename from bin/tests/system/dnssec/ns7/named.conf rename to bin/tests/system/dnssec/ns7/named.conf.in index 7af270c100..66142b5ce5 100644 --- a/bin/tests/system/dnssec/ns7/named.conf +++ b/bin/tests/system/dnssec/ns7/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.5 2010/06/26 23:46:49 tbox Exp $ */ - // NS3 -controls { /* empty */ }; - options { query-source address 10.53.0.7; notify-source 10.53.0.7; transfer-source 10.53.0.7; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.7; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dnssec/prereq.sh b/bin/tests/system/dnssec/prereq.sh index 019e984b71..c46ed2dfc4 100644 --- a/bin/tests/system/dnssec/prereq.sh +++ b/bin/tests/system/dnssec/prereq.sh @@ -15,7 +15,7 @@ then then : else - echo "I:Net::DNS versions 0.69 to 0.70 have bugs that cause this test to fail: please update." >&2 + echo_i "Net::DNS versions 0.69 to 0.70 have bugs that cause this test to fail: please update." >&2 exit 1 fi fi diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh index 5c3215f645..908112db3d 100644 --- a/bin/tests/system/dnssec/setup.sh +++ b/bin/tests/system/dnssec/setup.sh @@ -13,16 +13,26 @@ $SHELL clean.sh test -r $RANDFILE || $GENRANDOM 800 $RANDFILE -cd ns1 && $SHELL sign.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf + +copy_setports ns4/named1.conf.in ns4/named.conf +copy_setports ns5/named1.conf.in ns5/named.conf + +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf + +cd ns1 +$SHELL sign.sh echo "a.bogus.example. A 10.0.0.22" >>../ns3/bogus.example.db.signed echo "b.bogus.example. A 10.0.0.23" >>../ns3/bogus.example.db.signed echo "c.bogus.example. A 10.0.0.23" >>../ns3/bogus.example.db.signed -cd ../ns3 && cp -f siginterval1.conf siginterval.conf -cd ../ns4 && cp -f named1.conf named.conf -cd ../ns5 && { - cp -f trusted.conf.bad trusted.conf - cp -f named1.conf named.conf - $SHELL sign.sh -} +cd ../ns3 +cp -f siginterval1.conf siginterval.conf + +cd ../ns5 +cp -f trusted.conf.bad trusted.conf +$SHELL sign.sh diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index c76045a278..2fa779e7dd 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -14,8 +14,10 @@ n=1 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" -DELVOPTS="-a ns1/trusted.conf -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" +ANSWEROPTS="+noall +answer +dnssec -p ${PORT}" +DELVOPTS="-a ns1/trusted.conf -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" # convert private-type records to readable form showprivate () { @@ -40,7 +42,7 @@ checkprivate () { echo $x | grep incomplete >&- 2>&- && ret=1 [ $ret = 1 ] && { echo "$x" - echo "I:failed" + echo_i "failed" } return $ret } @@ -70,7 +72,7 @@ stripns () { # Check the example. domain -echo "I:checking that zone transfer worked ($n)" +echo_i "checking that zone transfer worked ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 @@ -82,63 +84,63 @@ do done $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # test AD bit: # - dig +adflag asks for authentication (ad in response) -echo "I:checking AD bit asking for validation ($n)" +echo_i "checking AD bit asking for validation ($n)" ret=0 $DIG $DIGOPTS +noauth +noadd +nodnssec +adflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth +noadd +nodnssec +adflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # test AD bit: -# - dig +noadflag -echo "I:checking that AD is not set without +adflag or +dnssec ($n)" +# - dig +noadflag +echo_i "checking that AD is not set without +adflag or +dnssec ($n)" ret=0 $DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth +noadd +nodnssec +noadflag a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for AD in authoritative answer ($n)" +echo_i "checking for AD in authoritative answer ($n)" ret=0 $DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation NSEC ($n)" +echo_i "checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking postive validation NSEC using dns_client ($n)" + echo_i "checking postive validation NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.example > delv.out$n || ret=1 grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 grep "a.example..*.RRSIG.A 3 2 300 .*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking positive validation NSEC3 ($n)" +echo_i "checking positive validation NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -147,21 +149,21 @@ $DIG $DIGOPTS +noauth a.nsec3.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking positive validation NSEC3 using dns_client ($n)" + echo_i "checking positive validation NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.nsec3.example > delv.out$n || ret=1 grep "a.nsec3.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 grep "a.nsec3.example..*RRSIG.A 7 3 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking positive validation OPTOUT ($n)" +echo_i "checking positive validation OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -170,21 +172,21 @@ $DIG $DIGOPTS +noauth a.optout.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking positive validation OPTOUT using dns_client ($n)" + echo_i "checking positive validation OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.optout.example > delv.out$n || ret=1 grep "a.optout.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 grep "a.optout.example..*RRSIG.A 7 3 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking positive wildcard validation NSEC ($n)" +echo_i "checking positive wildcard validation NSEC ($n)" ret=0 $DIG $DIGOPTS a.wild.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS a.wild.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -196,39 +198,39 @@ grep "\*\.wild\.example\..*NSEC z\.example" dig.out.ns4.test$n > /dev/null || re grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking positive wildcard validation NSEC using dns_client ($n)" + echo_i "checking positive wildcard validation NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.wild.example > delv.out$n || ret=1 grep "a.wild.example..*10.0.0.27" delv.out$n > /dev/null || ret=1 grep "a.wild.example..*RRSIG.A 3 2 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking positive wildcard answer NSEC3 ($n)" +echo_i "checking positive wildcard answer NSEC3 ($n)" ret=0 $DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 grep "AUTHORITY: 4," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive wildcard answer NSEC3 ($n)" +echo_i "checking positive wildcard answer NSEC3 ($n)" ret=0 $DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 grep "AUTHORITY: 4," dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive wildcard validation NSEC3 ($n)" +echo_i "checking positive wildcard validation NSEC3 ($n)" ret=0 $DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS a.wild.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -238,21 +240,21 @@ $PERL ../digcomp.pl dig.out.ns3.stripped.test$n dig.out.ns4.stripped.test$n || r grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)" + echo_i "checking positive wildcard validation NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.wild.nsec3.example > delv.out$n || ret=1 grep "a.wild.nsec3.example..*10.0.0.6" delv.out$n > /dev/null || ret=1 grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking positive wildcard validation OPTOUT ($n)" +echo_i "checking positive wildcard validation OPTOUT ($n)" ret=0 $DIG $DIGOPTS a.wild.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -264,21 +266,21 @@ $PERL ../digcomp.pl dig.out.ns3.stripped.test$n dig.out.ns4.stripped.test$n || r grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)" + echo_i "checking positive wildcard validation OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.wild.optout.example > delv.out$n || ret=1 grep "a.wild.optout.example..*10.0.0.6" delv.out$n > /dev/null || ret=1 grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NXDOMAIN NSEC ($n)" +echo_i "checking negative validation NXDOMAIN NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -286,20 +288,20 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)" + echo_i "checking negative validation NXDOMAIN NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NXDOMAIN NSEC3 ($n)" +echo_i "checking negative validation NXDOMAIN NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth q.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -309,20 +311,20 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)" + echo_i "checking negative validation NXDOMAIN NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.nsec3.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NXDOMAIN OPTOUT ($n)" +echo_i "checking negative validation NXDOMAIN OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth q.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -333,20 +335,20 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)" + echo_i "checking negative validation NXDOMAIN OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.optout.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NODATA NSEC ($n)" +echo_i "checking negative validation NODATA NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 @@ -355,20 +357,20 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)" + echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt a.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NODATA NSEC3 ($n)" +echo_i "checking negative validation NODATA NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 @@ -379,20 +381,20 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)" + echo_i "checking negative validation NODATA NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt a.nsec3.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative validation NODATA OPTOUT ($n)" +echo_i "checking negative validation NODATA OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 @@ -403,20 +405,20 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)" + echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt a.optout.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative wildcard validation NSEC ($n)" +echo_i "checking negative wildcard validation NSEC ($n)" ret=0 $DIG $DIGOPTS b.wild.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS b.wild.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 @@ -424,40 +426,40 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative wildcard validation NSEC using dns_client ($n)" + echo_i "checking negative wildcard validation NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt b.wild.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative wildcard validation NSEC3 ($n)" +echo_i "checking negative wildcard validation NSEC3 ($n)" ret=0 $DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS b.wild.nsec3.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)" + echo_i "checking negative wildcard validation NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt b.wild.nsec3.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking negative wildcard validation OPTOUT ($n)" +echo_i "checking negative wildcard validation OPTOUT ($n)" ret=0 $DIG $DIGOPTS b.wild.optout.example. \ @10.53.0.3 txt > dig.out.ns3.test$n || ret=1 @@ -468,22 +470,22 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)" + echo_i "checking negative wildcard validation OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 txt b.optout.nsec3.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxrrset" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi # Check the insecure.example domain -echo "I:checking 1-server insecurity proof NSEC ($n)" +echo_i "checking 1-server insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -492,20 +494,20 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)" + echo_i "checking 1-server insecurity proof NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.insecure.example > delv.out$n || ret=1 grep "a.insecure.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server insecurity proof NSEC3 ($n)" +echo_i "checking 1-server insecurity proof NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.insecure.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -514,20 +516,20 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)" + echo_i "checking 1-server insecurity proof NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.insecure.nsec3.example > delv.out$n || ret=1 grep "a.insecure.nsec3.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server insecurity proof OPTOUT ($n)" +echo_i "checking 1-server insecurity proof OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.insecure.optout.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -536,20 +538,20 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)" + echo_i "checking 1-server insecurity proof OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.insecure.optout.example > delv.out$n || ret=1 grep "a.insecure.optout.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server negative insecurity proof NSEC ($n)" +echo_i "checking 1-server negative insecurity proof NSEC ($n)" ret=0 $DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -560,20 +562,20 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)" + echo_i "checking 1-server negative insecurity proof NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.insecure.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server negative insecurity proof NSEC3 ($n)" +echo_i "checking 1-server negative insecurity proof NSEC3 ($n)" ret=0 $DIG $DIGOPTS q.insecure.nsec3.example. a @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -584,20 +586,20 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)" + echo_i "checking 1-server negative insecurity proof NSEC3 using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.insecure.nsec3.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server negative insecurity proof OPTOUT ($n)" +echo_i "checking 1-server negative insecurity proof OPTOUT ($n)" ret=0 $DIG $DIGOPTS q.insecure.optout.example. a @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -608,20 +610,20 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)" + echo_i "checking 1-server negative insecurity proof OPTOUT using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a q.insecure.optout.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: ncache nxdomain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking 1-server negative insecurity proof with SOA hack NSEC ($n)" +echo_i "checking 1-server negative insecurity proof with SOA hack NSEC ($n)" ret=0 $DIG $DIGOPTS r.insecure.example. soa @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -633,10 +635,10 @@ grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking 1-server negative insecurity proof with SOA hack NSEC3 ($n)" +echo_i "checking 1-server negative insecurity proof with SOA hack NSEC3 ($n)" ret=0 $DIG $DIGOPTS r.insecure.nsec3.example. soa @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -648,10 +650,10 @@ grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking 1-server negative insecurity proof with SOA hack OPTOUT ($n)" +echo_i "checking 1-server negative insecurity proof with SOA hack OPTOUT ($n)" ret=0 $DIG $DIGOPTS r.insecure.optout.example. soa @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 @@ -663,12 +665,12 @@ grep "0 IN SOA" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the secure.example domain -echo "I:checking multi-stage positive validation NSEC/NSEC ($n)" +echo_i "checking multi-stage positive validation NSEC/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -678,10 +680,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC/NSEC3 ($n)" +echo_i "checking multi-stage positive validation NSEC/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -691,10 +693,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC/OPTOUT ($n)" +echo_i "checking multi-stage positive validation NSEC/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -704,10 +706,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/NSEC ($n)" +echo_i "checking multi-stage positive validation NSEC3/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -717,10 +719,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/NSEC3 ($n)" +echo_i "checking multi-stage positive validation NSEC3/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -730,10 +732,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation NSEC3/OPTOUT ($n)" +echo_i "checking multi-stage positive validation NSEC3/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -743,10 +745,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/NSEC ($n)" +echo_i "checking multi-stage positive validation OPTOUT/NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.secure.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -756,10 +758,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/NSEC3 ($n)" +echo_i "checking multi-stage positive validation OPTOUT/NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -769,10 +771,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking multi-stage positive validation OPTOUT/OPTOUT ($n)" +echo_i "checking multi-stage positive validation OPTOUT/OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -782,10 +784,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking empty NODATA OPTOUT ($n)" +echo_i "checking empty NODATA OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth empty.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -795,94 +797,94 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 #grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the bogus domain -echo "I:checking failed validation ($n)" +echo_i "checking failed validation ($n)" ret=0 $DIG $DIGOPTS a.bogus.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking failed validation using dns_client ($n)" + echo_i "checking failed validation using dns_client ($n)" $DELV $DELVOPTS +cd @10.53.0.4 a a.bogus.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: RRSIG failed to verify" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi # Try validating with a bad trusted key. # This should fail. -echo "I:checking that validation fails with a misconfigured trusted key ($n)" +echo_i "checking that validation fails with a misconfigured trusted key ($n)" ret=0 $DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that negative validation fails with a misconfigured trusted key ($n)" +echo_i "checking that negative validation fails with a misconfigured trusted key ($n)" ret=0 $DIG $DIGOPTS example. ptr @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that insecurity proofs fail with a misconfigured trusted key ($n)" +echo_i "checking that insecurity proofs fail with a misconfigured trusted key ($n)" ret=0 $DIG $DIGOPTS a.insecure.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation fails when key record is missing ($n)" +echo_i "checking that validation fails when key record is missing ($n)" ret=0 $DIG $DIGOPTS a.b.keyless.example. a @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking that validation fails when key record is missing using dns_client ($n)" + echo_i "checking that validation fails when key record is missing using dns_client ($n)" $DELV $DELVOPTS +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1 grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking that validation succeeds when a revoked key is encountered ($n)" +echo_i "checking that validation succeeds when a revoked key is encountered ($n)" ret=0 $DIG $DIGOPTS revkey.example soa @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags: .* ad" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo "I:checking that validation succeeds when a revoked key is encountered using dns_client ($n)" + echo_i "checking that validation succeeds when a revoked key is encountered using dns_client ($n)" $DELV $DELVOPTS +cd @10.53.0.4 soa revkey.example > delv.out$n 2>&1 || ret=1 grep "fully validated" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:Checking that a bad CNAME signature is caught after a +CD query ($n)" +echo_i "Checking that a bad CNAME signature is caught after a +CD query ($n)" ret=0 #prime $DIG $DIGOPTS +cd bad-cname.example. @10.53.0.4 > dig.out.ns4.prime$n || ret=1 @@ -891,15 +893,15 @@ expect="a.example. 10.0.0.1" ans=`$DIG $DIGOPTS +cd +nodnssec +short bad-cname.example. @10.53.0.4` || ret=1 test "$ans" = "$expect" || ret=1 -test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" #check: requery without +CD. bogus cached data should be rejected. $DIG $DIGOPTS +nodnssec bad-cname.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:Checking that a bad DNAME signature is caught after a +CD query ($n)" +echo_i "Checking that a bad DNAME signature is caught after a +CD query ($n)" ret=0 #prime $DIG $DIGOPTS +cd a.bad-dname.example. @10.53.0.4 > dig.out.ns4.prime$n || ret=1 @@ -909,17 +911,17 @@ a.example. 10.0.0.1" ans=`$DIG $DIGOPTS +cd +nodnssec +short a.bad-dname.example. @10.53.0.4` || ret=1 test "$ans" = "$expect" || ret=1 -test $ret = 0 || echo I:failed, got "'""$ans""'", expected "'""$expect""'" +test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" #check: requery without +CD. bogus cached data should be rejected. $DIG $DIGOPTS +nodnssec a.bad-dname.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the insecure.secure.example domain (insecurity proof) -echo "I:checking 2-server insecurity proof ($n)" +echo_i "checking 2-server insecurity proof ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \ > dig.out.ns2.test$n || ret=1 @@ -930,12 +932,12 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check a negative response in insecure.secure.example -echo "I:checking 2-server insecurity proof with a negative answer ($n)" +echo_i "checking 2-server insecurity proof with a negative answer ($n)" ret=0 $DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \ || ret=1 @@ -946,10 +948,10 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking 2-server insecurity proof with a negative answer and SOA hack ($n)" +echo_i "checking 2-server insecurity proof with a negative answer and SOA hack ($n)" ret=0 $DIG $DIGOPTS r.insecure.secure.example. @10.53.0.2 soa > dig.out.ns2.test$n \ || ret=1 @@ -960,23 +962,23 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check that the query for a security root is successful and has ad set -echo "I:checking security root query ($n)" +echo_i "checking security root query ($n)" ret=0 $DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check that the setting the cd bit works -echo "I:checking cd bit on a positive answer ($n)" +echo_i "checking cd bit on a positive answer ($n)" ret=0 $DIG $DIGOPTS +noauth example. soa @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -987,10 +989,10 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking cd bit on a negative answer ($n)" +echo_i "checking cd bit on a negative answer ($n)" ret=0 $DIG $DIGOPTS q.example. soa @10.53.0.4 > dig.out.ns4.test$n || ret=1 $DIG $DIGOPTS +cdflag q.example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 @@ -999,40 +1001,40 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation RSASHA256 NSEC ($n)" +echo_i "checking positive validation RSASHA256 NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation RSASHA512 NSEC ($n)" +echo_i "checking positive validation RSASHA512 NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation with KSK-only DNSKEY signature ($n)" +echo_i "checking positive validation with KSK-only DNSKEY signature ($n)" ret=0 $DIG $DIGOPTS +noauth a.kskonly.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +noauth a.kskonly.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking cd bit on a query that should fail ($n)" +echo_i "checking cd bit on a query that should fail ($n)" ret=0 $DIG $DIGOPTS a.bogus.example. soa @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -1043,10 +1045,10 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking cd bit on an insecurity proof ($n)" +echo_i "checking cd bit on an insecurity proof ($n)" ret=0 $DIG $DIGOPTS +noauth a.insecure.example. soa @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -1058,10 +1060,10 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking cd bit on a negative insecurity proof ($n)" +echo_i "checking cd bit on a negative insecurity proof ($n)" ret=0 $DIG $DIGOPTS q.insecure.example. a @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -1073,10 +1075,10 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation of an ANY query works ($n)" +echo_i "checking that validation of an ANY query works ($n)" ret=0 $DIG $DIGOPTS +noauth foo.example. any @10.53.0.2 > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth foo.example. any @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -1085,10 +1087,10 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # 2 records in the zone, 1 NXT, 3 SIGs grep "ANSWER: 6" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation of a query returning a CNAME works ($n)" +echo_i "checking that validation of a query returning a CNAME works ($n)" ret=0 $DIG $DIGOPTS +noauth cname1.example. txt @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1099,10 +1101,10 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # the CNAME & its sig, the TXT and its SIG grep "ANSWER: 4" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation of a query returning a DNAME works ($n)" +echo_i "checking that validation of a query returning a DNAME works ($n)" ret=0 $DIG $DIGOPTS +noauth foo.dname1.example. txt @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1115,10 +1117,10 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # recursive server and not cached, but I don't know how. grep "ANSWER: 5" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation of an ANY query returning a CNAME works ($n)" +echo_i "checking that validation of an ANY query returning a CNAME works ($n)" ret=0 $DIG $DIGOPTS +noauth cname2.example. any @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1129,10 +1131,10 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # The CNAME, NXT, and their SIGs grep "ANSWER: 4" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation of an ANY query returning a DNAME works ($n)" +echo_i "checking that validation of an ANY query returning a DNAME works ($n)" ret=0 $DIG $DIGOPTS +noauth foo.dname2.example. any @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1141,10 +1143,10 @@ $DIG $DIGOPTS +noauth foo.dname2.example. any @10.53.0.4 \ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that positive validation in a privately secure zone works ($n)" +echo_i "checking that positive validation in a privately secure zone works ($n)" ret=0 $DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1155,10 +1157,10 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that negative validation in a privately secure zone works ($n)" +echo_i "checking that negative validation in a privately secure zone works ($n)" ret=0 $DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1169,10 +1171,10 @@ grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that lookups succeed after disabling a algorithm works ($n)" +echo_i "checking that lookups succeed after disabling a algorithm works ($n)" ret=0 $DIG $DIGOPTS +noauth example. SOA @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -1182,10 +1184,10 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns6.test$n || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking privately secure to nxdomain works ($n)" +echo_i "checking privately secure to nxdomain works ($n)" ret=0 $DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -1193,10 +1195,10 @@ grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking privately secure wildcard to nxdomain works ($n)" +echo_i "checking privately secure wildcard to nxdomain works ($n)" ret=0 $DIG $DIGOPTS +noauth a.wild.private.secure.example. SOA @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 @@ -1204,10 +1206,10 @@ grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 # Note - this is looking for failure, hence the && grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking a non-cachable NODATA works ($n)" +echo_i "checking a non-cachable NODATA works ($n)" ret=0 $DIG $DIGOPTS +noauth a.nosoa.secure.example. txt @10.53.0.7 \ > dig.out.ns7.test$n || ret=1 @@ -1216,10 +1218,10 @@ $DIG $DIGOPTS +noauth a.nosoa.secure.example. txt @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking a non-cachable NXDOMAIN works ($n)" +echo_i "checking a non-cachable NXDOMAIN works ($n)" ret=0 $DIG $DIGOPTS +noauth b.nosoa.secure.example. txt @10.53.0.7 \ > dig.out.ns7.test$n || ret=1 @@ -1228,7 +1230,7 @@ $DIG $DIGOPTS +noauth b.nosoa.secure.example. txt @10.53.0.4 \ > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # @@ -1237,34 +1239,34 @@ status=`expr $status + $ret` # to private.secure.example. In addition secure.example is using a # algorithm which the validation does not support. # -echo "I:checking dnssec-lookaside-validation works ($n)" +echo_i "checking dnssec-lookaside-validation works ($n)" ret=0 $DIG $DIGOPTS private.secure.example. SOA @10.53.0.6 \ > dig.out.ns6.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that we can load a rfc2535 signed zone ($n)" +echo_i "checking that we can load a rfc2535 signed zone ($n)" ret=0 $DIG $DIGOPTS rfc2535.example. SOA @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that we can transfer a rfc2535 signed zone ($n)" +echo_i "checking that we can transfer a rfc2535 signed zone ($n)" ret=0 $DIG $DIGOPTS rfc2535.example. SOA @10.53.0.3 \ > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that we can sign a zone with out-of-zone records ($n)" +echo_i "checking that we can sign a zone with out-of-zone records ($n)" ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` @@ -1275,10 +1277,10 @@ cat example.db.in $key1.key $key2.key > example.db $SIGNER -o example -f example.db example.db > /dev/null 2>&1 ) || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that we can sign a zone (NSEC3) with out-of-zone records ($n)" +echo_i "checking that we can sign a zone (NSEC3) with out-of-zone records ($n)" ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` @@ -1292,18 +1294,18 @@ awk '/^IQF9LQTLK/ { while (!index($0, ")")) { if (getline <= 0) break; - printf (" %s", $0); + printf (" %s", $0); } printf("\n"); }' example.db | sed 's/[ ][ ]*/ /g' > nsec3param.out -grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - ( IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM )" nsec3param.out > /dev/null +grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - ( IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM )" nsec3param.out > /dev/null ) || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking NSEC3 signing with empty nonterminals above a delegation ($n)" +echo_i "checking NSEC3 signing with empty nonterminals above a delegation ($n)" ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` @@ -1318,7 +1320,7 @@ awk '/^IQF9LQTLK/ { while (!index($0, ")")) { if (getline <= 0) break; - printf (" %s", $0); + printf (" %s", $0); } printf("\n"); }' example.db | sed 's/[ ][ ]*/ /g' > nsec3param.out @@ -1326,10 +1328,10 @@ awk '/^IQF9LQTLK/ { grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - ( IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM )" nsec3param.out > /dev/null ) || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that dnsssec-signzone updates originalttl on ttl changes ($n)" +echo_i "checking that dnsssec-signzone updates originalttl on ttl changes ($n)" ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` @@ -1343,10 +1345,10 @@ $SIGNER -o example -f example.db.after example.db.changed > /dev/null 2>&1 ) grep "SOA 5 1 50" signer/example.db.after > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone keeps valid signatures from removed keys ($n)" +echo_i "checking dnssec-signzone keeps valid signatures from removed keys ($n)" ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone` @@ -1367,10 +1369,10 @@ $SIGNER -D -o example example.db > /dev/null 2>&1 grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 || ret=1 grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone -R purges signatures from removed keys ($n)" +echo_i "checking dnssec-signzone -R purges signatures from removed keys ($n)" ret=0 ( cd signer @@ -1379,10 +1381,10 @@ $SIGNER -RD -o example example.db > /dev/null 2>&1 grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 && ret=1 grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone keeps valid signatures from inactive keys ($n)" +echo_i "checking dnssec-signzone keeps valid signatures from inactive keys ($n)" ret=0 zone=example ( @@ -1397,10 +1399,10 @@ $SIGNER -SD -o example example.db > /dev/null 2>&1 grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 || ret=1 grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone -Q purges signatures from inactive keys ($n)" +echo_i "checking dnssec-signzone -Q purges signatures from inactive keys ($n)" ret=0 ( cd signer @@ -1409,10 +1411,10 @@ $SIGNER -SDQ -o example example.db > /dev/null 2>&1 grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 && ret=1 grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone retains unexpired signatures ($n)" +echo_i "checking dnssec-signzone retains unexpired signatures ($n)" ret=0 ( cd signer @@ -1429,10 +1431,10 @@ drop2=`awk '/dropped/ {print $3}' signer/signer.out.2` [ "$gen2" -eq 0 ] || ret=1 [ "$drop2" -eq 0 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone purges RRSIGs from formerly-owned glue (nsec) ($n)" +echo_i "checking dnssec-signzone purges RRSIGs from formerly-owned glue (nsec) ($n)" ret=0 ( cd signer @@ -1464,10 +1466,10 @@ $SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>& grep "^sub1\.example\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1 grep "^ns\.sub2\.example\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone purges RRSIGs from formerly-owned glue (nsec3) ($n)" +echo_i "checking dnssec-signzone purges RRSIGs from formerly-owned glue (nsec3) ($n)" ret=0 ( cd signer @@ -1498,10 +1500,10 @@ $SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > / grep "^sub1\.example\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1 grep "^ns\.sub2\.example\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone output format ($n)" +echo_i "checking dnssec-signzone output format ($n)" ret=0 ( cd signer @@ -1517,10 +1519,10 @@ israw1 signer/signer.out.5 || ret=1 israw0 signer/signer.out.6 || ret=1 israw1 signer/signer.out.7 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking TTLs are capped by dnssec-signzone -M ($n)" +echo_i "checking TTLs are capped by dnssec-signzone -M ($n)" ret=0 ( cd signer @@ -1528,10 +1530,10 @@ $SIGNER -O full -f signer.out.8 -S -M 30 -o example example.db > /dev/null 2>&1 ) || ret=1 awk '/^;/ { next; } $2 > 30 { exit 1; }' signer/signer.out.8 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnssec-signzone -N date ($n)" +echo_i "checking dnssec-signzone -N date ($n)" ret=0 ( cd signer @@ -1541,10 +1543,10 @@ now=`$PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1 serial=`awk '/^;/ { next; } $4 == "SOA" { print $7 }' signer/signer.out.9` [ "$now" -eq "$serial" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking validated data are not cached longer than originalttl ($n)" +echo_i "checking validated data are not cached longer than originalttl ($n)" ret=0 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -1553,13 +1555,13 @@ grep "300.IN" dig.out.ns3.test$n > /dev/null && ret=1 grep "300.IN" dig.out.ns4.test$n > /dev/null || ret=1 grep "3600.IN" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Test that "rndc secroots" is able to dump trusted keys -echo "I:checking rndc secroots ($n)" +echo_i "checking rndc secroots ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 secroots 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i keyid=`cat ns1/managed.key.id` cp ns4/named.secroots named.secroots.test$n linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l` @@ -1567,13 +1569,13 @@ linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l` linecount=`cat named.secroots.test$n | wc -l` [ "$linecount" -eq 10 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check direct query for RRSIG. If we first ask for normal (non RRSIG) # record, the corresponding RRSIG should be cached and subsequent query # for RRSIG will be returned with the cached record. -echo "I:checking RRSIG query from cache ($n)" +echo_i "checking RRSIG query from cache ($n)" ret=0 $DIG $DIGOPTS normalthenrrsig.secure.example. @10.53.0.4 a > /dev/null || ret=1 ans=`$DIG $DIGOPTS +short normalthenrrsig.secure.example. @10.53.0.4 rrsig` || ret=1 @@ -1583,12 +1585,12 @@ test "$ans" = "$expect" || ret=1 $DIG $DIGOPTS normalthenrrsig.secure.example. @10.53.0.4 rrsig > dig.out.ns4.test$n || ret=1 grep "flags:.*ra.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check direct query for RRSIG: If it's not cached with other records, # it should result in an empty response. -echo "I:checking RRSIG query not in cache ($n)" +echo_i "checking RRSIG query not in cache ($n)" ret=0 ans=`$DIG $DIGOPTS +short rrsigonly.secure.example. @10.53.0.4 rrsig` || ret=1 test -z "$ans" || ret=1 @@ -1596,60 +1598,60 @@ test -z "$ans" || ret=1 $DIG $DIGOPTS rrsigonly.secure.example. @10.53.0.4 rrsig > dig.out.ns4.test$n || ret=1 grep "flags:.*ra.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # RT21868 regression test. # -echo "I:checking NSEC3 zone with mismatched NSEC3PARAM / NSEC parameters ($n)" +echo_i "checking NSEC3 zone with mismatched NSEC3PARAM / NSEC parameters ($n)" ret=0 $DIG $DIGOPTS non-exist.badparam. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # RT22007 regression test. # -echo "I:checking optout NSEC3 referral with only insecure delegations ($n)" +echo_i "checking optout NSEC3 referral with only insecure delegations ($n)" ret=0 $DIG $DIGOPTS +norec delegation.single-nsec3. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN.*NSEC3 1 1 1 - 3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking optout NSEC3 NXDOMAIN with only insecure delegations ($n)" +echo_i "checking optout NSEC3 NXDOMAIN with only insecure delegations ($n)" ret=0 $DIG $DIGOPTS +norec nonexist.single-nsec3. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN.*NSEC3 1 1 1 - 3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking optout NSEC3 nodata with only insecure delegations ($n)" +echo_i "checking optout NSEC3 nodata with only insecure delegations ($n)" ret=0 $DIG $DIGOPTS +norec single-nsec3. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN.*NSEC3 1 1 1 - 3KL3NK1HKQ4IUEEHBEF12VGFKUETNBAN" dig.out.ns2.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a zone finishing the transition from RSASHA1 to RSASHA256 validates secure ($n)" +echo_i "checking that a zone finishing the transition from RSASHA1 to RSASHA256 validates secure ($n)" ret=0 $DIG $DIGOPTS ns algroll. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive and negative validation with negative trust anchors ($n)" +echo_i "checking positive and negative validation with negative trust anchors ($n)" ret=0 # @@ -1663,28 +1665,30 @@ $DIG $DIGOPTS a.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.3 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.3 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.3 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed - checking initial state"; fi +if [ $ret != 0 ]; then echo_i "failed - checking initial state"; fi status=`expr $status + $ret` ret=0 # # add negative trust anchors # -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -f -l 20s bogus.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta badds.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig # reconfig should maintain NTAs -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 +$RNDCCMD 10.53.0.4 nta -f -l 20s bogus.example 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta badds.example 2>&1 | sed 's/^/ns4 /' | cat_i +# reconfig should maintain NTAs +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 lines=`wc -l < rndc.out.ns4.test$n.1` [ "$lines" -eq 2 ] || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta secure.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta fakenode.secure.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload # reload should maintain NTAs -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.2 +$RNDCCMD 10.53.0.4 nta secure.example 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta fakenode.secure.example 2>&1 | sed 's/^/ns4 /' | cat_i +# reload should maintain NTAs +$RNDCCMD 10.53.0.4 reload 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.2 lines=`wc -l < rndc.out.ns4.test$n.2` [ "$lines" -eq 4 ] || ret=1 start=`$PERL -e 'print time()."\n";'` -if [ $ret != 0 ]; then echo "I:failed - adding NTA's failed"; fi +if [ $ret != 0 ]; then echo_i "failed - adding NTA's failed"; fi status=`expr $status + $ret` ret=0 @@ -1702,18 +1706,18 @@ grep "status: SERVFAIL" dig.out.ns4.test$n.6 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.6 > /dev/null && ret=1 $DIG $DIGOPTS a.fakenode.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.7 || ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.7 > /dev/null && ret=1 -echo "I: dumping secroots" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 secroots | sed 's/^/I:ns4 /' +echo_i "dumping secroots" +$RNDCCMD 10.53.0.4 secroots | sed 's/^/ns4 /' | cat_i grep "bogus.example: expiry" ns4/named.secroots > /dev/null || ret=1 grep "badds.example: expiry" ns4/named.secroots > /dev/null || ret=1 grep "secure.example: expiry" ns4/named.secroots > /dev/null || ret=1 grep "fakenode.secure.example: expiry" ns4/named.secroots > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed - with NTA's in place failed"; fi +if [ $ret != 0 ]; then echo_i "failed - with NTA's in place failed"; fi status=`expr $status + $ret` ret=0 -echo "I: waiting for NTA rechecks/expirations" +echo_i "waiting for NTA rechecks/expirations" # # secure.example and badds.example used default nta-duration @@ -1733,7 +1737,7 @@ $DIG $DIGOPTS badds.example. soa @10.53.0.4 > dig.out.ns4.test$n.10 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.10 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.10 > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed - checking that default nta's were lifted due to recheck"; fi +if [ $ret != 0 ]; then echo_i "failed - checking that default nta's were lifted due to recheck"; fi status=`expr $status + $ret` ret=0 @@ -1744,7 +1748,7 @@ ret=0 # $PERL -e 'my $delay = '$start' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);' # check nta table -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n._11 +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n._11 lines=`grep " expiry " rndc.out.ns4.test$n._11 | wc -l` [ "$lines" -le 2 ] || ret=1 grep "bogus.example: expiry" rndc.out.ns4.test$n._11 > /dev/null || ret=1 @@ -1758,7 +1762,7 @@ $DIG $DIGOPTS c.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.13 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.13 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.13 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed - checking that default nta's were lifted due to lifetime"; fi +if [ $ret != 0 ]; then echo_i "failed - checking that default nta's were lifted due to lifetime"; fi status=`expr $status + $ret` ret=0 @@ -1773,60 +1777,60 @@ grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.14 > /dev/null || ret=1 $DIG $DIGOPTS c.bogus.example. a @10.53.0.4 > dig.out.ns4.test$n.15 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.15 > /dev/null || ret=1 # check nta table has been cleaned up now -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.3 +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.3 lines=`grep " expiry " rndc.out.ns4.test$n.3 | wc -l` [ "$lines" -eq 0 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed - checking that all nta's have been lifted"; fi +if [ $ret != 0 ]; then echo_i "failed - checking that all nta's have been lifted"; fi status=`expr $status + $ret` ret=0 -echo "I: testing NTA removals ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta badds.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 +echo_i "testing NTA removals ($n)" +$RNDCCMD 10.53.0.4 nta badds.example 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 grep "badds.example: expiry" rndc.out.ns4.test$n.1 > /dev/null || ret=1 $DIG $DIGOPTS a.badds.example. a @10.53.0.4 > dig.out.ns4.test$n.1 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.1 > /dev/null && ret=1 grep "^a.badds.example." dig.out.ns4.test$n.1 > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove badds.example > rndc.out.ns4.test$n.2 +$RNDCCMD 10.53.0.4 nta -remove badds.example > rndc.out.ns4.test$n.2 grep "Negative trust anchor removed: badds.example/_default" rndc.out.ns4.test$n.2 > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.3 +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.3 grep "badds.example: expiry" rndc.out.ns4.test$n.3 > /dev/null && ret=1 $DIG $DIGOPTS a.badds.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 -echo "I: remove non-existent NTA three times" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -r foo > rndc.out.ns4.test$n.4 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove foo > rndc.out.ns4.test$n.5 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -r foo > rndc.out.ns4.test$n.6 2>&1 +echo_i "remove non-existent NTA three times" +$RNDCCMD 10.53.0.4 nta -r foo > rndc.out.ns4.test$n.4 2>&1 +$RNDCCMD 10.53.0.4 nta -remove foo > rndc.out.ns4.test$n.5 2>&1 +$RNDCCMD 10.53.0.4 nta -r foo > rndc.out.ns4.test$n.6 2>&1 grep "'nta' failed: not found" rndc.out.ns4.test$n.6 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 n=`expr $n + 1` -echo "I: testing NTA with bogus lifetimes ($n)" -echo "I:check with no nta lifetime specified" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 +echo_i "testing NTA with bogus lifetimes ($n)" +echo_i "check with no nta lifetime specified" +$RNDCCMD 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.1 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 -echo "I:check with bad nta lifetime" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 +echo_i "check with bad nta lifetime" +$RNDCCMD 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.2 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 -echo "I:check with too long nta lifetime" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 +echo_i "check with too long nta lifetime" +$RNDCCMD 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 grep "'nta' failed: out of range" rndc.out.ns4.test$n.3 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 @@ -1834,22 +1838,22 @@ ret=0 # check NTA persistence across restarts # n=`expr $n + 1` -echo "I: testing NTA persistence across restarts ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 +echo_i "testing NTA persistence across restarts ($n)" +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 lines=`grep " expiry " rndc.out.ns4.test$n.1 | wc -l` [ "$lines" -eq 0 ] || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -f -l 30s bogus.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -f -l 10s badds.example 2>&1 | sed 's/^/I:ns4 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.2 +$RNDCCMD 10.53.0.4 nta -f -l 30s bogus.example 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta -f -l 10s badds.example 2>&1 | sed 's/^/ns4 /' | cat_i +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.2 lines=`grep " expiry " rndc.out.ns4.test$n.2 | wc -l` [ "$lines" -eq 2 ] || ret=1 start=`$PERL -e 'print time()."\n";'` -if [ $ret != 0 ]; then echo "I:failed - NTA persistence: adding NTA's failed"; fi +if [ $ret != 0 ]; then echo_i "failed - NTA persistence: adding NTA's failed"; fi status=`expr $status + $ret` ret=0 -echo "I:killing ns4 with SIGTERM" +echo_i "killing ns4 with SIGTERM" cd ns4 $KILL -TERM `cat named.pid` rm -f named.pid @@ -1859,19 +1863,19 @@ cd .. # ns4 has now shutdown. wait until t=14 when badds.example's NTA # (lifetime=10s) would have expired, and then restart ns4. # -echo "I:waiting till 14s have passed since NTAs were added before restarting ns4" +echo_i "waiting till 14s have passed since NTAs were added before restarting ns4" $PERL -e 'my $delay = '$start' + 14 - time(); select(undef, undef, undef, $delay) if ($delay > 0);' if - $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns4 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns4 then - echo "I:restarted server ns4" + echo_i "restarted server ns4" else - echo "I:could not restart server ns4" + echo_i "could not restart server ns4" exit 1 fi -echo "I:sleeping for an additional 4 seconds for ns4 to fully startup" +echo_i "sleeping for an additional 4 seconds for ns4 to fully startup" sleep 4 # @@ -1880,7 +1884,7 @@ sleep 4 # startup (as it had already expired), the fact that it's ignored should # be logged. # -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.3 +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.3 lines=`wc -l < rndc.out.ns4.test$n.3` [ "$lines" -eq 1 ] || ret=1 grep "bogus.example: expiry" rndc.out.ns4.test$n.3 > /dev/null || ret=1 @@ -1892,9 +1896,9 @@ grep "status: SERVFAIL" dig.out.ns4.test$n.5 > /dev/null || ret=1 grep "ignoring expired NTA at badds.example" ns4/named.run > /dev/null || ret=1 # cleanup -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove bogus.example > rndc.out.ns4.test$n.6 +$RNDCCMD 10.53.0.4 nta -remove bogus.example > rndc.out.ns4.test$n.6 -if [ $ret != 0 ]; then echo "I:failed - NTA persistence: restoring NTA failed"; fi +if [ $ret != 0 ]; then echo_i "failed - NTA persistence: restoring NTA failed"; fi status=`expr $status + $ret` ret=0 @@ -1903,8 +1907,8 @@ ret=0 # startup. # n=`expr $n + 1` -echo "I: testing loading regular attribute from NTA file ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 2>/dev/null +echo_i "testing loading regular attribute from NTA file ($n)" +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null lines=`wc -l < rndc.out.ns4.test$n.1` [ "$lines" -eq 0 ] || ret=1 # initially, secure.example. validates with AD=1 @@ -1912,13 +1916,13 @@ $DIG $DIGOPTS a.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.2 > /dev/null || ret=1 -echo "I:killing ns4 with SIGTERM" +echo_i "killing ns4 with SIGTERM" cd ns4 $KILL -TERM `cat named.pid` rm -f named.pid cd .. -echo "I:sleeping for an additional 4 seconds for ns4 to fully shutdown" +echo_i "sleeping for an additional 4 seconds for ns4 to fully shutdown" sleep 4 # @@ -1931,17 +1935,17 @@ echo "secure.example. regular $future" > ns4/_default.nta start=`$PERL -e 'print time()."\n";'` if - $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns4 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns4 then - echo "I:restarted server ns4" + echo_i "restarted server ns4" else - echo "I:could not restart server ns4" + echo_i "could not restart server ns4" exit 1 fi # nta-recheck is configured as 7s, so at t=10 the NTAs for # secure.example. should be lifted as it is not a forced NTA. -echo "I:waiting till 10s have passed after ns4 was restarted" +echo_i "waiting till 10s have passed after ns4 was restarted" $PERL -e 'my $delay = '$start' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);' # secure.example. should now return an AD=1 answer (still validates) as @@ -1951,9 +1955,9 @@ grep "status: SERVFAIL" dig.out.ns4.test$n.3 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.3 > /dev/null || ret=1 # cleanup -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove secure.example > rndc.out.ns4.test$n.4 2>/dev/null +$RNDCCMD 10.53.0.4 nta -remove secure.example > rndc.out.ns4.test$n.4 2>/dev/null -if [ $ret != 0 ]; then echo "I:failed - NTA persistence: loading regular NTAs failed"; fi +if [ $ret != 0 ]; then echo_i "failed - NTA persistence: loading regular NTAs failed"; fi status=`expr $status + $ret` ret=0 @@ -1962,8 +1966,8 @@ ret=0 # startup. # n=`expr $n + 1` -echo "I: testing loading forced attribute from NTA file ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 2>/dev/null +echo_i "testing loading forced attribute from NTA file ($n)" +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null lines=`wc -l < rndc.out.ns4.test$n.1` [ "$lines" -eq 0 ] || ret=1 # initially, secure.example. validates with AD=1 @@ -1971,13 +1975,13 @@ $DIG $DIGOPTS a.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.2 > /dev/null || ret=1 -echo "I:killing ns4 with SIGTERM" +echo_i "killing ns4 with SIGTERM" cd ns4 $KILL -TERM `cat named.pid` rm -f named.pid cd .. -echo "I:sleeping for an additional 4 seconds for ns4 to fully shutdown" +echo_i "sleeping for an additional 4 seconds for ns4 to fully shutdown" sleep 4 # @@ -1988,17 +1992,17 @@ echo "secure.example. forced $future" > ns4/_default.nta start=`$PERL -e 'print time()."\n";'` if - $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns4 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns4 then - echo "I:restarted server ns4" + echo_i "restarted server ns4" else - echo "I:could not restart server ns4" + echo_i "could not restart server ns4" exit 1 fi # nta-recheck is configured as 7s, but even at t=10 the NTAs for # secure.example. should not be lifted as it is a forced NTA. -echo "I:waiting till 10s have passed after ns4 was restarted" +echo_i "waiting till 10s have passed after ns4 was restarted" $PERL -e 'my $delay = '$start' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);' # secure.example. should now return an AD=0 answer (non-authenticated) @@ -2008,9 +2012,9 @@ grep "status: SERVFAIL" dig.out.ns4.test$n.3 > /dev/null && ret=1 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.3 > /dev/null && ret=1 # cleanup -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove secure.example > rndc.out.ns4.test$n.4 2>/dev/null +$RNDCCMD 10.53.0.4 nta -remove secure.example > rndc.out.ns4.test$n.4 2>/dev/null -if [ $ret != 0 ]; then echo "I:failed - NTA persistence: loading forced NTAs failed"; fi +if [ $ret != 0 ]; then echo_i "failed - NTA persistence: loading forced NTAs failed"; fi status=`expr $status + $ret` ret=0 @@ -2018,15 +2022,15 @@ ret=0 # check that NTA lifetime read from file is clamped to 1 week. # n=`expr $n + 1` -echo "I: testing loading out of bounds lifetime from NTA file ($n)" +echo_i "testing loading out of bounds lifetime from NTA file ($n)" -echo "I:killing ns4 with SIGTERM" +echo_i "killing ns4 with SIGTERM" cd ns4 $KILL -TERM `cat named.pid` rm -f named.pid cd .. -echo "I:sleeping for an additional 4 seconds for ns4 to fully shutdown" +echo_i "sleeping for an additional 4 seconds for ns4 to fully shutdown" sleep 4 # @@ -2037,19 +2041,19 @@ echo "secure.example. forced $future" > ns4/_default.nta added=`$PERL -e 'print time()."\n";'` if - $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns4 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns4 then - echo "I:restarted server ns4" + echo_i "restarted server ns4" else - echo "I:could not restart server ns4" + echo_i "could not restart server ns4" exit 1 fi -echo "I:sleeping for an additional 4 seconds for ns4 to fully startup" +echo_i "sleeping for an additional 4 seconds for ns4 to fully startup" sleep 4 # dump the NTA to a file -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n.1 2>/dev/null +$RNDCCMD 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null lines=`wc -l < rndc.out.ns4.test$n.1` [ "$lines" -eq 1 ] || ret=1 ts=`awk '{print $3" "$4}' < rndc.out.ns4.test$n.1` @@ -2067,62 +2071,66 @@ then # less than a few seconds (handle daylight saving changes by adding 3600). [ $d -lt 3610 ] || ret=1 else - echo "I: skipped ntadiff test; install PERL module Time::Piece" + echo_i "skipped ntadiff test; install PERL module Time::Piece" fi # cleanup -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -remove secure.example > rndc.out.ns4.test$n.3 2>/dev/null +$RNDCCMD 10.53.0.4 nta -remove secure.example > rndc.out.ns4.test$n.3 2>/dev/null -if [ $ret != 0 ]; then echo "I:failed - NTA lifetime clamping failed"; fi +if [ $ret != 0 ]; then echo_i "failed - NTA lifetime clamping failed"; fi status=`expr $status + $ret` ret=0 -echo "I:completed NTA tests" +echo_i "completed NTA tests" # Run a minimal update test if possible. This is really just # a regression test for RT #2399; more tests should be added. if $PERL -e 'use Net::DNS;' 2>/dev/null then - echo "I:running DNSSEC update test" - $PERL dnssec_update_test.pl -s 10.53.0.3 -p 5300 dynamic.example. || status=1 + echo_i "running DNSSEC update test" + ret=0 + { + $PERL dnssec_update_test.pl -s 10.53.0.3 -p ${PORT} dynamic.example. || ret=1 + } | cat_i + [ $ret -eq 1 ] && status=1 else - echo "I:The DNSSEC update test requires the Net::DNS library." >&2 + echo_i "The DNSSEC update test requires the Net::DNS library." >&2 fi n=`expr $n + 1` -echo "I:checking managed key maintenance has not started yet ($n)" +echo_i "checking managed key maintenance has not started yet ($n)" ret=0 [ -f "ns4/managed-keys.bind.jnl" ] && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Reconfigure caching server to use "dnssec-validation auto", and repeat # some of the DNSSEC validation tests to ensure that it works correctly. -echo "I:switching to automatic root key configuration" -cp ns4/named2.conf ns4/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' +echo_i "switching to automatic root key configuration" +copy_setports ns4/named2.conf.in ns4/named.conf +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i sleep 5 -echo "I:checking managed key maintenance timer has now started ($n)" +echo_i "checking managed key maintenance timer has now started ($n)" ret=0 [ -f "ns4/managed-keys.bind.jnl" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation NSEC ($n)" +echo_i "checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation NSEC3 ($n)" +echo_i "checking positive validation NSEC3 ($n)" ret=0 $DIG $DIGOPTS +noauth a.nsec3.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -2131,10 +2139,10 @@ $DIG $DIGOPTS +noauth a.nsec3.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking positive validation OPTOUT ($n)" +echo_i "checking positive validation OPTOUT ($n)" ret=0 $DIG $DIGOPTS +noauth a.optout.example. \ @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -2143,10 +2151,10 @@ $DIG $DIGOPTS +noauth a.optout.example. \ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking negative validation ($n)" +echo_i "checking negative validation ($n)" ret=0 $DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 @@ -2154,10 +2162,10 @@ $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that root DS queries validate ($n)" +echo_i "checking that root DS queries validate ($n)" ret=0 $DIG $DIGOPTS +noauth . @10.53.0.1 ds > dig.out.ns1.test$n || ret=1 $DIG $DIGOPTS +noauth . @10.53.0.4 ds > dig.out.ns4.test$n || ret=1 @@ -2165,45 +2173,45 @@ $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that DS at a RFC 1918 empty zone lookup succeeds ($n)" +echo_i "checking that DS at a RFC 1918 empty zone lookup succeeds ($n)" ret=0 $DIG $DIGOPTS +noauth 10.in-addr.arpa ds @10.53.0.2 >dig.out.ns2.test$n || ret=1 $DIG $DIGOPTS +noauth 10.in-addr.arpa ds @10.53.0.6 >dig.out.ns6.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns6.test$n || ret=1 grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking expired signatures remain with "'"allow-update { none; };"'" and no keys available ($n)" +echo_i "checking expired signatures remain with "'"allow-update { none; };"'" and no keys available ($n)" ret=0 $DIG $DIGOPTS +noauth expired.example. +dnssec @10.53.0.3 soa > dig.out.ns3.test$n || ret=1 grep "RRSIG.SOA" dig.out.ns3.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking expired signatures do not validate ($n)" +echo_i "checking expired signatures do not validate ($n)" ret=0 $DIG $DIGOPTS +noauth expired.example. +dnssec @10.53.0.4 soa > dig.out.ns4.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 grep "expired.example/.*: RRSIG has expired" ns4/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that the NSEC3 record for the apex is properly signed when a DNSKEY is added via UPDATE ($n)" +echo_i "checking that the NSEC3 record for the apex is properly signed when a DNSKEY is added via UPDATE ($n)" ret=0 ( cd ns3 kskname=`$KEYGEN -q -3 -a RSASHA1 -r $RANDFILE -fk update-nsec3.example` ( echo zone update-nsec3.example -echo server 10.53.0.3 5300 +echo server 10.53.0.3 ${PORT} grep DNSKEY ${kskname}.key | sed -e 's/^/update add /' -e 's/IN/300 IN/' echo send ) | $NSUPDATE @@ -2213,30 +2221,30 @@ grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 grep "NSEC3 .* TYPE65534" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that the NSEC record is properly generated when DNSKEY are added via auto-dnssec ($n)" +echo_i "checking that the NSEC record is properly generated when DNSKEY are added via auto-dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a auto-nsec.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 grep "IN.NSEC[^3].* DNSKEY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that the NSEC3 record is properly generated when DNSKEY are added via auto-dnssec ($n)" +echo_i "checking that the NSEC3 record is properly generated when DNSKEY are added via auto-dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a auto-nsec3.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 grep "IN.NSEC3 .* DNSKEY" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that signing records have been marked as complete ($n)" +echo_i "checking that signing records have been marked as complete ($n)" ret=0 checkprivate dynamic.example 10.53.0.3 || ret=1 checkprivate update-nsec3.example 10.53.0.3 || ret=1 @@ -2244,206 +2252,206 @@ checkprivate auto-nsec3.example 10.53.0.3 || ret=1 checkprivate expiring.example 10.53.0.3 || ret=1 checkprivate auto-nsec.example 10.53.0.3 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing' without arguments is handled ($n)" +echo_i "check that 'rndc signing' without arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -list' without zone is handled ($n)" +echo_i "check that 'rndc signing -list' without zone is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -list > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -clear' without additional arguments is handled ($n)" +echo_i "check that 'rndc signing -clear' without additional arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -clear > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -clear all' without zone is handled ($n)" +echo_i "check that 'rndc signing -clear all' without zone is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -clear all > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param' without additional arguments is handled ($n)" +echo_i "check that 'rndc signing -nsec3param' without additional arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param none' without zone is handled ($n)" +echo_i "check that 'rndc signing -nsec3param none' without zone is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param none > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param none > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param 1' without additional arguments is handled ($n)" +echo_i "check that 'rndc signing -nsec3param 1' without additional arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param 1 0' without additional arguments is handled ($n)" +echo_i "check that 'rndc signing -nsec3param 1 0' without additional arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param 1 0 0' without additional arguments is handled ($n)" +echo_i "check that 'rndc signing -nsec3param 1 0 0' without additional arguments is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param 1 0 0 -' without zone is handled ($n)" +echo_i "check that 'rndc signing -nsec3param 1 0 0 -' without zone is handled ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - > /dev/null 2>&1 && ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param' works with salt ($n)" +echo_i "check that 'rndc signing -nsec3param' works with salt ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 ffff inline.example > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 ffff inline.example > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 ; do salt=`$DIG $DIGOPTS +nodnssec +short nsec3param inline.example. @10.53.0.3 | awk '{print $4}'` if [ "$salt" = "FFFF" ]; then break; fi - echo "I:sleeping ...." + echo_i "sleeping ...." sleep 1 done; [ "$salt" = "FFFF" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param' works without salt ($n)" +echo_i "check that 'rndc signing -nsec3param' works without salt ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - inline.example > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - inline.example > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 ; do salt=`$DIG $DIGOPTS +nodnssec +short nsec3param inline.example. @10.53.0.3 | awk '{print $4}'` if [ "$salt" = "-" ]; then break; fi - echo "I:sleeping ...." + echo_i "sleeping ...." sleep 1 done; [ "$salt" = "-" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param' works with 'auto' as salt ($n)" +echo_i "check that 'rndc signing -nsec3param' works with 'auto' as salt ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 auto inline.example > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 auto inline.example > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 ; do salt=`$DIG $DIGOPTS +nodnssec +short nsec3param inline.example. @10.53.0.3 | awk '{print $4}'` [ -n "$salt" -a "$salt" != "-" ] && break - echo "I:sleeping ...." + echo_i "sleeping ...." sleep 1 done; [ "$salt" != "-" ] || ret=1 [ `expr "${salt}" : ".*"` -eq 16 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'rndc signing -nsec3param' with 'auto' as salt again generates a different salt ($n)" +echo_i "check that 'rndc signing -nsec3param' with 'auto' as salt again generates a different salt ($n)" ret=0 oldsalt=$salt -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 auto inline.example > /dev/null 2>&1 || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 auto inline.example > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 status > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 ; do salt=`$DIG $DIGOPTS +nodnssec +short nsec3param inline.example. @10.53.0.3 | awk '{print $4}'` [ -n "$salt" -a "$salt" != "$oldsalt" ] && break - echo "I:sleeping ...." + echo_i "sleeping ...." sleep 1 done; [ "$salt" != "$oldsalt" ] || ret=1 [ `expr "$salt" : ".*"` -eq 16 ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check rndc signing -list output ($n)" +echo_i "check rndc signing -list output ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list dynamic.example 2>&1 > signing.out +$RNDCCMD 10.53.0.3 signing -list dynamic.example 2>&1 > signing.out grep "No signing records found" signing.out > /dev/null 2>&1 || { ret=1 - sed 's/^/I:ns3 /' signing.out + sed 's/^/ns3 /' signing.out | cat_i } -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list update-nsec3.example 2>&1 > signing.out +$RNDCCMD 10.53.0.3 signing -list update-nsec3.example 2>&1 > signing.out grep "Done signing with key .*/NSEC3RSASHA1" signing.out > /dev/null 2>&1 || { ret=1 - sed 's/^/I:ns3 /' signing.out + sed 's/^/ns3 /' signing.out | cat_i } n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:clear signing records ($n)" -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all update-nsec3.example > /dev/null || ret=1 +echo_i "clear signing records ($n)" +$RNDCCMD 10.53.0.3 signing -clear all update-nsec3.example > /dev/null || ret=1 sleep 1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list update-nsec3.example 2>&1 > signing.out +$RNDCCMD 10.53.0.3 signing -list update-nsec3.example 2>&1 > signing.out grep "No signing records found" signing.out > /dev/null 2>&1 || { ret=1 - sed 's/^/I:ns3 /' signing.out + sed 's/^/ns3 /' signing.out | cat_i } n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a insecure zone beneath a cname resolves ($n)" +echo_i "checking that a insecure zone beneath a cname resolves ($n)" ret=0 $DIG $DIGOPTS soa insecure.below-cname.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a secure zone beneath a cname resolves ($n)" +echo_i "checking that a secure zone beneath a cname resolves ($n)" ret=0 $DIG $DIGOPTS soa secure.below-cname.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking dnskey query with no data still gets put in cache ($n)" +echo_i "checking dnskey query with no data still gets put in cache ($n)" ret=0 -myDIGOPTS="+noadd +nosea +nostat +noquest +nocomm +nocmd -p 5300 @10.53.0.4" +myDIGOPTS="+noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT} @10.53.0.4" firstVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'` sleep 1 secondVal=`$DIG $myDIGOPTS insecure.example. dnskey| awk '$1 != ";;" { print $2 }'` @@ -2453,39 +2461,39 @@ then thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '$1 != ";;" { print $2 }'` if [ ${firstVal:-0} -eq ${thirdVal:-0} ] then - echo "I: cannot confirm query answer still in cache" + echo_i "cannot confirm query answer still in cache" ret=1 fi fi n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a split dnssec dnssec-signzone work ($n)" +echo_i "check that a split dnssec dnssec-signzone work ($n)" ret=0 $DIG $DIGOPTS soa split-dnssec.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a smart split dnssec dnssec-signzone work ($n)" +echo_i "check that a smart split dnssec dnssec-signzone work ($n)" ret=0 $DIG $DIGOPTS soa split-smart.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that NOTIFY is sent at the end of NSEC3 chain generation ($n)" +echo_i "check that NOTIFY is sent at the end of NSEC3 chain generation ($n)" ret=0 ( echo zone nsec3chain-test -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update add nsec3chain-test. 0 nsec3param 1 0 1 123456 echo send ) | $NSUPDATE @@ -2496,11 +2504,11 @@ do then break; fi - echo "I:sleeping ...." + echo_i "sleeping ...." sleep 3 done; grep "ANSWER: 3," dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:nsec3 chain generation not complete"; fi +if [ $ret != 0 ]; then echo_i "nsec3 chain generation not complete"; fi $DIG $DIGOPTS +noauth +nodnssec soa nsec3chain-test @10.53.0.2 > dig.out.ns2.test$n || ret=1 s2=`awk '$4 == "SOA" { print $7}' dig.out.ns2.test$n` for i in 1 2 3 4 5 6 7 8 9 10 @@ -2512,10 +2520,10 @@ do done $PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check dnssec-dsfromkey from stdin ($n)" +echo_i "check dnssec-dsfromkey from stdin ($n)" ret=0 $DIG $DIGOPTS dnskey algroll. @10.53.0.2 | \ $DSFROMKEY -f - algroll. > dig.out.ns2.test$n || ret=1 @@ -2534,95 +2542,95 @@ awk '{ }' < ns1/dsset-algroll$TP > canonical2.$n || ret=1 diff -b canonical1.$n canonical2.$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Intentionally strip ".key" from keyfile name to ensure the error message # includes it anyway to avoid confusion (RT #21731) -echo "I:check dnssec-dsfromkey error message when keyfile is not found ($n)" +echo_i "check dnssec-dsfromkey error message when keyfile is not found ($n)" ret=0 key=`$KEYGEN -a RSASHA1 -q -r $RANDFILE example.` || ret=1 mv $key.key $key $DSFROMKEY $key > dsfromkey.out.$n 2>&1 && ret=1 grep "$key.key: file not found" dsfromkey.out.$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing soon-to-expire RRSIGs without a replacement private key ($n)" +echo_i "testing soon-to-expire RRSIGs without a replacement private key ($n)" ret=0 -$DIG +noall +answer +dnssec +nottlid -p 5300 expiring.example ns @10.53.0.3 | grep RRSIG > dig.out.ns3.test$n 2>&1 +$DIG $ANSWEROPTS +nottlid expiring.example ns @10.53.0.3 | grep RRSIG > dig.out.ns3.test$n 2>&1 # there must be a signature here [ -s dig.out.ns3.test$n ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing new records are signed with 'no-resign' ($n)" +echo_i "testing new records are signed with 'no-resign' ($n)" ret=0 ( echo zone nosign.example -echo server 10.53.0.3 5300 +echo server 10.53.0.3 ${PORT} echo update add new.nosign.example 300 in txt "hi there" echo send ) | $NSUPDATE sleep 1 -$DIG +noall +answer +dnssec -p 5300 txt new.nosign.example @10.53.0.3 \ +$DIG $ANSWEROPTS +nottlid txt new.nosign.example @10.53.0.3 \ > dig.out.ns3.test$n 2>&1 grep RRSIG dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing expiring records aren't resigned with 'no-resign' ($n)" +echo_i "testing expiring records aren't resigned with 'no-resign' ($n)" ret=0 -$DIG +noall +answer +dnssec +nottlid -p 5300 nosign.example ns @10.53.0.3 | \ +$DIG $ANSWEROPTS +nottlid nosign.example ns @10.53.0.3 | \ grep RRSIG | sed 's/[ ][ ]*/ /g' > dig.out.ns3.test$n 2>&1 # the NS RRSIG should not be changed cmp -s nosign.before dig.out.ns3.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing updates fail with no private key ($n)" +echo_i "testing updates fail with no private key ($n)" ret=0 rm -f ns3/Knosign.example.*.private ( echo zone nosign.example -echo server 10.53.0.3 5300 +echo server 10.53.0.3 ${PORT} echo update add fail.nosign.example 300 in txt "reject me" echo send ) | $NSUPDATE > /dev/null 2>&1 && ret=1 -$DIG +tcp +noall +answer +dnssec -p 5300 fail.nosign.example txt @10.53.0.3 \ +$DIG $ANSWEROPTS +nottlid fail.nosign.example txt @10.53.0.3 \ > dig.out.ns3.test$n 2>&1 [ -s dig.out.ns3.test$n ] && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing legacy upper case signer name validation ($n)" +echo_i "testing legacy upper case signer name validation ($n)" ret=0 -$DIG +tcp +dnssec -p 5300 +noadd +noauth soa upper.example @10.53.0.4 \ +$DIG +tcp +noadd +noauth +dnssec -p ${PORT} soa upper.example @10.53.0.4 \ > dig.out.ns4.test$n 2>&1 grep 'flags:.* ad;' dig.out.ns4.test$n > /dev/null || ret=1 grep 'RRSIG.*SOA.* UPPER\.EXAMPLE\. ' dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing that we lower case signer name ($n)" +echo_i "testing that we lower case signer name ($n)" ret=0 -$DIG +tcp +dnssec -p 5300 +noadd +noauth soa LOWER.EXAMPLE @10.53.0.4 \ +$DIG +tcp +noadd +noauth +dnssec -p ${PORT} soa LOWER.EXAMPLE @10.53.0.4 \ > dig.out.ns4.test$n 2>&1 grep 'flags:.* ad;' dig.out.ns4.test$n > /dev/null || ret=1 grep 'RRSIG.*SOA.* lower\.example\. ' dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing TTL is capped at RRSIG expiry time ($n)" +echo_i "testing TTL is capped at RRSIG expiry time ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze expiring.example 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 freeze expiring.example 2>&1 | sed 's/^/ns3 /' | cat_i ( cd ns3 for file in K*.moved; do @@ -2630,11 +2638,11 @@ for file in K*.moved; do done $SIGNER -S -r $RANDFILE -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1 ) || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload expiring.example 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 reload expiring.example 2>&1 | sed 's/^/ns3 /' | cat_i -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush -$DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n -$DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n +$RNDCCMD 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i +$DIG $ANSWEROPTS +cd expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n +$DIG $ANSWEROPTS expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` for ttl in ${ttls:-0}; do @@ -2644,15 +2652,15 @@ for ttl in ${ttls2:-0}; do [ ${ttl:-0} -le 60 ] || ret=1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section ($n)" +echo_i "testing TTL is capped at RRSIG expiry time for records in the additional section ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush +$RNDCCMD 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i sleep 1 -$DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n -$DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n +$DIG $ANSWEROPTS +cd expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n +$DIG $ANSWEROPTS expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` for ttl in ${ttls:-300}; do @@ -2662,18 +2670,18 @@ for ttl in ${ttls2:-0}; do [ ${ttl:-0} -le 60 ] || ret=1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -cp ns4/named3.conf ns4/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' +copy_setports ns4/named3.conf.in ns4/named.conf +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i sleep 3 -echo "I:testing TTL of about to expire RRsets with dnssec-accept-expired yes; ($n)" +echo_i "testing TTL of about to expire RRsets with dnssec-accept-expired yes; ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush -$DIG +noall +answer +dnssec +cd -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n -$DIG +noall +answer +dnssec -p 5300 expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n +$RNDCCMD 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i +$DIG $ANSWEROPTS +cd expiring.example soa @10.53.0.4 > dig.out.ns4.1.$n +$DIG $ANSWEROPTS expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` for ttl in ${ttls:-0}; do @@ -2683,13 +2691,13 @@ for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing TTL of expired RRsets with dnssec-accept-expired yes; ($n)" +echo_i "testing TTL of expired RRsets with dnssec-accept-expired yes; ($n)" ret=0 -$DIG +noall +answer +dnssec +cd -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.1.$n -$DIG +noall +answer +dnssec -p 5300 expired.example soa @10.53.0.4 > dig.out.ns4.2.$n +$DIG $ANSWEROPTS +cd expired.example soa @10.53.0.4 > dig.out.ns4.1.$n +$DIG $ANSWEROPTS expired.example soa @10.53.0.4 > dig.out.ns4.2.$n ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` for ttl in ${ttls:-0}; do @@ -2699,14 +2707,14 @@ for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing TTL is capped at RRSIG expiry time for records in the additional section with dnssec-accept-expired yes; ($n)" +echo_i "testing TTL is capped at RRSIG expiry time for records in the additional section with dnssec-accept-expired yes; ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 flush -$DIG +noall +additional +dnssec +cd -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n -$DIG +noall +additional +dnssec -p 5300 expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n +$RNDCCMD 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i +$DIG $ANSWEROPTS +cd expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n +$DIG $ANSWEROPTS expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n ttls=`awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n` ttls2=`awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n` for ttl in ${ttls:-300}; do @@ -2716,10 +2724,10 @@ for ttl in ${ttls2:-0}; do [ $ttl -le 120 -a $ttl -gt 60 ] || ret=1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing DNSKEY lookup via CNAME ($n)" +echo_i "testing DNSKEY lookup via CNAME ($n)" ret=0 $DIG $DIGOPTS +noauth cnameandkey.secure.example. \ @10.53.0.3 dnskey > dig.out.ns3.test$n || ret=1 @@ -2729,10 +2737,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "CNAME" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing KEY lookup at CNAME (present) ($n)" +echo_i "testing KEY lookup at CNAME (present) ($n)" ret=0 $DIG $DIGOPTS +noauth cnameandkey.secure.example. \ @10.53.0.3 key > dig.out.ns3.test$n || ret=1 @@ -2742,10 +2750,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "CNAME" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing KEY lookup at CNAME (not present) ($n)" +echo_i "testing KEY lookup at CNAME (not present) ($n)" ret=0 $DIG $DIGOPTS +noauth cnamenokey.secure.example. \ @10.53.0.3 key > dig.out.ns3.test$n || ret=1 @@ -2755,10 +2763,10 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "CNAME" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing DNSKEY lookup via DNAME ($n)" +echo_i "testing DNSKEY lookup via DNAME ($n)" ret=0 $DIG $DIGOPTS a.dnameandkey.secure.example. \ @10.53.0.3 dnskey > dig.out.ns3.test$n || ret=1 @@ -2769,10 +2777,10 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "CNAME" dig.out.ns4.test$n > /dev/null || ret=1 grep "DNAME" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:testing KEY lookup via DNAME ($n)" +echo_i "testing KEY lookup via DNAME ($n)" ret=0 $DIG $DIGOPTS b.dnameandkey.secure.example. \ @10.53.0.3 key > dig.out.ns3.test$n || ret=1 @@ -2782,18 +2790,18 @@ $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "DNAME" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that named doesn't loop when all private keys are not available ($n)" +echo_i "check that named doesn't loop when all private keys are not available ($n)" ret=0 lines=`grep "reading private key file expiring.example" ns3/named.run | wc -l` test ${lines:-1000} -lt 15 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check against against missing nearest provable proof ($n)" +echo_i "check against against missing nearest provable proof ($n)" $DIG $DIGOPTS +norec b.c.d.optout-tld. \ @10.53.0.6 ds > dig.out.ds.ns6.test$n || ret=1 nsec3=`grep "IN.NSEC3" dig.out.ds.ns6.test$n | wc -l` @@ -2810,21 +2818,21 @@ $DIG $DIGOPTS b.c.d.optout-tld. \ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that key id are logged when dumping the cache ($n)" +echo_i "check that key id are logged when dumping the cache ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 dumpdb 2>&1 | sed 's/^/I:ns1 /' +$RNDCCMD 10.53.0.4 dumpdb 2>&1 | sed 's/^/ns4 /' | cat_i sleep 1 grep "; key id = " ns4/named_dump.db > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check KEYDATA records are printed in human readable form in key zone ($n)" +echo_i "check KEYDATA records are printed in human readable form in key zone ($n)" # force the managed-keys zone to be written out -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 managed-keys sync 2>&1 | sed 's/^/I:ns4 /' +$RNDCCMD 10.53.0.4 managed-keys sync 2>&1 | sed 's/^/ns4 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ret=0 @@ -2838,10 +2846,10 @@ do sleep 1 done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check dig's +nocrypto flag ($n)" +echo_i "check dig's +nocrypto flag ($n)" ret=0 $DIG $DIGOPTS +norec +nocrypto DNSKEY . \ @10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1 @@ -2851,10 +2859,10 @@ $DIG $DIGOPTS +norec +nocrypto DS example \ @10.53.0.1 > dig.out.ds.ns1.test$n || ret=1 grep 'DS.* 3 [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check simultaneous inactivation and publishing of dnskeys removes inactive signature ($n)" +echo_i "check simultaneous inactivation and publishing of dnskeys removes inactive signature ($n)" ret=0 cnt=0 while : @@ -2871,29 +2879,29 @@ sigs=`grep RRSIG dig.out.ns3.test$n | wc -l` sigs=`expr $sigs + 0` n=`expr $n + 1` test $sigs -eq 2 || ret=1 -if test $ret != 0 ; then echo "I:failed"; fi +if test $ret != 0 ; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that increasing the sig-validity-interval resigning triggers re-signing ($n)" +echo_i "check that increasing the sig-validity-interval resigning triggers re-signing ($n)" ret=0 -before=`$DIG axfr siginterval.example -p 5300 @10.53.0.3 | grep RRSIG.SOA` +before=`$DIG axfr siginterval.example -p ${PORT} @10.53.0.3 | grep RRSIG.SOA` cp ns3/siginterval2.conf ns3/siginterval.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' +$RNDCCMD 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 0 do -after=`$DIG axfr siginterval.example -p 5300 @10.53.0.3 | grep RRSIG.SOA` +after=`$DIG axfr siginterval.example -p ${PORT} @10.53.0.3 | grep RRSIG.SOA` test "$before" != "$after" && break sleep 1 done n=`expr $n + 1` -if test "$before" = "$after" ; then echo "I:failed"; ret=1; fi +if test "$before" = "$after" ; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` -cp ns4/named4.conf ns4/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' +copy_setports ns4/named4.conf.in ns4/named.conf +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i sleep 3 -echo "I:check insecure delegation between static-stub zones ($n)" +echo_i "check insecure delegation between static-stub zones ($n)" ret=0 $DIG $DIGOPTS ns insecure.secure.example \ @10.53.0.4 > dig.out.ns4.1.test$n || ret=1 @@ -2902,10 +2910,10 @@ $DIG $DIGOPTS ns secure.example \ @10.53.0.4 > dig.out.ns4.2.test$n || ret=1 grep "SERVFAIL" dig.out.ns4.2.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check the acceptance of seconds as inception and expiration times ($n)" +echo_i "check the acceptance of seconds as inception and expiration times ($n)" ret=0 in="NSEC 8 0 86400 1390003200 1389394800 33655 . NYWjZYBV1b+h4j0yu/SmPOOylR8P4IXKDzHX3NwEmU1SUp27aJ91dP+i+UBcnPmBib0hck4DrFVvpflCEpCnVQd2DexcN0GX+3PM7XobxhtDlmnU X1L47zJlbdHNwTqHuPaMM6Xy9HGMXps7O5JVyfggVhTz2C+G5OVxBdb2rOo=" @@ -2914,12 +2922,12 @@ exp="NSEC 8 0 86400 20140118000000 20140110230000 33655 . NYWjZYBV1b+h4j0yu/SmPO out=`echo "IN RRSIG $in" | $RRCHECKER -p | sed 's/^IN.RRSIG.//'` [ "$out" = "$exp" ] || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check the correct resigning time is reported in zonestatus ($n)" +echo_i "check the correct resigning time is reported in zonestatus ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 \ +$RNDCCMD 10.53.0.3 \ zonestatus secure.example > rndc.out.ns3.test$n # next resign node: secure.example/DNSKEY name=`awk '/next resign node:/ { print $4 }' rndc.out.ns3.test$n | sed 's;/; ;'` @@ -2929,23 +2937,23 @@ time=`awk 'BEGIN { m["Jan"] = "01"; m["Feb"] = "02"; m["Mar"] = "03"; m["Jul"] = "07"; m["Aug"] = "08"; m["Sep"] = "09"; m["Oct"] = "10"; m["Nov"] = "11"; m["Dec"] = "12";} /next resign time:/ { printf "%d%s%02d%s\n", $7, m[$6], $5, $8 }' rndc.out.ns3.test$n | sed 's/://g'` -$DIG $DIGOPTS +noall +answer $name @10.53.0.3 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +noall +answer $name @10.53.0.3 > dig.out.test$n expire=`awk '$4 == "RRSIG" { print $9 }' dig.out.test$n` inception=`awk '$4 == "RRSIG" { print $10 }' dig.out.test$n` $PERL -e 'exit(0) if ("'"$time"'" lt "'"$expire"'" && "'"$time"'" gt "'"$inception"'"); exit(1);' || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that split rrsigs are handled ($n)" +echo_i "check that split rrsigs are handled ($n)" ret=0 $DIG $DIGOPTS split-rrsig soa @10.53.0.7 > dig.out.test$n || ret=1 -awk 'BEGIN { ok=0; } $4 == "SOA" { if ($7 > 1) ok=1; } END { if (!ok) exit(1); }' dig.out.test$n || ret=1 +awk 'BEGIN { ok=0; } $4 == "SOA" { if ($7 > 1) ok=1; } END { if (!ok) exit(1); }' dig.out.test$n || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'dnssec-keygen -S' works for all supported algorithms ($n)" +echo_i "check that 'dnssec-keygen -S' works for all supported algorithms ($n)" ret=0 alg=1 until test $alg = 256 @@ -2981,7 +2989,7 @@ do fi if test -z "$key1" then - echo "I: '$KEYGEN -a $alg': failed" + echo_i "'$KEYGEN -a $alg': failed" cat keygen.err ret=1 alg=`expr $alg + 1` @@ -2991,58 +2999,58 @@ do key2=`$KEYGEN -v 10 -r $RANDFILE -i 3d -S $key1.private 2> /dev/null` test -f $key2.key -a -f $key2.private || { ret=1 - echo "I: 'dnssec-keygen -S' failed for algorithm: $alg" + echo_i "'dnssec-keygen -S' failed for algorithm: $alg" } alg=`expr $alg + 1` done n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDS records are signed using KSK by dnssec-signzone ($n)" +echo_i "check that CDS records are signed using KSK by dnssec-signzone ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cds cds.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDS records are not signed using ZSK by dnssec-signzone -x ($n)" +echo_i "check that CDS records are not signed using ZSK by dnssec-signzone -x ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cds cds-x.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that positive unknown NSEC3 hash algorithm does validate ($n)" +echo_i "checking that positive unknown NSEC3 hash algorithm does validate ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 nsec3-unknown.example SOA > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 nsec3-unknown.example SOA > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 nsec3-unknown.example SOA > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 nsec3-unknown.example SOA > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDS records are signed using KSK by with dnssec-auto ($n)" +echo_i "check that CDS records are signed using KSK by with dnssec-auto ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cds cds-auto.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a lone non matching CDS record is rejected ($n)" +echo_i "check that a lone non matching CDS record is rejected ($n)" ret=0 ( echo zone cds-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cds-update.secure CDS $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cds-update.secure | grep "DNSKEY.257" | sed 's/DNSKEY.257/DNSKEY 258/' | @@ -3055,14 +3063,14 @@ $DIG $DIGOPTS +noall +answer @10.53.0.2 cds cds-update.secure > dig.out.test$n lines=`awk '$4 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-10} -eq 0 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDS records are signed using KSK when added by nsupdate ($n)" +echo_i "check that CDS records are signed using KSK when added by nsupdate ($n)" ret=0 ( echo zone cds-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cds-update.secure CDS echo send $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cds-update.secure | @@ -3077,15 +3085,15 @@ test ${lines:-0} -eq 2 || ret=1 lines=`awk '$4 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDS records are signed only using KSK when added by" -echo "I: nsupdate when dnssec-dnskey-kskonly is yes ($n)" +echo_i "check that CDS records are signed only using KSK when added by" +echo_i " nsupdate when dnssec-dnskey-kskonly is yes ($n)" ret=0 ( echo zone cds-kskonly.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cds-kskonly.secure CDS echo send $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cds-kskonly.secure | @@ -3100,26 +3108,26 @@ test ${lines:-0} -eq 1 || ret=1 lines=`awk '$4 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that positive unknown NSEC3 hash algorithm with OPTOUT does validate ($n)" +echo_i "checking that positive unknown NSEC3 hash algorithm with OPTOUT does validate ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 optout-unknown.example SOA > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 optout-unknown.example SOA > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 optout-unknown.example SOA > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 optout-unknown.example SOA > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a non matching CDS record is accepted with a matching CDS record ($n)" +echo_i "check that a non matching CDS record is accepted with a matching CDS record ($n)" ret=0 ( echo zone cds-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cds-update.secure CDS echo send $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cds-update.secure | @@ -3138,72 +3146,72 @@ test ${lines:-0} -eq 2 || ret=1 lines=`awk '$4 == "CDS" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 4 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that negative unknown NSEC3 hash algorithm does not validate ($n)" +echo_i "checking that negative unknown NSEC3 hash algorithm does not validate ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 nsec3-unknown.example A > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 nsec3-unknown.example A > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 nsec3-unknown.example A > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 nsec3-unknown.example A > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: SERVFAIL," dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDNSKEY records are signed using KSK by dnssec-signzone ($n)" +echo_i "check that CDNSKEY records are signed using KSK by dnssec-signzone ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cdnskey cdnskey.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDNSKEY records are not signed using ZSK by dnssec-signzone -x ($n)" +echo_i "check that CDNSKEY records are not signed using ZSK by dnssec-signzone -x ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cdnskey cdnskey-x.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that negative unknown NSEC3 hash algorithm with OPTOUT does not validate ($n)" +echo_i "checking that negative unknown NSEC3 hash algorithm with OPTOUT does not validate ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 optout-unknown.example A > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 optout-unknown.example A > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 optout-unknown.example A > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 optout-unknown.example A > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: SERVFAIL," dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDNSKEY records are signed using KSK by with dnssec-auto ($n)" +echo_i "check that CDNSKEY records are signed using KSK by with dnssec-auto ($n)" ret=0 $DIG $DIGOPTS +noall +answer @10.53.0.2 cdnskey cdnskey-auto.secure > dig.out.test$n lines=`awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that unknown DNSKEY algorithm validates as insecure ($n)" +echo_i "checking that unknown DNSKEY algorithm validates as insecure ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 dnskey-unknown.example A > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 dnskey-unknown.example A > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 dnskey-unknown.example A > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 dnskey-unknown.example A > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a lone non matching CDNSKEY record is rejected ($n)" +echo_i "check that a lone non matching CDNSKEY record is rejected ($n)" ret=0 ( echo zone cdnskey-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cdnskey-update.secure CDNSKEY echo send $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cdnskey-update.secure | @@ -3215,25 +3223,25 @@ $DIG $DIGOPTS +noall +answer @10.53.0.2 cdnskey cdnskey-update.secure > dig.out. lines=`awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-10} -eq 0 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that unknown DNSKEY algorithm + unknown NSEC3 has algorithm validates as insecure ($n)" +echo_i "checking that unknown DNSKEY algorithm + unknown NSEC3 has algorithm validates as insecure ($n)" ret=0 -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.3 dnskey-nsec3-unknown.example A > dig.out.ns3.test$n -$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag -p 5300 @10.53.0.4 dnskey-nsec3-unknown.example A > dig.out.ns4.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.3 dnskey-nsec3-unknown.example A > dig.out.ns3.test$n +$DIG $DIGOPTS +noauth +noadd +nodnssec +adflag @10.53.0.4 dnskey-nsec3-unknown.example A > dig.out.ns4.test$n grep "status: NOERROR," dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.ns4.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDNSKEY records are signed using KSK when added by nsupdate ($n)" +echo_i "check that CDNSKEY records are signed using KSK when added by nsupdate ($n)" ret=0 ( echo zone cdnskey-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cdnskey-update.secure CDNSKEY $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cdnskey-update.secure | sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 257/p' @@ -3245,15 +3253,15 @@ test ${lines:-0} -eq 2 || ret=1 lines=`awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that CDNSKEY records are signed only using KSK when added by" -echo "I: nsupdate when dnssec-dnskey-kskonly is yes ($n)" +echo_i "check that CDNSKEY records are signed only using KSK when added by" +echo_i " nsupdate when dnssec-dnskey-kskonly is yes ($n)" ret=0 ( echo zone cdnskey-kskonly.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cdnskey-kskonly.secure CDNSKEY $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cdnskey-kskonly.secure | sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 257/p' @@ -3265,25 +3273,25 @@ test ${lines:-0} -eq 1 || ret=1 lines=`awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 1 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking initialization with a revoked managed key ($n)" +echo_i "checking initialization with a revoked managed key ($n)" ret=0 -cp ns5/named2.conf ns5/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.5 -p 9953 reconfig 2>&1 | sed 's/^/I:ns5 /' +copy_setports ns5/named2.conf.in ns5/named.conf +$RNDCCMD 10.53.0.5 reconfig 2>&1 | sed 's/^/ns5 /' | cat_i sleep 3 -$DIG $DIGOPTS +dnssec -p 5300 @10.53.0.5 SOA . > dig.out.ns5.test$n +$DIG $DIGOPTS +dnssec @10.53.0.5 SOA . > dig.out.ns5.test$n grep "status: SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a non matching CDNSKEY record is accepted with a matching CDNSKEY record ($n)" +echo_i "check that a non matching CDNSKEY record is accepted with a matching CDNSKEY record ($n)" ret=0 ( echo zone cdnskey-update.secure -echo server 10.53.0.2 5300 +echo server 10.53.0.2 ${PORT} echo update delete cdnskey-update.secure CDNSKEY $DIG $DIGOPTS +noall +answer @10.53.0.2 dnskey cdnskey-update.secure | sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 257/p' @@ -3297,10 +3305,10 @@ test ${lines:-0} -eq 2 || ret=1 lines=`awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l` test ${lines:-0} -eq 2 || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that RRSIGs are correctly removed from apex when RRset is removed NSEC ($n)" +echo_i "check that RRSIGs are correctly removed from apex when RRset is removed NSEC ($n)" ret=0 # generate signed zone with MX and AAAA records at apex. ( @@ -3322,10 +3330,10 @@ grep "RRSIG MX" signer/remove.db.signed > /dev/null && { ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n; } n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that RRSIGs are correctly removed from apex when RRset is removed NSEC3 ($n)" +echo_i "check that RRSIGs are correctly removed from apex when RRset is removed NSEC3 ($n)" ret=0 # generate signed zone with MX and AAAA records at apex. ( @@ -3345,53 +3353,53 @@ grep "RRSIG MX" signer/remove.db.signed > /dev/null && { ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n; } n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that a named managed zone that was signed 'in-the-future' is re-signed when loaded ($n)" +echo_i "check that a named managed zone that was signed 'in-the-future' is re-signed when loaded ($n)" ret=0 $DIG $DIGOPTS managed-future.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that trust-anchor-telemetry queries are logged ($n)" +echo_i "check that trust-anchor-telemetry queries are logged ($n)" ret=0 grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/NULL" ns6/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that _ta-XXXX trust-anchor-telemetry queries are logged ($n)" +echo_i "check that _ta-XXXX trust-anchor-telemetry queries are logged ($n)" ret=0 grep "trust-anchor-telemetry '_ta-[0-9a-f]*/IN' from" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that _ta-AAAA trust-anchor-telemetry are not sent when disabled ($n)" +echo_i "check that _ta-AAAA trust-anchor-telemetry are not sent when disabled ($n)" ret=0 grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/IN" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that KEY-TAG trust-anchor-telemetry queries are logged ($n)" +echo_i "check that KEY-TAG trust-anchor-telemetry queries are logged ($n)" ret=0 $DIG $DIGOPTS . dnskey +ednsopt=KEY-TAG:ffff @10.53.0.1 > dig.out.ns4.test$n || ret=1 grep "trust-anchor-telemetry './IN' from .* 65535" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that the view is logged in messages from the validator when using views ($n)" +echo_i "check that the view is logged in messages from the validator when using views ($n)" ret=0 grep "view rec: *validat" ns4/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnstap/clean.sh b/bin/tests/system/dnstap/clean.sh index 37e490b188..b579126ea0 100644 --- a/bin/tests/system/dnstap/clean.sh +++ b/bin/tests/system/dnstap/clean.sh @@ -6,6 +6,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +rm -f */named.conf rm -f */named.memstats rm -f */named.run rm -f */named.stats diff --git a/bin/tests/system/dnstap/ns1/named.conf b/bin/tests/system/dnstap/ns1/named.conf.in similarity index 89% rename from bin/tests/system/dnstap/ns1/named.conf rename to bin/tests/system/dnstap/ns1/named.conf.in index 95152977fd..ad0568f86b 100644 --- a/bin/tests/system/dnstap/ns1/named.conf +++ b/bin/tests/system/dnstap/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -33,7 +31,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnstap/ns2/named.conf b/bin/tests/system/dnstap/ns2/named.conf.in similarity index 83% rename from bin/tests/system/dnstap/ns2/named.conf rename to bin/tests/system/dnstap/ns2/named.conf.in index 8fd5f26129..3b9761e6fc 100644 --- a/bin/tests/system/dnstap/ns2/named.conf +++ b/bin/tests/system/dnstap/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -27,7 +25,14 @@ options { require-server-cookie no; }; -include "../../common/controls.conf"; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; zone "." { type hint; diff --git a/bin/tests/system/dnstap/ns3/named.conf b/bin/tests/system/dnstap/ns3/named.conf.in similarity index 89% rename from bin/tests/system/dnstap/ns3/named.conf rename to bin/tests/system/dnstap/ns3/named.conf.in index 9764c093e6..ab7beec1e3 100644 --- a/bin/tests/system/dnstap/ns3/named.conf +++ b/bin/tests/system/dnstap/ns3/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -36,7 +34,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnstap/ns4/named.conf b/bin/tests/system/dnstap/ns4/named.conf.in similarity index 89% rename from bin/tests/system/dnstap/ns4/named.conf rename to bin/tests/system/dnstap/ns4/named.conf.in index eece1b98c5..b03004dd52 100644 --- a/bin/tests/system/dnstap/ns4/named.conf +++ b/bin/tests/system/dnstap/ns4/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.4; }; @@ -35,7 +33,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/dnstap/setup.sh b/bin/tests/system/dnstap/setup.sh new file mode 100644 index 0000000000..a3303c3117 --- /dev/null +++ b/bin/tests/system/dnstap/setup.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf diff --git a/bin/tests/system/dnstap/tests.sh b/bin/tests/system/dnstap/tests.sh index 1d84dd1a57..ce38a77d29 100644 --- a/bin/tests/system/dnstap/tests.sh +++ b/bin/tests/system/dnstap/tests.sh @@ -9,29 +9,30 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -RNDCCMD="$RNDC -p 9953 -c ../common/rndc.conf" +DIGOPTS="+short -p ${PORT}" +RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf" status=0 for bad in bad-*.conf do ret=0 - echo "I: checking that named-checkconf detects error in $bad" + echo_i "checking that named-checkconf detects error in $bad" $CHECKCONF $bad > /dev/null 2>&1 - if [ $? != 1 ]; then echo "I:failed"; ret=1; fi + if [ $? != 1 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` done for good in good-*.conf do ret=0 - echo "I: checking that named-checkconf detects no error in $good" + echo_i "checking that named-checkconf detects no error in $good" $CHECKCONF $good > /dev/null 2>&1 - if [ $? != 0 ]; then echo "I:failed"; ret=1; fi + if [ $? != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` done -$DIG +short @10.53.0.3 -p 5300 a.example > dig.out +$DIG $DIGOPTS @10.53.0.3 a.example > dig.out # check three different dnstap reopen/roll methods: # ns1: dnstap-reopen; ns2: dnstap -reopen; ns3: dnstap -roll @@ -44,24 +45,24 @@ if [ -n "$FSTRM_CAPTURE" ] ; then fstrm_capture_pid=$! fi -$RNDCCMD -s 10.53.0.1 dnstap-reopen | sed 's/^/I:ns1 /' -$RNDCCMD -s 10.53.0.2 dnstap -reopen | sed 's/^/I:ns2 /' -$RNDCCMD -s 10.53.0.3 dnstap -roll | sed 's/^/I:ns3 /' -$RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/I:ns4 /' +$RNDCCMD -s 10.53.0.1 dnstap-reopen | sed 's/^/ns1 /' | cat_i +$RNDCCMD -s 10.53.0.2 dnstap -reopen | sed 's/^/ns2 /' | cat_i +$RNDCCMD -s 10.53.0.3 dnstap -roll | sed 's/^/ns3 /' | cat_i +$RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/ns4 /' | cat_i -$DIG +short @10.53.0.3 -p 5300 a.example > dig.out +$DIG $DIGOPTS @10.53.0.3 a.example > dig.out # XXX: file output should be flushed once a second according # to the libfstrm source, but it doesn't seem to happen until # enough data has accumulated. to get all the output, we stop # the name servers, forcing a flush on shutdown. it would be # nice to find a better way to do this. -$RNDCCMD -s 10.53.0.1 stop | sed 's/^/I:ns1 /' -$RNDCCMD -s 10.53.0.2 stop | sed 's/^/I:ns2 /' -$RNDCCMD -s 10.53.0.3 stop | sed 's/^/I:ns3 /' +$RNDCCMD -s 10.53.0.1 stop | sed 's/^/ns1 /' | cat_i +$RNDCCMD -s 10.53.0.2 stop | sed 's/^/ns2 /' | cat_i +$RNDCCMD -s 10.53.0.3 stop | sed 's/^/ns3 /' | cat_i sleep 1 -echo "I:checking initial message counts" +echo_i "checking initial message counts" udp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l` tcp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l` @@ -91,143 +92,143 @@ cr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l` rq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l` rr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l` -echo "I: checking UDP message counts" +echo_i "checking UDP message counts" ret=0 [ $udp1 -eq 0 ] || { - echo "I:ns1 $udp1 expected 0" + echo_i "ns1 $udp1 expected 0" ret=1 } [ $udp2 -eq 2 ] || { - echo "I:ns2 $udp2 expected 2" + echo_i "ns2 $udp2 expected 2" ret=1 } [ $udp3 -eq 4 ] || { - echo "I:ns3 $udp3 expected 4" + echo_i "ns3 $udp3 expected 4" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TCP message counts" +echo_i "checking TCP message counts" ret=0 [ $tcp1 -eq 6 ] || { - echo "I:ns1 $tcp1 expected 6" + echo_i "ns1 $tcp1 expected 6" ret=1 } [ $tcp2 -eq 2 ] || { - echo "I:ns2 $tcp2 expected 2" + echo_i "ns2 $tcp2 expected 2" ret=1 } [ $tcp3 -eq 6 ] || { - echo "I:ns3 $tcp3 expected 6" + echo_i "ns3 $tcp3 expected 6" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AUTH_QUERY message counts" +echo_i "checking AUTH_QUERY message counts" ret=0 [ $aq1 -eq 2 ] || { - echo "I:ns1 $aq1 exepcted 2" + echo_i "ns1 $aq1 exepcted 2" ret=1 } [ $aq2 -eq 1 ] || { - echo "I:ns2 $aq2 expected 1" + echo_i "ns2 $aq2 expected 1" ret=1 } [ $aq3 -eq 0 ] || { - echo "I:ns3 $aq3 expected 0" + echo_i "ns3 $aq3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AUTH_RESPONSE message counts" +echo_i "checking AUTH_RESPONSE message counts" ret=0 [ $ar1 -eq 2 ] || { - echo "I:ns1 $ar1 expected 2" + echo_i "ns1 $ar1 expected 2" ret=1 } [ $ar2 -eq 1 ] || { - echo "I:ns2 $ar2 expected 1" + echo_i "ns2 $ar2 expected 1" ret=1 } [ $ar3 -eq 0 ] || { - echo "I:ns3 $ar3 expected 0" + echo_i "ns3 $ar3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking CLIENT_QUERY message counts" +echo_i "checking CLIENT_QUERY message counts" ret=0 [ $cq1 -eq 1 ] || { - echo "I:ns1 $cq1 expected 1" + echo_i "ns1 $cq1 expected 1" ret=1 } [ $cq2 -eq 1 ] || { - echo "I:ns2 $cq2 expected 1" + echo_i "ns2 $cq2 expected 1" ret=1 } [ $cq3 -eq 2 ] || { - echo "I:ns3 $cq3 expected 2" + echo_i "ns3 $cq3 expected 2" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking CLIENT_RESPONSE message counts" +echo_i "checking CLIENT_RESPONSE message counts" ret=0 [ $cr1 -eq 1 ] || { - echo "I:ns1 $cr1 expected 1" + echo_i "ns1 $cr1 expected 1" ret=1 } [ $cr2 -eq 1 ] || { - echo "I:ns2 $cr2 expected 1" + echo_i "ns2 $cr2 expected 1" ret=1 } [ $cr3 -eq 2 ] || { - echo "I:ns3 $cr3 expected 2" + echo_i "ns3 $cr3 expected 2" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking RESOLVER_QUERY message counts" +echo_i "checking RESOLVER_QUERY message counts" ret=0 [ $rq1 -eq 0 ] || { - echo "I:ns1 $rq1 expected 0" + echo_i "ns1 $rq1 expected 0" ret=1 } [ $rq2 -eq 0 ] || { - echo "I:ns2 $rq2 expected 0" + echo_i "ns2 $rq2 expected 0" ret=1 } [ $rq3 -eq 3 ] || { - echo "I:ns3 $rq3 expected 3" + echo_i "ns3 $rq3 expected 3" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking RESOLVER_RESPONSE message counts" +echo_i "checking RESOLVER_RESPONSE message counts" ret=0 [ $rr1 -eq 0 ] || { - echo "I:ns1 $rr1 expected 0" + echo_i "ns1 $rr1 expected 0" ret=1 } [ $rr2 -eq 0 ] || { - echo "I:ns2 $rr2 expected 0" + echo_i "ns2 $rr2 expected 0" ret=1 } [ $rr3 -eq 3 ] || { - echo "I:ns3 $rr3 expected 3" + echo_i "ns3 $rr3 expected 3" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking reopened message counts" +echo_i "checking reopened message counts" udp1=`$DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l` tcp1=`$DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l` @@ -256,140 +257,140 @@ cr3=`$DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l` rq3=`$DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l` rr3=`$DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l` -echo "I: checking UDP message counts" +echo_i "checking UDP message counts" ret=0 [ $udp1 -eq 0 ] || { - echo "I:ns1 $udp1 expected 0" + echo_i "ns1 $udp1 expected 0" ret=1 } [ $udp2 -eq 0 ] || { - echo "I:ns2 $udp2 expected 0" + echo_i "ns2 $udp2 expected 0" ret=1 } [ $udp3 -eq 2 ] || { - echo "I:ns3 $udp3 expected 2" + echo_i "ns3 $udp3 expected 2" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking TCP message counts" +echo_i "checking TCP message counts" ret=0 [ $tcp1 -eq 0 ] || { - echo "I:ns1 $tcp1 expected 0" + echo_i "ns1 $tcp1 expected 0" ret=1 } [ $tcp2 -eq 0 ] || { - echo "I:ns2 $tcp2 expected 0" + echo_i "ns2 $tcp2 expected 0" ret=1 } [ $tcp3 -eq 0 ] || { - echo "I:ns3 $tcp3 expected 0" + echo_i "ns3 $tcp3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AUTH_QUERY message counts" +echo_i "checking AUTH_QUERY message counts" ret=0 [ $aq1 -eq 0 ] || { - echo "I:ns1 $aq1 exepcted 0" + echo_i "ns1 $aq1 exepcted 0" ret=1 } [ $aq2 -eq 0 ] || { - echo "I:ns2 $aq2 expected 0" + echo_i "ns2 $aq2 expected 0" ret=1 } [ $aq3 -eq 0 ] || { - echo "I:ns3 $aq3 expected 0" + echo_i "ns3 $aq3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking AUTH_RESPONSE message counts" +echo_i "checking AUTH_RESPONSE message counts" ret=0 [ $ar1 -eq 0 ] || { - echo "I:ns1 $ar1 expected 0" + echo_i "ns1 $ar1 expected 0" ret=1 } [ $ar2 -eq 0 ] || { - echo "I:ns2 $ar2 expected 0" + echo_i "ns2 $ar2 expected 0" ret=1 } [ $ar3 -eq 0 ] || { - echo "I:ns3 $ar3 expected 0" + echo_i "ns3 $ar3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking CLIENT_QUERY message counts" +echo_i "checking CLIENT_QUERY message counts" ret=0 [ $cq1 -eq 0 ] || { - echo "I:ns1 $cq1 expected 0" + echo_i "ns1 $cq1 expected 0" ret=1 } [ $cq2 -eq 0 ] || { - echo "I:ns2 $cq2 expected 0" + echo_i "ns2 $cq2 expected 0" ret=1 } [ $cq3 -eq 1 ] || { - echo "I:ns3 $cq3 expected 1" + echo_i "ns3 $cq3 expected 1" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking CLIENT_RESPONSE message counts" +echo_i "checking CLIENT_RESPONSE message counts" ret=0 [ $cr1 -eq 0 ] || { - echo "I:ns1 $cr1 expected 0" + echo_i "ns1 $cr1 expected 0" ret=1 } [ $cr2 -eq 0 ] || { - echo "I:ns2 $cr2 expected 0" + echo_i "ns2 $cr2 expected 0" ret=1 } [ $cr3 -eq 1 ] || { - echo "I:ns3 $cr3 expected 1" + echo_i "ns3 $cr3 expected 1" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking RESOLVER_QUERY message counts" +echo_i "checking RESOLVER_QUERY message counts" ret=0 [ $rq1 -eq 0 ] || { - echo "I:ns1 $rq1 expected 0" + echo_i "ns1 $rq1 expected 0" ret=1 } [ $rq2 -eq 0 ] || { - echo "I:ns2 $rq2 expected 0" + echo_i "ns2 $rq2 expected 0" ret=1 } [ $rq3 -eq 0 ] || { - echo "I:ns3 $rq3 expected 0" + echo_i "ns3 $rq3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking RESOLVER_RESPONSE message counts" +echo_i "checking RESOLVER_RESPONSE message counts" ret=0 [ $rr1 -eq 0 ] || { - echo "I:ns1 $rr1 expected 0" + echo_i "ns1 $rr1 expected 0" ret=1 } [ $rr2 -eq 0 ] || { - echo "I:ns2 $rr2 expected 0" + echo_i "ns2 $rr2 expected 0" ret=1 } [ $rr3 -eq 0 ] || { - echo "I:ns3 $rr3 expected 0" + echo_i "ns3 $rr3 expected 0" ret=1 } -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` HAS_PYYAML=0 @@ -398,26 +399,28 @@ if [ -n "$PYTHON" ] ; then fi if [ $HAS_PYYAML -ne 0 ] ; then - echo "I:checking dnstap-read YAML output" + echo_i "checking dnstap-read YAML output" ret=0 - $PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1 - if [ $ret != 0 ]; then echo "I: failed"; fi + { + $PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1 + } | cat_i + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` fi -echo "I:checking dnstap-read hex output" +echo_i "checking dnstap-read hex output" ret=0 hex=`$DNSTAPREAD -x ns3/dnstap.out | tail -1` echo $hex | $WIRETEST > dnstap.hex grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3, AUTHORITY: 1' dnstap.hex > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if [ -n "$FSTRM_CAPTURE" ] ; then - $DIG +short @10.53.0.4 -p 5300 a.example > dig.out + $DIG $DIGOPTS @10.53.0.4 a.example > dig.out - echo "I:checking unix socket message counts" + echo_i "checking unix socket message counts" sleep 2 kill $fstrm_capture_pid wait @@ -430,83 +433,83 @@ if [ -n "$FSTRM_CAPTURE" ] ; then rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l` rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l` - echo "I: checking UDP message counts" + echo_i "checking UDP message counts" ret=0 [ $udp4 -eq 2 ] || { - echo "I:ns4 $udp4 expected 2" + echo_i "ns4 $udp4 expected 2" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking TCP message counts" + echo_i "checking TCP message counts" ret=0 [ $tcp4 -eq 0 ] || { - echo "I:ns4 $tcp4 expected 0" + echo_i "ns4 $tcp4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking AUTH_QUERY message counts" + echo_i "checking AUTH_QUERY message counts" ret=0 [ $aq4 -eq 0 ] || { - echo "I:ns4 $aq4 expected 0" + echo_i "ns4 $aq4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking AUTH_RESPONSE message counts" + echo_i "checking AUTH_RESPONSE message counts" ret=0 [ $ar4 -eq 0 ] || { - echo "I:ns4 $ar4 expected 0" + echo_i "ns4 $ar4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking CLIENT_QUERY message counts" + echo_i "checking CLIENT_QUERY message counts" ret=0 [ $cq4 -eq 1 ] || { - echo "I:ns4 $cq4 expected 1" + echo_i "ns4 $cq4 expected 1" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking CLIENT_RESPONSE message counts" + echo_i "checking CLIENT_RESPONSE message counts" ret=0 [ $cr4 -eq 1 ] || { - echo "I:ns4 $cr4 expected 1" + echo_i "ns4 $cr4 expected 1" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking RESOLVER_QUERY message counts" + echo_i "checking RESOLVER_QUERY message counts" ret=0 [ $rq4 -eq 0 ] || { - echo "I:ns4 $rq4 expected 0" + echo_i "ns4 $rq4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking RESOLVER_RESPONSE message counts" + echo_i "checking RESOLVER_RESPONSE message counts" ret=0 [ $rr4 -eq 0 ] || { - echo "I:ns4 $rr4 expected 0" + echo_i "ns4 $rr4 expected 0" ret=1 } mv dnstap.out dnstap.out.save $FSTRM_CAPTURE -t protobuf:dnstap.Dnstap -u ns4/dnstap.out \ -w dnstap.out > fstrm_capture.out 2>&1 & fstrm_capture_pid=$! - $RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/I:ns4 /' - $DIG +short @10.53.0.4 -p 5300 a.example > dig.out + $RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/ns4 /' | cat_i + $DIG $DIGOPTS @10.53.0.4 a.example > dig.out - echo "I:checking reopened unix socket message counts" + echo_i "checking reopened unix socket message counts" sleep 2 kill $fstrm_capture_pid wait @@ -519,76 +522,76 @@ if [ -n "$FSTRM_CAPTURE" ] ; then rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l` rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l` - echo "I: checking UDP message counts" + echo_i "checking UDP message counts" ret=0 [ $udp4 -eq 2 ] || { - echo "I:ns4 $udp4 expected 2" + echo_i "ns4 $udp4 expected 2" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking TCP message counts" + echo_i "checking TCP message counts" ret=0 [ $tcp4 -eq 0 ] || { - echo "I:ns4 $tcp4 expected 0" + echo_i "ns4 $tcp4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking AUTH_QUERY message counts" + echo_i "checking AUTH_QUERY message counts" ret=0 [ $aq4 -eq 0 ] || { - echo "I:ns4 $aq4 expected 0" + echo_i "ns4 $aq4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking AUTH_RESPONSE message counts" + echo_i "checking AUTH_RESPONSE message counts" ret=0 [ $ar4 -eq 0 ] || { - echo "I:ns4 $ar4 expected 0" + echo_i "ns4 $ar4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking CLIENT_QUERY message counts" + echo_i "checking CLIENT_QUERY message counts" ret=0 [ $cq4 -eq 1 ] || { - echo "I:ns4 $cq4 expected 1" + echo_i "ns4 $cq4 expected 1" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking CLIENT_RESPONSE message counts" + echo_i "checking CLIENT_RESPONSE message counts" ret=0 [ $cr4 -eq 1 ] || { - echo "I:ns4 $cr4 expected 1" + echo_i "ns4 $cr4 expected 1" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking RESOLVER_QUERY message counts" + echo_i "checking RESOLVER_QUERY message counts" ret=0 [ $rq4 -eq 0 ] || { - echo "I:ns4 $rq4 expected 0" + echo_i "ns4 $rq4 expected 0" ret=1 } - if [ $ret != 0 ]; then echo "I: failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` - echo "I: checking RESOLVER_RESPONSE message counts" + echo_i "checking RESOLVER_RESPONSE message counts" ret=0 [ $rr4 -eq 0 ] || { - echo "I:ns4 $rr4 expected 0" + echo_i "ns4 $rr4 expected 0" ret=1 } fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnstap/ydump.py b/bin/tests/system/dnstap/ydump.py index 4cfb2f6334..781e2e6ce8 100644 --- a/bin/tests/system/dnstap/ydump.py +++ b/bin/tests/system/dnstap/ydump.py @@ -9,7 +9,7 @@ try: import yaml except: - print("I: No python yaml module, skipping") + print("No python yaml module, skipping") exit(1) import subprocess diff --git a/bin/tests/system/dscp/clean.sh b/bin/tests/system/dscp/clean.sh index 341e347dec..dad74f90f7 100644 --- a/bin/tests/system/dscp/clean.sh +++ b/bin/tests/system/dscp/clean.sh @@ -8,4 +8,5 @@ rm -f */root.bk rm -f dig.out.10.53.0.? rm -f */named.memstats rm -f */named.run +rm -f */named.conf rm -f ns*/named.lock diff --git a/bin/tests/system/dscp/ns1/named.conf b/bin/tests/system/dscp/ns1/named.conf.in similarity index 93% rename from bin/tests/system/dscp/ns1/named.conf rename to bin/tests/system/dscp/ns1/named.conf.in index 5e4796f46d..a78070c822 100644 --- a/bin/tests/system/dscp/ns1/named.conf +++ b/bin/tests/system/dscp/ns1/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 46; query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns2/named.conf b/bin/tests/system/dscp/ns2/named.conf.in similarity index 93% rename from bin/tests/system/dscp/ns2/named.conf rename to bin/tests/system/dscp/ns2/named.conf.in index 5d7f0b46fb..f251d1ddaa 100644 --- a/bin/tests/system/dscp/ns2/named.conf +++ b/bin/tests/system/dscp/ns2/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 46; query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns3/named.conf b/bin/tests/system/dscp/ns3/named.conf.in similarity index 93% rename from bin/tests/system/dscp/ns3/named.conf rename to bin/tests/system/dscp/ns3/named.conf.in index 1782cf2a31..18d1c4ef12 100644 --- a/bin/tests/system/dscp/ns3/named.conf +++ b/bin/tests/system/dscp/ns3/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 46; query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns4/named.conf b/bin/tests/system/dscp/ns4/named.conf.in similarity index 93% rename from bin/tests/system/dscp/ns4/named.conf rename to bin/tests/system/dscp/ns4/named.conf.in index 65be5c662f..9e4272ee08 100644 --- a/bin/tests/system/dscp/ns4/named.conf +++ b/bin/tests/system/dscp/ns4/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 47; query-source dscp 46 address 10.53.0.4; notify-source 10.53.0.4 dscp 46; transfer-source 10.53.0.4 dscp 46; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on dscp 46 { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns5/named.conf b/bin/tests/system/dscp/ns5/named.conf.in similarity index 94% rename from bin/tests/system/dscp/ns5/named.conf rename to bin/tests/system/dscp/ns5/named.conf.in index 79c509f40a..c9c8eaff7f 100644 --- a/bin/tests/system/dscp/ns5/named.conf +++ b/bin/tests/system/dscp/ns5/named.conf.in @@ -6,15 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 47; query-source dscp 46 address 10.53.0.5; notify-source 10.53.0.5 dscp 46; transfer-source 10.53.0.5 dscp 46; alt-transfer-source 10.53.0.5 dscp 46; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on dscp 46 { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns6/named.conf b/bin/tests/system/dscp/ns6/named.conf.in similarity index 93% rename from bin/tests/system/dscp/ns6/named.conf rename to bin/tests/system/dscp/ns6/named.conf.in index 84d192e308..85802568ba 100644 --- a/bin/tests/system/dscp/ns6/named.conf +++ b/bin/tests/system/dscp/ns6/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 47; query-source dscp 46 address 10.53.0.6; notify-source 10.53.0.6 dscp 46; transfer-source 10.53.0.6 dscp 46; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on dscp 46 { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/ns7/named.conf b/bin/tests/system/dscp/ns7/named.conf.in similarity index 95% rename from bin/tests/system/dscp/ns7/named.conf rename to bin/tests/system/dscp/ns7/named.conf.in index cec4de9108..9827dabb2b 100644 --- a/bin/tests/system/dscp/ns7/named.conf +++ b/bin/tests/system/dscp/ns7/named.conf.in @@ -6,15 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { dscp 47; query-source dscp 46 address 10.53.0.7; notify-source 10.53.0.7 dscp 47; transfer-source 10.53.0.7 dscp 47; alt-transfer-source 10.53.0.7 dscp 47; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on dscp 46 { 10.53.0.7; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dscp/setup.sh b/bin/tests/system/dscp/setup.sh new file mode 100644 index 0000000000..b457ad1176 --- /dev/null +++ b/bin/tests/system/dscp/setup.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf diff --git a/bin/tests/system/dscp/tests.sh b/bin/tests/system/dscp/tests.sh index 20c43a5f40..b61181fad6 100644 --- a/bin/tests/system/dscp/tests.sh +++ b/bin/tests/system/dscp/tests.sh @@ -7,7 +7,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp +noadd +nosea +nostat +noquest" +DIGOPTS="+tcp +noadd +nosea +nostat +noquest -p ${PORT}" status=0 @@ -19,17 +19,17 @@ status=0 for server in 10.53.0.1 10.53.0.2 10.53.0.3 10.53.0.4 10.53.0.5 \ 10.53.0.6 10.53.0.7 do - echo "I:testing root SOA lookup at $server" + echo_i "testing root SOA lookup at $server" for i in 0 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG -p 5300 @$server $DIGOPTS soa . > dig.out.$server + $DIG $DIGOPTS @$server soa . > dig.out.$server grep "status: NOERROR" dig.out.$server > /dev/null || ret=1 test $ret = 0 && break sleep 1 done - test $ret = 0 || { echo "I:failed"; status=`expr $status + $ret`; } + test $ret = 0 || { echo_i "failed"; status=`expr $status + $ret`; } done -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dsdigest/clean.sh b/bin/tests/system/dsdigest/clean.sh index f906bbbc6e..a2db72cb0d 100644 --- a/bin/tests/system/dsdigest/clean.sh +++ b/bin/tests/system/dsdigest/clean.sh @@ -12,6 +12,7 @@ rm -f ns1/root.db rm -f ns1/signer.err rm -f ns2/good.db ns2/bad.db rm -f dig.out* +rm -f */named.conf rm -f */named.run rm -f */named.memstats rm -f ns*/named.lock diff --git a/bin/tests/system/dsdigest/ns1/named.conf b/bin/tests/system/dsdigest/ns1/named.conf.in similarity index 96% rename from bin/tests/system/dsdigest/ns1/named.conf rename to bin/tests/system/dsdigest/ns1/named.conf.in index 9374ce43ef..b62812b28b 100644 --- a/bin/tests/system/dsdigest/ns1/named.conf +++ b/bin/tests/system/dsdigest/ns1/named.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - // NS1 controls { /* empty */ }; @@ -16,7 +14,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dsdigest/ns2/named.conf b/bin/tests/system/dsdigest/ns2/named.conf.in similarity index 96% rename from bin/tests/system/dsdigest/ns2/named.conf rename to bin/tests/system/dsdigest/ns2/named.conf.in index b8240ac1ee..4e6d7c9ff9 100644 --- a/bin/tests/system/dsdigest/ns2/named.conf +++ b/bin/tests/system/dsdigest/ns2/named.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - // NS2 controls { /* empty */ }; @@ -16,7 +14,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dsdigest/ns3/named.conf b/bin/tests/system/dsdigest/ns3/named.conf.in similarity index 96% rename from bin/tests/system/dsdigest/ns3/named.conf rename to bin/tests/system/dsdigest/ns3/named.conf.in index af70cfa3cb..5c43bf07eb 100644 --- a/bin/tests/system/dsdigest/ns3/named.conf +++ b/bin/tests/system/dsdigest/ns3/named.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - // NS3 controls { /* empty */ }; @@ -16,7 +14,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dsdigest/ns4/named.conf b/bin/tests/system/dsdigest/ns4/named.conf.in similarity index 96% rename from bin/tests/system/dsdigest/ns4/named.conf rename to bin/tests/system/dsdigest/ns4/named.conf.in index febbf60931..894f287ac4 100644 --- a/bin/tests/system/dsdigest/ns4/named.conf +++ b/bin/tests/system/dsdigest/ns4/named.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - // NS3 controls { /* empty */ }; @@ -16,7 +14,7 @@ options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/dsdigest/prereq.sh b/bin/tests/system/dsdigest/prereq.sh index f64ef4c6ec..f726d1f390 100644 --- a/bin/tests/system/dsdigest/prereq.sh +++ b/bin/tests/system/dsdigest/prereq.sh @@ -16,7 +16,7 @@ $SHELL ../testcrypto.sh -q ecdsa || ecdsafail=1 if [ $gostfail = 0 -a $ecdsafail = 0 ]; then echo both > supported elif [ $gostfail = 1 -a $ecdsafail = 1 ]; then - echo "I:This test requires support for ECDSA or GOST cryptography." >&2 + echo_i "This test requires support for ECDSA or GOST cryptography." >&2 exit 255 elif [ $gostfail = 0 ]; then echo gost > supported diff --git a/bin/tests/system/dsdigest/setup.sh b/bin/tests/system/dsdigest/setup.sh index 740b724543..ea9e25c181 100644 --- a/bin/tests/system/dsdigest/setup.sh +++ b/bin/tests/system/dsdigest/setup.sh @@ -11,4 +11,9 @@ SYSTEMTESTTOP=.. test -r $RANDFILE || $GENRANDOM 800 $RANDFILE +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf + cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/dsdigest/tests.sh b/bin/tests/system/dsdigest/tests.sh index 3f2a0c50d7..3e911cd6c8 100644 --- a/bin/tests/system/dsdigest/tests.sh +++ b/bin/tests/system/dsdigest/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id$ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -15,28 +13,28 @@ status=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" # Check the good. domain -echo "I:checking that validation with enabled digest types works" +echo_i "checking that validation with enabled digest types works" ret=0 $DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1 grep "status: NOERROR" dig.out.good > /dev/null || ret=1 grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # Check the bad. domain -echo "I:checking that validation with no supported digest types and must-be-secure results in SERVFAIL" +echo_i "checking that validation with no supported digest types and must-be-secure results in SERVFAIL" ret=0 $DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1 grep "SERVFAIL" dig.out.bad > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that validation with no supported digest algorithms results in insecure" +echo_i "checking that validation with no supported digest algorithms results in insecure" ret=0 $DIG $DIGOPTS bad. @10.53.0.4 ds > dig.out.ds || ret=1 grep "NOERROR" dig.out.ds > /dev/null || ret=1 @@ -44,8 +42,8 @@ grep "flags:[^;]* ad[ ;]" dig.out.ds > /dev/null || ret=1 $DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1 grep "NOERROR" dig.out.insecure > /dev/null || ret=1 grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dyndb/clean.sh b/bin/tests/system/dyndb/clean.sh index c7195d88ca..5738bd1ab6 100644 --- a/bin/tests/system/dyndb/clean.sh +++ b/bin/tests/system/dyndb/clean.sh @@ -9,6 +9,8 @@ # # Clean up after dyndb tests. # +rm -f */named.conf +rm -f */named.run rm -f ns1/named.memstats rm -f ns1/update.txt rm -f added.a.out.* diff --git a/bin/tests/system/dyndb/ns1/named.conf b/bin/tests/system/dyndb/ns1/named.conf.in similarity index 90% rename from bin/tests/system/dyndb/ns1/named.conf rename to bin/tests/system/dyndb/ns1/named.conf.in index 60ab401b05..a6cbe9f6c1 100644 --- a/bin/tests/system/dyndb/ns1/named.conf +++ b/bin/tests/system/dyndb/ns1/named.conf.in @@ -12,7 +12,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; session-keyfile "session.key"; listen-on { 10.53.0.1; 127.0.0.1; }; @@ -27,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; dyndb sample "../driver/lib/sample.so" { ipv4.example.nil. in-addr.arpa. }; diff --git a/bin/tests/system/dyndb/prereq.sh b/bin/tests/system/dyndb/prereq.sh index 4f39e220d2..4ec63799a4 100644 --- a/bin/tests/system/dyndb/prereq.sh +++ b/bin/tests/system/dyndb/prereq.sh @@ -10,7 +10,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh $FEATURETEST --have-dlopen || { - echo "I:dlopen() not supported - skipping dyndb test" + echo_i "dlopen() not supported - skipping dyndb test" exit 255 } exit 0 diff --git a/bin/tests/system/dyndb/setup.sh b/bin/tests/system/dyndb/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/dyndb/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/dyndb/tests.sh b/bin/tests/system/dyndb/tests.sh index f9f7c29d65..9a4850ddf6 100644 --- a/bin/tests/system/dyndb/tests.sh +++ b/bin/tests/system/dyndb/tests.sh @@ -12,11 +12,12 @@ SYSTEMTESTTOP=.. status=0 n=0 -DIGOPTS="@10.53.0.1 -p 5300" +DIGOPTS="@10.53.0.1 -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" newtest() { n=`expr $n + 1` - echo "${1} (${n})" + echo_i "${1} (${n})" ret=0 } @@ -26,16 +27,16 @@ test_add() { ip="$3" cat < ns1/update.txt -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} ttl 86400 update add $host $type $ip send EOF - newtest "I:adding $host $type $ip" + newtest "adding $host $type $ip" $NSUPDATE ns1/update.txt > /dev/null 2>&1 || { [ "$should_fail" ] || \ - echo "I:update failed for $host $type $ip" + echo_i "update failed for $host $type $ip" return 1 } @@ -44,7 +45,7 @@ EOF lines=`echo "$out" | grep "$ip" | wc -l` [ $lines -eq 1 ] || { [ "$should_fail" ] || \ - echo "I:dig output incorrect for $host $type $cmd: $out" + echo_i "dig output incorrect for $host $type $cmd: $out" return 1 } @@ -53,7 +54,7 @@ EOF lines=`echo "$out" | grep "$host" | wc -l` [ $lines -eq 1 ] || { [ "$should_fail" ] || \ - echo "I:dig reverse output incorrect for $host $type $cmd: $out" + echo_i "dig reverse output incorrect for $host $type $cmd: $out" return 1 } @@ -67,15 +68,15 @@ test_del() { ip=`$DIG $DIGOPTS +short $host $type` cat < ns1/update.txt -server 10.53.0.1 5300 +server 10.53.0.1 ${PORT} update del $host $type send EOF - newtest "I:deleting $host $type (was $ip)" + newtest "deleting $host $type (was $ip)" $NSUPDATE ns1/update.txt > /dev/null 2>&1 || { [ "$should_fail" ] || \ - echo "I:update failed deleting $host $type" + echo_i "update failed deleting $host $type" return 1 } @@ -84,7 +85,7 @@ EOF lines=`echo "$out" | grep "$ip" | wc -l` [ $lines -eq 0 ] || { [ "$should_fail" ] || \ - echo "I:dig output incorrect for $host $type $cmd: $out" + echo_i "dig output incorrect for $host $type $cmd: $out" return 1 } @@ -93,7 +94,7 @@ EOF lines=`echo "$out" | grep "$host" | wc -l` [ $lines -eq 0 ] || { [ "$should_fail" ] || \ - echo "I:dig reverse output incorrect for $host $type $cmd: $out" + echo_i "dig reverse output incorrect for $host $type $cmd: $out" return 1 } @@ -124,13 +125,13 @@ status=`expr $status + $ret` test_del test4.ipv6.example.nil. AAAA || ret=1 status=`expr $status + $ret` -newtest "I:checking parameter logging" +newtest "checking parameter logging" grep "loading params for dyndb 'sample' from .*named.conf:33" ns1/named.run > /dev/null || ret=1 grep "loading params for dyndb 'sample2' from .*named.conf:34" ns1/named.run > /dev/null || ret=1 status=`expr $status + $ret` -echo "I:checking dyndb still works after reload" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload 2>&1 | sed 's/^/I:ns1 /' +echo_i "checking dyndb still works after reload" +$RNDCCMD 10.53.0.1 reload 2>&1 | sed 's/^/ns1 /' | cat_i test_add test5.ipv4.example.nil. A "10.53.0.10" || ret=1 status=`expr $status + $ret` @@ -144,5 +145,5 @@ status=`expr $status + $ret` test_del test6.ipv6.example.nil. AAAA || ret=1 status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/ednscompliance/clean.sh b/bin/tests/system/ednscompliance/clean.sh index a9332d420a..7d8953b3bf 100644 --- a/bin/tests/system/ednscompliance/clean.sh +++ b/bin/tests/system/ednscompliance/clean.sh @@ -8,5 +8,6 @@ rm -f dig.out* rm -f ns*/named.lock +rm -f ns*/named.conf rm -f ns*/named.run rm -f ns*/named.memstats diff --git a/bin/tests/system/ednscompliance/ns1/named.conf b/bin/tests/system/ednscompliance/ns1/named.conf.in similarity index 92% rename from bin/tests/system/ednscompliance/ns1/named.conf rename to bin/tests/system/ednscompliance/ns1/named.conf.in index b9e8122e9d..8acb655f20 100644 --- a/bin/tests/system/ednscompliance/ns1/named.conf +++ b/bin/tests/system/ednscompliance/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -23,4 +21,3 @@ zone "." { type master; file "root.db"; }; - diff --git a/bin/tests/system/ednscompliance/setup.sh b/bin/tests/system/ednscompliance/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/ednscompliance/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/ednscompliance/tests.sh b/bin/tests/system/ednscompliance/tests.sh index 98e5a66ebb..fbff953bfd 100644 --- a/bin/tests/system/ednscompliance/tests.sh +++ b/bin/tests/system/ednscompliance/tests.sh @@ -9,98 +9,100 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="+norec -p ${PORT}" + status=0 n=0 zone=. n=`expr $n + 1` -echo "I:check +edns=100 sets version 100 ($n)" +echo_i "check +edns=100 sets version 100 ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +qr +norec +edns=100 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n grep "EDNS: version: 100," dig.out$n > /dev/null || { ret=1; reason="version"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` ret=0 reason= -echo "I:check +ednsopt=100 adds option 100 ($n)" -$DIG -p 5300 @10.53.0.1 +qr +norec +ednsopt=100 soa $zone > dig.out$n +echo_i "check +ednsopt=100 adds option 100 ($n)" +$DIG $DIGOPTS @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n grep "; OPT=100" dig.out$n > /dev/null || { ret=1; reason="option"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check +ednsflags=0x80 sets flags to 0x0080 ($n)" +echo_i "check +ednsflags=0x80 sets flags to 0x0080 ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +qr +norec +ednsflags=0x80 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n grep "MBZ: 0x0080," dig.out$n > /dev/null || { ret=1; reason="flags"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:Unknown EDNS version ($n)" +echo_i "Unknown EDNS version ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +edns=100 +noednsnegotiation soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reaons="soa"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:Unknown EDNS option ($n)" +echo_i "Unknown EDNS option ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +ednsopt=100 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; } grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:Unknown EDNS version + option ($n)" +echo_i "Unknown EDNS version + option ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; } -if [ $ret != 0 ]; then echo "I:failed: $reason"; fi +if [ $ret != 0 ]; then echo_i "failed: $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:Unknown EDNS flag ($n)" +echo_i "Unknown EDNS flag ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +ednsflags=0x80 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +ednsflags=0x80 soa $zone > dig.out$n grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; } grep ".IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:Unknown EDNS version + flag ($n)" +echo_i "Unknown EDNS version + flag ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:DiG's EDNS negotiation ($n)" +echo_i "DiG's EDNS negotiation ($n)" ret=0 reason= -$DIG -p 5300 @10.53.0.1 +norec +edns=100 soa $zone > dig.out$n +$DIG $DIGOPTS @10.53.0.1 +edns=100 soa $zone > dig.out$n grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="soa"; } -if [ $ret != 0 ]; then echo "I:failed $reason"; fi +if [ $ret != 0 ]; then echo_i "failed $reason"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/emptyzones/ns1/named1.conf b/bin/tests/system/emptyzones/ns1/named1.conf.in similarity index 87% rename from bin/tests/system/emptyzones/ns1/named1.conf rename to bin/tests/system/emptyzones/ns1/named1.conf.in index 008ada3577..08a3391725 100644 --- a/bin/tests/system/emptyzones/ns1/named1.conf +++ b/bin/tests/system/emptyzones/ns1/named1.conf.in @@ -6,22 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */ - key rndc_key { algorithm hmac-sha256; secret "1234abcd8765"; }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.1 dscp 1; notify-source 10.53.0.1 dscp 2; transfer-source 10.53.0.1 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/emptyzones/ns1/named2.conf b/bin/tests/system/emptyzones/ns1/named2.conf.in similarity index 87% rename from bin/tests/system/emptyzones/ns1/named2.conf rename to bin/tests/system/emptyzones/ns1/named2.conf.in index 2d6db54f87..4e447e81e1 100644 --- a/bin/tests/system/emptyzones/ns1/named2.conf +++ b/bin/tests/system/emptyzones/ns1/named2.conf.in @@ -6,22 +6,20 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */ - key rndc_key { algorithm hmac-sha256; secret "1234abcd8765"; }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.1 dscp 1; notify-source 10.53.0.1 dscp 2; transfer-source 10.53.0.1 dscp 3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/emptyzones/setup.sh b/bin/tests/system/emptyzones/setup.sh index 36c65fde93..369ecfb8f6 100644 --- a/bin/tests/system/emptyzones/setup.sh +++ b/bin/tests/system/emptyzones/setup.sh @@ -4,4 +4,8 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -cp -f ns1/named1.conf ns1/named.conf +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named1.conf.in ns1/named.conf diff --git a/bin/tests/system/emptyzones/tests.sh b/bin/tests/system/emptyzones/tests.sh index 1f78bed1bf..5afea2f970 100644 --- a/bin/tests/system/emptyzones/tests.sh +++ b/bin/tests/system/emptyzones/tests.sh @@ -9,28 +9,33 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" + status=0 n=0 n=`expr $n + 1` -echo "I:check that switching to automatic empty zones works ($n)" +echo_i "check that switching to automatic empty zones works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload > /dev/null || ret=1 +$RNDCCMD 10.53.0.1 reload > /dev/null || ret=1 sleep 5 -cp ns1/named2.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reload > /dev/null || ret=1 + +copy_setports ns1/named2.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reload > /dev/null || ret=1 sleep 5 -$DIG +vc version.bind txt ch @10.53.0.1 -p 5300 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi + +$DIG $DIGOPTS +vc version.bind txt ch @10.53.0.1 > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that allow-transfer { none; } works ($n)" +echo_i "check that allow-transfer { none; } works ($n)" ret=0 -$DIG axfr 10.in-addr.arpa @10.53.0.1 -p 5300 +all > dig.out.test$n || ret=1 +$DIG $DIGOPTS axfr 10.in-addr.arpa @10.53.0.1 +all > dig.out.test$n || ret=1 grep "status: REFUSED" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/fetchlimit/ans4/ans.pl b/bin/tests/system/fetchlimit/ans4/ans.pl index c0da4d54e7..0ca46a7da4 100644 --- a/bin/tests/system/fetchlimit/ans4/ans.pl +++ b/bin/tests/system/fetchlimit/ans4/ans.pl @@ -16,8 +16,11 @@ use IO::Socket; use Net::DNS; use Net::DNS::Packet; +my $localport = int($ENV{'PORT'}); +if (!$localport) { $localport = 5300; } + my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.4", - LocalPort => 5300, Proto => "udp") or die "$!"; + LocalPort => $localport, Proto => "udp") or die "$!"; my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; print $pidf "$$\n" or die "cannot write pid file: $!"; diff --git a/bin/tests/system/fetchlimit/clean.sh b/bin/tests/system/fetchlimit/clean.sh index f9404ebf71..28eb3b0fad 100644 --- a/bin/tests/system/fetchlimit/clean.sh +++ b/bin/tests/system/fetchlimit/clean.sh @@ -6,8 +6,8 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -rm -f */named.memstats */ans.run */named.recursing */named.run +rm -f */named.conf */named.memstats */ans.run */named.recursing */named.run rm -f dig.out* rm -f ans4/norespond -rm -f ns3/named.conf ns3/named.stats ns3/named_dump.db +rm -f ns3/named.stats ns3/named_dump.db rm -f burst.input.* diff --git a/bin/tests/system/fetchlimit/ns1/named.conf b/bin/tests/system/fetchlimit/ns1/named.conf.in similarity index 93% rename from bin/tests/system/fetchlimit/ns1/named.conf rename to bin/tests/system/fetchlimit/ns1/named.conf.in index 8a358042e4..dde59939b9 100644 --- a/bin/tests/system/fetchlimit/ns1/named.conf +++ b/bin/tests/system/fetchlimit/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/fetchlimit/ns2/named.conf b/bin/tests/system/fetchlimit/ns2/named.conf.in similarity index 77% rename from bin/tests/system/fetchlimit/ns2/named.conf rename to bin/tests/system/fetchlimit/ns2/named.conf.in index f9c91a3364..f5392a622c 100644 --- a/bin/tests/system/fetchlimit/ns2/named.conf +++ b/bin/tests/system/fetchlimit/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -20,7 +18,15 @@ options { notify yes; }; -include "../../common/controls.conf"; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + zone "example" { type master; diff --git a/bin/tests/system/fetchlimit/ns3/named1.conf b/bin/tests/system/fetchlimit/ns3/named1.conf.in similarity index 89% rename from bin/tests/system/fetchlimit/ns3/named1.conf rename to bin/tests/system/fetchlimit/ns3/named1.conf.in index 6e90bbeb8e..aee7ae0e67 100644 --- a/bin/tests/system/fetchlimit/ns3/named1.conf +++ b/bin/tests/system/fetchlimit/ns3/named1.conf.in @@ -12,7 +12,7 @@ options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -28,7 +28,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/fetchlimit/ns3/named2.conf b/bin/tests/system/fetchlimit/ns3/named2.conf.in similarity index 86% rename from bin/tests/system/fetchlimit/ns3/named2.conf rename to bin/tests/system/fetchlimit/ns3/named2.conf.in index 8e4eec58b0..7895ae971e 100644 --- a/bin/tests/system/fetchlimit/ns3/named2.conf +++ b/bin/tests/system/fetchlimit/ns3/named2.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/fetchlimit/ns3/named3.conf b/bin/tests/system/fetchlimit/ns3/named3.conf.in similarity index 86% rename from bin/tests/system/fetchlimit/ns3/named3.conf rename to bin/tests/system/fetchlimit/ns3/named3.conf.in index 1307bfa434..8769ba4f4f 100644 --- a/bin/tests/system/fetchlimit/ns3/named3.conf +++ b/bin/tests/system/fetchlimit/ns3/named3.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/fetchlimit/setup.sh b/bin/tests/system/fetchlimit/setup.sh index 8ce6d618f7..52f8f9a92e 100644 --- a/bin/tests/system/fetchlimit/setup.sh +++ b/bin/tests/system/fetchlimit/setup.sh @@ -11,4 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -cp -f ns3/named1.conf ns3/named.conf +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named1.conf.in ns3/named.conf diff --git a/bin/tests/system/fetchlimit/tests.sh b/bin/tests/system/fetchlimit/tests.sh index 15788136bd..d5eccbf369 100644 --- a/bin/tests/system/fetchlimit/tests.sh +++ b/bin/tests/system/fetchlimit/tests.sh @@ -9,8 +9,8 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGCMD="$DIG @10.53.0.3 -p 5300 +tries=1 +time=1" -RNDCCMD="$RNDC -p 9953 -s 10.53.0.3 -c ../common/rndc.conf" +DIGCMD="$DIG @10.53.0.3 -p ${PORT} +tries=1 +time=1" +RNDCCMD="$RNDC -p ${CONTROLPORT} -s 10.53.0.3 -c ../common/rndc.conf" burst() { num=${3:-20} @@ -19,21 +19,21 @@ burst() { num=`expr $num - 1` echo "${num}${1}${2}.lamesub.example A" >> burst.input.$$ done - $PERL ../ditch.pl -p 5300 -s 10.53.0.3 burst.input.$$ + $PERL ../ditch.pl -p ${PORT} -s 10.53.0.3 burst.input.$$ rm -f burst.input.$$ } stat() { clients=`$RNDCCMD status | grep "recursive clients" | sed 's;.*: \([^/][^/]*\)/.*;\1;'` - echo "I: clients: $clients" + echo_i "clients: $clients" [ "$clients" = "" ] && return 1 [ "$clients" -le $1 ] } status=0 -echo "I: checking recursing clients are dropped at the per-server limit" +echo_i "checking recursing clients are dropped at the per-server limit" ret=0 # make the server lame and restart $RNDCCMD flush @@ -47,18 +47,19 @@ for try in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do [ $ret -eq 1 ] && break sleep 1 done -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: dumping ADB data" +echo_i "dumping ADB data" $RNDCCMD dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/I: \1 \2/'` -echo $info +info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +echo_i $info set -- $info quota=$5 [ ${5:-200} -lt 200 ] || ret=1 -echo "I: checking servfail statistics" +echo_i "checking servfail statistics" +ret=0 rm -f ns3/named.stats $RNDCCMD stats for try in 1 2 3 4 5; do @@ -70,10 +71,10 @@ sspill=`grep 'spilled due to server' ns3/named.stats | sed 's/\([0-9][0-9]*\) sp fails=`grep 'queries resulted in SERVFAIL' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'` [ -z "$fails" ] && fails=0 [ "$fails" -ge "$sspill" ] || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking lame server recovery" +echo_i "checking lame server recovery" ret=0 rm -f ans4/norespond for try in 1 2 3 4 5; do @@ -83,10 +84,10 @@ for try in 1 2 3 4 5; do sleep 1 done -echo "I: dumping ADB data" +echo_i "dumping ADB data" $RNDCCMD dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/I: \1 \2/'` -echo $info +info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +echo_i $info set -- $info [ ${5:-${quota}} -lt $quota ] || ret=1 quota=$5 @@ -98,23 +99,23 @@ for try in 1 2 3 4 5 6 7 8 9 10; do sleep 1 done -echo "I: dumping ADB data" +echo_i "dumping ADB data" $RNDCCMD dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/I: \1 \2/'` -echo $info +info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +echo_i $info set -- $info [ ${5:-${quota}} -gt $quota ] || ret=1 quota=$5 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -cp -f ns3/named2.conf ns3/named.conf -$RNDCCMD reconfig 2>&1 | sed 's/^/I:ns3 /' +copy_setports ns3/named2.conf.in ns3/named.conf +$RNDCCMD reconfig 2>&1 | sed 's/^/ns3 /' | cat_i -echo "I: checking lame server clients are dropped at the per-domain limit" +echo_i "checking lame server clients are dropped at the per-domain limit" ret=0 fail=0 success=0 @@ -128,14 +129,14 @@ for try in 1 2 3 4 5; do fail=`expr $fail + 1` stat 50 || ret=1 [ $ret -eq 1 ] && break - $RNDCCMD recursing 2>&1 | sed 's/^/I:ns3 /' + $RNDCCMD recursing 2>&1 | sed 's/^/ns3 /' | cat_i sleep 1 done -echo "I: $success successful valid queries, $fail SERVFAIL" -if [ $ret != 0 ]; then echo "I: failed"; fi +echo_i "$success successful valid queries, $fail SERVFAIL" +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I: checking drop statistics" +echo_i "checking drop statistics" rm -f ns3/named.stats $RNDCCMD stats for try in 1 2 3 4 5; do @@ -147,20 +148,20 @@ zspill=`grep 'spilled due to zone' ns3/named.stats | sed 's/\([0-9][0-9]*\) spil drops=`grep 'queries dropped' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'` [ -z "$drops" ] && drops=0 [ "$drops" -ge "$zspill" ] || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -cp -f ns3/named3.conf ns3/named.conf -$RNDCCMD reconfig 2>&1 | sed 's/^/I:ns3 /' +copy_setports ns3/named3.conf.in ns3/named.conf +$RNDCCMD reconfig 2>&1 | sed 's/^/ns3 /' | cat_i -echo "I: checking lame server clients are dropped at the soft limit" +echo_i "checking lame server clients are dropped at the soft limit" ret=0 fail=0 success=0 touch ans4/norespond for try in 1 2 3 4 5; do burst b $try 400 - $DIG @10.53.0.3 -p 5300 a ${try}.example > dig.out.ns3.$try + $DIG @10.53.0.3 -p ${PORT} a ${try}.example > dig.out.ns3.$try stat 360 || ret=1 grep "status: NOERROR" dig.out.ns3.$try > /dev/null 2>&1 && \ success=`expr $success + 1` @@ -169,10 +170,10 @@ for try in 1 2 3 4 5; do [ $ret -eq 1 ] && break sleep 1 done -echo "I: $success successful valid queries, $fail SERVFAIL" +echo_i "$success successful valid queries, $fail SERVFAIL" [ "$success" -eq 5 ] || ret=1 -if [ $ret != 0 ]; then echo "I: failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/filter-aaaa/clean.sh b/bin/tests/system/filter-aaaa/clean.sh index fb17916379..75ef1e7daf 100644 --- a/bin/tests/system/filter-aaaa/clean.sh +++ b/bin/tests/system/filter-aaaa/clean.sh @@ -10,21 +10,15 @@ rm -f ns1/K* rm -f ns1/*.signed rm -f ns1/signer.err rm -f ns1/dsset-* -rm -f ns1/named.run ns1/named.conf -rm -f ns1/named.memstats -rm -f ns2/named.run ns2/named.conf -rm -f ns2/named.memstats - -rm -f ns3/named.run ns3/named.conf -rm -f ns3/named.memstats +rm -f */named.run +rm -f */named.conf +rm -f */named.memstats rm -f ns4/K* rm -f ns4/*.signed rm -f ns4/signer.err rm -f ns4/dsset-* -rm -f ns4/named.run ns4/named.conf -rm -f ns4/named.memstats rm -f dig.out.* rm -f ns*/named.lock diff --git a/bin/tests/system/filter-aaaa/ns1/named1.conf b/bin/tests/system/filter-aaaa/ns1/named1.conf.in similarity index 83% rename from bin/tests/system/filter-aaaa/ns1/named1.conf rename to bin/tests/system/filter-aaaa/ns1/named1.conf.in index 272459c1ed..9adeabcd86 100644 --- a/bin/tests/system/filter-aaaa/ns1/named1.conf +++ b/bin/tests/system/filter-aaaa/ns1/named1.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:15 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { fd92:7065:b8e:ffff::1; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; diff --git a/bin/tests/system/filter-aaaa/ns1/named2.conf b/bin/tests/system/filter-aaaa/ns1/named2.conf.in similarity index 83% rename from bin/tests/system/filter-aaaa/ns1/named2.conf rename to bin/tests/system/filter-aaaa/ns1/named2.conf.in index 411bd830cc..c9ba163dcf 100644 --- a/bin/tests/system/filter-aaaa/ns1/named2.conf +++ b/bin/tests/system/filter-aaaa/ns1/named2.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:15 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { fd92:7065:b8e:ffff::1; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type master; file "root.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh index 1fec719260..8ade43ab90 100755 --- a/bin/tests/system/filter-aaaa/ns1/sign.sh +++ b/bin/tests/system/filter-aaaa/ns1/sign.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: sign.sh,v 1.2 2010/06/22 03:58:37 marka Exp $ - SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -24,4 +22,4 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" diff --git a/bin/tests/system/filter-aaaa/ns2/named1.conf b/bin/tests/system/filter-aaaa/ns2/named1.conf.in similarity index 81% rename from bin/tests/system/filter-aaaa/ns2/named1.conf rename to bin/tests/system/filter-aaaa/ns2/named1.conf.in index 634b46177c..1bfec19477 100644 --- a/bin/tests/system/filter-aaaa/ns2/named1.conf +++ b/bin/tests/system/filter-aaaa/ns2/named1.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { fd92:7065:b8e:ffff::2; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns2/named2.conf b/bin/tests/system/filter-aaaa/ns2/named2.conf.in similarity index 81% rename from bin/tests/system/filter-aaaa/ns2/named2.conf rename to bin/tests/system/filter-aaaa/ns2/named2.conf.in index f6e8308298..a92bfa8649 100644 --- a/bin/tests/system/filter-aaaa/ns2/named2.conf +++ b/bin/tests/system/filter-aaaa/ns2/named2.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { fd92:7065:b8e:ffff::2; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns3/named1.conf b/bin/tests/system/filter-aaaa/ns3/named1.conf.in similarity index 81% rename from bin/tests/system/filter-aaaa/ns3/named1.conf rename to bin/tests/system/filter-aaaa/ns3/named1.conf.in index 3038d6edc7..fc959ee8f3 100644 --- a/bin/tests/system/filter-aaaa/ns3/named1.conf +++ b/bin/tests/system/filter-aaaa/ns3/named1.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { fd92:7065:b8e:ffff::3; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns3/named2.conf b/bin/tests/system/filter-aaaa/ns3/named2.conf.in similarity index 81% rename from bin/tests/system/filter-aaaa/ns3/named2.conf rename to bin/tests/system/filter-aaaa/ns3/named2.conf.in index ab5912b39b..17e952f7d7 100644 --- a/bin/tests/system/filter-aaaa/ns3/named2.conf +++ b/bin/tests/system/filter-aaaa/ns3/named2.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { fd92:7065:b8e:ffff::3; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/filter-aaaa/ns4/named1.conf b/bin/tests/system/filter-aaaa/ns4/named1.conf.in similarity index 83% rename from bin/tests/system/filter-aaaa/ns4/named1.conf rename to bin/tests/system/filter-aaaa/ns4/named1.conf.in index 0a11384e30..b5b8b9a797 100644 --- a/bin/tests/system/filter-aaaa/ns4/named1.conf +++ b/bin/tests/system/filter-aaaa/ns4/named1.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named1.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { fd92:7065:b8e:ffff::4; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type master; file "root.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns4/named2.conf b/bin/tests/system/filter-aaaa/ns4/named2.conf.in similarity index 83% rename from bin/tests/system/filter-aaaa/ns4/named2.conf rename to bin/tests/system/filter-aaaa/ns4/named2.conf.in index 2c8e411cea..2703bfd9ad 100644 --- a/bin/tests/system/filter-aaaa/ns4/named2.conf +++ b/bin/tests/system/filter-aaaa/ns4/named2.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named2.conf,v 1.1.2.1 2012/01/07 03:32:16 each Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { fd92:7065:b8e:ffff::4; }; @@ -31,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { type master; file "root.db"; }; diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh index ebb14d0917..8ade43ab90 100755 --- a/bin/tests/system/filter-aaaa/ns4/sign.sh +++ b/bin/tests/system/filter-aaaa/ns4/sign.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: sign.sh,v 1.2 2010/06/22 03:58:38 marka Exp $ - SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -24,4 +22,4 @@ keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo "I: signed $zone" +echo_i "signed $zone" diff --git a/bin/tests/system/filter-aaaa/setup.sh b/bin/tests/system/filter-aaaa/setup.sh index 959fd0ce47..96a1205774 100644 --- a/bin/tests/system/filter-aaaa/setup.sh +++ b/bin/tests/system/filter-aaaa/setup.sh @@ -13,17 +13,17 @@ $SHELL clean.sh test -r $RANDFILE || $GENRANDOM 800 $RANDFILE -cp ns1/named1.conf ns1/named.conf -cp ns2/named1.conf ns2/named.conf -cp ns3/named1.conf ns3/named.conf -cp ns4/named1.conf ns4/named.conf +copy_setports ns1/named1.conf.in ns1/named.conf +copy_setports ns2/named1.conf.in ns2/named.conf +copy_setports ns3/named1.conf.in ns3/named.conf +copy_setports ns4/named1.conf.in ns4/named.conf if $SHELL ../testcrypto.sh -q then (cd ns1 && $SHELL -e sign.sh) (cd ns4 && $SHELL -e sign.sh) else - echo "I:using pre-signed zones" + echo_i "using pre-signed zones" cp -f ns1/signed.db.presigned ns1/signed.db.signed cp -f ns4/signed.db.presigned ns4/signed.db.signed fi diff --git a/bin/tests/system/filter-aaaa/tests.sh b/bin/tests/system/filter-aaaa/tests.sh index b5df42ef5d..dfc3f332fd 100644 --- a/bin/tests/system/filter-aaaa/tests.sh +++ b/bin/tests/system/filter-aaaa/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.4 2012/01/31 23:47:31 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -16,25 +14,26 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" for conf in conf/good*.conf do n=`expr $n + 1` - echo "I:checking that $conf is accepted ($n)" + echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done for conf in conf/bad*.conf do n=`expr $n + 1` - echo "I:checking that $conf is rejected ($n)" + echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done @@ -44,180 +43,180 @@ done # filter-aaaa { 10.53.0.1; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::1 then ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::1 then ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi @@ -227,168 +226,168 @@ fi # filter-aaaa { 10.53.0.4; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::4 then ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, with break-dnssec ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::4 then ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi @@ -398,164 +397,164 @@ fi # filter-aaaa { 10.53.0.2; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 then ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::2 then ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi @@ -565,182 +564,182 @@ fi # filter-aaaa { 10.53.0.3; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::3 then ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, recursive with break-dnssec ($n)" if $TESTSOCK6 fd92:7065:b8e:ffff::3 then ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else -echo "I: skipped." +echo_i "skipped." fi $TESTSOCK6 fd92:7065:b8e:ffff::1 || { - echo "I:IPv6 address not configured; skipping IPv6 query tests" - echo "I:exit status: $status" + echo_i "IPv6 address not configured; skipping IPv6 query tests" + echo_i "exit status: $status" exit $status } # Reconfiguring for IPv6 tests -echo "I:reconfiguring servers" -cp -f ns1/named2.conf ns1/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' -cp -f ns2/named2.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /' -cp -f ns3/named2.conf ns3/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' -cp -f ns4/named2.conf ns4/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' +echo_i "reconfiguring servers" +copy_setports ns1/named2.conf.in ns1/named.conf +$RNDCCMD 10.53.0.1 reconfig 2>&1 | sed 's/^/ns1 /' | cat_i +copy_setports ns2/named2.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reconfig 2>&1 | sed 's/^/ns2 /' | cat_i +copy_setports ns3/named2.conf.in ns3/named.conf +$RNDCCMD 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i +copy_setports ns4/named2.conf.in ns4/named.conf +$RNDCCMD 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i # BEGIN IPv6 TESTS @@ -750,154 +749,154 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 # filter-aaaa { fd92:7065:b8e:ffff::1; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -907,155 +906,155 @@ status=`expr $status + $ret` # filter-aaaa { fd92:7065:b8e:ffff::4; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, with break-dnssec ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -1065,154 +1064,154 @@ status=`expr $status + $ret` # filter-aaaa { fd92:7065:b8e:ffff::2; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -1222,155 +1221,155 @@ status=`expr $status + $ret` # filter-aaaa { fd92:7065:b8e:ffff::3; }; # n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" +echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" +echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" +echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, recursive with break-dnssec ($n)" +echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/formerr/clean.sh b/bin/tests/system/formerr/clean.sh index 8294485454..f863283998 100644 --- a/bin/tests/system/formerr/clean.sh +++ b/bin/tests/system/formerr/clean.sh @@ -7,6 +7,7 @@ rm -f nametoolong.out rm -f twoquestions.out rm -f noquestions.out +rm -f ns*/named.conf rm -f ns*/named.lock rm -f ns*/named.run rm -f ns*/named.memstats diff --git a/bin/tests/system/formerr/ns1/named.conf b/bin/tests/system/formerr/ns1/named.conf.in similarity index 83% rename from bin/tests/system/formerr/ns1/named.conf rename to bin/tests/system/formerr/ns1/named.conf.in index 62cd0c44d9..14b80cf29d 100644 --- a/bin/tests/system/formerr/ns1/named.conf +++ b/bin/tests/system/formerr/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.15 2009/05/29 23:47:49 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -25,4 +21,3 @@ zone "." { type master; file "root.db"; }; - diff --git a/bin/tests/system/formerr/setup.sh b/bin/tests/system/formerr/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/formerr/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/formerr/tests.sh b/bin/tests/system/formerr/tests.sh index 3e7e14c607..fc30f152e3 100644 --- a/bin/tests/system/formerr/tests.sh +++ b/bin/tests/system/formerr/tests.sh @@ -11,31 +11,31 @@ SYSTEMTESTTOP=.. status=0 -echo "I:test name to long" -$PERL formerr.pl -a 10.53.0.1 -p 5300 nametoolong > nametoolong.out +echo_i "test name to long" +$PERL formerr.pl -a 10.53.0.1 -p ${PORT} nametoolong > nametoolong.out ans=`grep got: nametoolong.out` if [ "${ans}" != "got: 000080010000000000000000" ]; then - echo "I:failed"; status=`expr $status + 1`; + echo_i "failed"; status=`expr $status + 1`; fi -echo "I:two questions" -$PERL formerr.pl -a 10.53.0.1 -p 5300 twoquestions > twoquestions.out +echo_i "two questions" +$PERL formerr.pl -a 10.53.0.1 -p ${PORT} twoquestions > twoquestions.out ans=`grep got: twoquestions.out` if [ "${ans}" != "got: 000080010000000000000000" ]; then - echo "I:failed"; status=`expr $status + 1`; + echo_i "failed"; status=`expr $status + 1`; fi # this one is now NOERROR -echo "I:no questions" -$PERL formerr.pl -a 10.53.0.1 -p 5300 noquestions > noquestions.out +echo_i "no questions" +$PERL formerr.pl -a 10.53.0.1 -p ${PORT} noquestions > noquestions.out ans=`grep got: noquestions.out` if [ "${ans}" != "got: 000080000000000000000000" ]; then - echo "I:failed"; status=`expr $status + 1`; + echo_i "failed"; status=`expr $status + 1`; fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/forward/clean.sh b/bin/tests/system/forward/clean.sh index f9dab05039..768f0cba83 100644 --- a/bin/tests/system/forward/clean.sh +++ b/bin/tests/system/forward/clean.sh @@ -4,12 +4,11 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.6 2007/09/26 03:22:43 marka Exp $ - # # Clean up after forward tests. # rm -f dig.out.* +rm -f */named.conf rm -f */named.memstats rm -f */named.run rm -f ns*/named.lock diff --git a/bin/tests/system/forward/ns1/named.conf b/bin/tests/system/forward/ns1/named.conf.in similarity index 90% rename from bin/tests/system/forward/ns1/named.conf rename to bin/tests/system/forward/ns1/named.conf.in index ba0a1425e4..66fc17f044 100644 --- a/bin/tests/system/forward/ns1/named.conf +++ b/bin/tests/system/forward/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/forward/ns2/named.conf b/bin/tests/system/forward/ns2/named.conf.in similarity index 90% rename from bin/tests/system/forward/ns2/named.conf rename to bin/tests/system/forward/ns2/named.conf.in index 4dd1e34ab5..987da8e868 100644 --- a/bin/tests/system/forward/ns2/named.conf +++ b/bin/tests/system/forward/ns2/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/forward/ns3/named.conf b/bin/tests/system/forward/ns3/named.conf.in similarity index 88% rename from bin/tests/system/forward/ns3/named.conf rename to bin/tests/system/forward/ns3/named.conf.in index 18061f5392..b0e579130b 100644 --- a/bin/tests/system/forward/ns3/named.conf +++ b/bin/tests/system/forward/ns3/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -44,4 +40,3 @@ zone "example3." { forward only; forwarders { }; }; - diff --git a/bin/tests/system/forward/ns4/named.conf b/bin/tests/system/forward/ns4/named.conf.in similarity index 90% rename from bin/tests/system/forward/ns4/named.conf rename to bin/tests/system/forward/ns4/named.conf.in index b95ffab18b..e23503c11a 100644 --- a/bin/tests/system/forward/ns4/named.conf +++ b/bin/tests/system/forward/ns4/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.11 2007/06/19 23:47:03 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/forward/ns5/named.conf b/bin/tests/system/forward/ns5/named.conf.in similarity index 84% rename from bin/tests/system/forward/ns5/named.conf rename to bin/tests/system/forward/ns5/named.conf.in index 5c79fdfb5f..5e37f0fec2 100644 --- a/bin/tests/system/forward/ns5/named.conf +++ b/bin/tests/system/forward/ns5/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/10/13 22:48:23 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/forward/setup.sh b/bin/tests/system/forward/setup.sh new file mode 100644 index 0000000000..01a86be617 --- /dev/null +++ b/bin/tests/system/forward/setup.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh index 9be989354f..bf24c881b5 100644 --- a/bin/tests/system/forward/tests.sh +++ b/bin/tests/system/forward/tests.sh @@ -4,11 +4,11 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.9 2011/10/13 22:48:23 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" + root=10.53.0.1 hidden=10.53.0.2 f1=10.53.0.3 @@ -16,117 +16,117 @@ f2=10.53.0.4 status=0 -echo "I:checking that a forward zone overrides global forwarders" +echo_i "checking that a forward zone overrides global forwarders" ret=0 -$DIG +noadd +noauth txt.example1. txt @$hidden -p 5300 > dig.out.hidden || ret=1 -$DIG +noadd +noauth txt.example1. txt @$f1 -p 5300 > dig.out.f1 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f1 > dig.out.f1 || ret=1 $PERL ../digcomp.pl dig.out.hidden dig.out.f1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a forward first zone no forwarders recurses" +echo_i "checking that a forward first zone no forwarders recurses" ret=0 -$DIG +noadd +noauth txt.example2. txt @$root -p 5300 > dig.out.root || ret=1 -$DIG +noadd +noauth txt.example2. txt @$f1 -p 5300 > dig.out.f1 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1 $PERL ../digcomp.pl dig.out.root dig.out.f1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a forward only zone no forwarders fails" +echo_i "checking that a forward only zone no forwarders fails" ret=0 -$DIG +noadd +noauth txt.example2. txt @$root -p 5300 > dig.out.root || ret=1 -$DIG +noadd +noauth txt.example2. txt @$f1 -p 5300 > dig.out.f1 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f1 > dig.out.f1 || ret=1 $PERL ../digcomp.pl dig.out.root dig.out.f1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that global forwarders work" +echo_i "checking that global forwarders work" ret=0 -$DIG +noadd +noauth txt.example4. txt @$hidden -p 5300 > dig.out.hidden || ret=1 -$DIG +noadd +noauth txt.example4. txt @$f1 -p 5300 > dig.out.f1 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$hidden > dig.out.hidden || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example4. txt @$f1 > dig.out.f1 || ret=1 $PERL ../digcomp.pl dig.out.hidden dig.out.f1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a forward zone works" +echo_i "checking that a forward zone works" ret=0 -$DIG +noadd +noauth txt.example1. txt @$hidden -p 5300 > dig.out.hidden || ret=1 -$DIG +noadd +noauth txt.example1. txt @$f2 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$hidden > dig.out.hidden || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example1. txt @$f2 > dig.out.f2 || ret=1 $PERL ../digcomp.pl dig.out.hidden dig.out.f2 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that forwarding doesn't spontaneously happen" +echo_i "checking that forwarding doesn't spontaneously happen" ret=0 -$DIG +noadd +noauth txt.example2. txt @$root -p 5300 > dig.out.root || ret=1 -$DIG +noadd +noauth txt.example2. txt @$f2 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$root > dig.out.root || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example2. txt @$f2 > dig.out.f2 || ret=1 $PERL ../digcomp.pl dig.out.root dig.out.f2 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a forward zone with no specified policy works" +echo_i "checking that a forward zone with no specified policy works" ret=0 -$DIG +noadd +noauth txt.example3. txt @$hidden -p 5300 > dig.out.hidden || ret=1 -$DIG +noadd +noauth txt.example3. txt @$f2 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$hidden > dig.out.hidden || ret=1 +$DIG $DIGOPTS +noadd +noauth txt.example3. txt @$f2 > dig.out.f2 || ret=1 $PERL ../digcomp.pl dig.out.hidden dig.out.f2 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that a forward only doesn't recurse" +echo_i "checking that a forward only doesn't recurse" ret=0 -$DIG txt.example5. txt @$f2 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS txt.example5. txt @$f2 > dig.out.f2 || ret=1 grep "SERVFAIL" dig.out.f2 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking for negative caching of forwarder response" +echo_i "checking for negative caching of forwarder response" # prime the cache, shutdown the forwarder then check that we can # get the answer from the cache. restart forwarder. ret=0 -$DIG nonexist. txt @10.53.0.5 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1 grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1 $PERL ../stop.pl . ns4 || ret=1 -$DIG nonexist. txt @10.53.0.5 -p 5300 > dig.out.f2 || ret=1 +$DIG $DIGOPTS nonexist. txt @10.53.0.5 > dig.out.f2 || ret=1 grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1 -$PERL ../start.pl --restart --noclean . ns4 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +$PERL ../start.pl --restart --noclean --port ${PORT} . ns4 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that forward only zone overrides empty zone" +echo_i "checking that forward only zone overrides empty zone" ret=0 -$DIG 1.0.10.in-addr.arpa TXT @10.53.0.4 -p 5300 > dig.out.f2 +$DIG $DIGOPTS 1.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2 grep "status: NOERROR" dig.out.f2 > /dev/null || ret=1 -$DIG 2.0.10.in-addr.arpa TXT @10.53.0.4 -p 5300 > dig.out.f2 +$DIG $DIGOPTS 2.0.10.in-addr.arpa TXT @10.53.0.4 > dig.out.f2 grep "status: NXDOMAIN" dig.out.f2 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that DS lookups for grafting forward zones are isolated" +echo_i "checking that DS lookups for grafting forward zones are isolated" ret=0 -$DIG grafted A @10.53.0.4 -p 5300 > dig.out.q1 -$DIG grafted DS @10.53.0.4 -p 5300 > dig.out.q2 -$DIG grafted A @10.53.0.4 -p 5300 > dig.out.q3 -$DIG grafted AAAA @10.53.0.4 -p 5300 > dig.out.q4 +$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q1 +$DIG $DIGOPTS grafted DS @10.53.0.4 > dig.out.q2 +$DIG $DIGOPTS grafted A @10.53.0.4 > dig.out.q3 +$DIG $DIGOPTS grafted AAAA @10.53.0.4 > dig.out.q4 grep "status: NOERROR" dig.out.q1 > /dev/null || ret=1 grep "status: NXDOMAIN" dig.out.q2 > /dev/null || ret=1 grep "status: NOERROR" dig.out.q3 > /dev/null || ret=1 grep "status: NOERROR" dig.out.q4 > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that rfc1918 inherited 'forward first;' zones are warned about" +echo_i "checking that rfc1918 inherited 'forward first;' zones are warned about" ret=0 $CHECKCONF rfc1918-inherited.conf | grep "forward first;" >/dev/null || ret=1 $CHECKCONF rfc1918-notinherited.conf | grep "forward first;" >/dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that ULA inherited 'forward first;' zones are warned about" +echo_i "checking that ULA inherited 'forward first;' zones are warned about" ret=0 $CHECKCONF ula-inherited.conf | grep "forward first;" >/dev/null || ret=1 $CHECKCONF ula-notinherited.conf | grep "forward first;" >/dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/geoip/ns2/named1.conf b/bin/tests/system/geoip/ns2/named1.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named1.conf rename to bin/tests/system/geoip/ns2/named1.conf.in index 41c4d0576d..95e3a5f19e 100644 --- a/bin/tests/system/geoip/ns2/named1.conf +++ b/bin/tests/system/geoip/ns2/named1.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named10.conf b/bin/tests/system/geoip/ns2/named10.conf.in similarity index 93% rename from bin/tests/system/geoip/ns2/named10.conf rename to bin/tests/system/geoip/ns2/named10.conf.in index 497d8081e4..c27dd1e857 100644 --- a/bin/tests/system/geoip/ns2/named10.conf +++ b/bin/tests/system/geoip/ns2/named10.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named11.conf b/bin/tests/system/geoip/ns2/named11.conf.in similarity index 93% rename from bin/tests/system/geoip/ns2/named11.conf rename to bin/tests/system/geoip/ns2/named11.conf.in index ba235d259a..fe883bbd6d 100644 --- a/bin/tests/system/geoip/ns2/named11.conf +++ b/bin/tests/system/geoip/ns2/named11.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named12.conf b/bin/tests/system/geoip/ns2/named12.conf.in similarity index 92% rename from bin/tests/system/geoip/ns2/named12.conf rename to bin/tests/system/geoip/ns2/named12.conf.in index 4be861a2d2..fc22b18a65 100644 --- a/bin/tests/system/geoip/ns2/named12.conf +++ b/bin/tests/system/geoip/ns2/named12.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named13.conf b/bin/tests/system/geoip/ns2/named13.conf.in similarity index 86% rename from bin/tests/system/geoip/ns2/named13.conf rename to bin/tests/system/geoip/ns2/named13.conf.in index 19bab1e10f..561c103fed 100644 --- a/bin/tests/system/geoip/ns2/named13.conf +++ b/bin/tests/system/geoip/ns2/named13.conf.in @@ -8,8 +8,6 @@ // NS2 -controls { /* empty */ }; - acl blocking { geoip db country country AU; }; @@ -18,7 +16,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -33,5 +31,5 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; diff --git a/bin/tests/system/geoip/ns2/named14.conf b/bin/tests/system/geoip/ns2/named14.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named14.conf rename to bin/tests/system/geoip/ns2/named14.conf.in index 8ab2541a9b..1d4c8cb96d 100644 --- a/bin/tests/system/geoip/ns2/named14.conf +++ b/bin/tests/system/geoip/ns2/named14.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 127.0.0.1; 10.53.0.2; }; listen-on-v6 { none; }; @@ -29,7 +27,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; acl gAU { geoip db country country AU; }; diff --git a/bin/tests/system/geoip/ns2/named15.conf b/bin/tests/system/geoip/ns2/named15.conf.in similarity index 88% rename from bin/tests/system/geoip/ns2/named15.conf rename to bin/tests/system/geoip/ns2/named15.conf.in index b7db78e984..3e86d7dae0 100644 --- a/bin/tests/system/geoip/ns2/named15.conf +++ b/bin/tests/system/geoip/ns2/named15.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { fd92:7065:b8e:ffff::2; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view two { diff --git a/bin/tests/system/geoip/ns2/named2.conf b/bin/tests/system/geoip/ns2/named2.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named2.conf rename to bin/tests/system/geoip/ns2/named2.conf.in index f208ee3e20..0fe7589c60 100644 --- a/bin/tests/system/geoip/ns2/named2.conf +++ b/bin/tests/system/geoip/ns2/named2.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named3.conf b/bin/tests/system/geoip/ns2/named3.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named3.conf rename to bin/tests/system/geoip/ns2/named3.conf.in index 866e7d3033..1a131508a4 100644 --- a/bin/tests/system/geoip/ns2/named3.conf +++ b/bin/tests/system/geoip/ns2/named3.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named4.conf b/bin/tests/system/geoip/ns2/named4.conf.in similarity index 93% rename from bin/tests/system/geoip/ns2/named4.conf rename to bin/tests/system/geoip/ns2/named4.conf.in index 01299cd01a..9fb4afc416 100644 --- a/bin/tests/system/geoip/ns2/named4.conf +++ b/bin/tests/system/geoip/ns2/named4.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named5.conf b/bin/tests/system/geoip/ns2/named5.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named5.conf rename to bin/tests/system/geoip/ns2/named5.conf.in index 8871682403..b6de81dbc4 100644 --- a/bin/tests/system/geoip/ns2/named5.conf +++ b/bin/tests/system/geoip/ns2/named5.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named6.conf b/bin/tests/system/geoip/ns2/named6.conf.in similarity index 93% rename from bin/tests/system/geoip/ns2/named6.conf rename to bin/tests/system/geoip/ns2/named6.conf.in index 2311633af1..9e886c3820 100644 --- a/bin/tests/system/geoip/ns2/named6.conf +++ b/bin/tests/system/geoip/ns2/named6.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { fd92:7065:b8e:ffff::1; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named7.conf b/bin/tests/system/geoip/ns2/named7.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named7.conf rename to bin/tests/system/geoip/ns2/named7.conf.in index 0b97df90d5..0aa4e447b3 100644 --- a/bin/tests/system/geoip/ns2/named7.conf +++ b/bin/tests/system/geoip/ns2/named7.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named8.conf b/bin/tests/system/geoip/ns2/named8.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named8.conf rename to bin/tests/system/geoip/ns2/named8.conf.in index 1de5bd977c..4fefb8a26d 100644 --- a/bin/tests/system/geoip/ns2/named8.conf +++ b/bin/tests/system/geoip/ns2/named8.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/ns2/named9.conf b/bin/tests/system/geoip/ns2/named9.conf.in similarity index 94% rename from bin/tests/system/geoip/ns2/named9.conf rename to bin/tests/system/geoip/ns2/named9.conf.in index c98dffe849..7214b9ed47 100644 --- a/bin/tests/system/geoip/ns2/named9.conf +++ b/bin/tests/system/geoip/ns2/named9.conf.in @@ -8,13 +8,11 @@ // NS2 -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; @@ -28,7 +26,7 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view one { diff --git a/bin/tests/system/geoip/prereq.sh b/bin/tests/system/geoip/prereq.sh index 41045d8a98..b84d57ad07 100644 --- a/bin/tests/system/geoip/prereq.sh +++ b/bin/tests/system/geoip/prereq.sh @@ -10,7 +10,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh $FEATURETEST --have-geoip || { - echo "I:This test requires GeoIP support." >&2 + echo_i "This test requires GeoIP support." >&2 exit 255 } exit 0 diff --git a/bin/tests/system/geoip/setup.sh b/bin/tests/system/geoip/setup.sh index eb3a3eed75..77218489e5 100644 --- a/bin/tests/system/geoip/setup.sh +++ b/bin/tests/system/geoip/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -cp ns2/named1.conf ns2/named.conf +copy_setports ns2/named1.conf.in ns2/named.conf for i in 1 2 3 4 5 6 7 other bogus; do cp ns2/example.db.in ns2/example${i}.db diff --git a/bin/tests/system/geoip/tests.sh b/bin/tests/system/geoip/tests.sh index 8361e6bbd0..32cac888b5 100644 --- a/bin/tests/system/geoip/tests.sh +++ b/bin/tests/system/geoip/tests.sh @@ -14,11 +14,12 @@ n=0 rm -f dig.out.* -DIGOPTS="+tcp +short -p 5300 @10.53.0.2" -DIGOPTS6="+tcp +short -p 5300 @fd92:7065:b8e:ffff::2" +DIGOPTS="+tcp +short -p ${PORT} @10.53.0.2" +DIGOPTS6="+tcp +short -p ${PORT} @fd92:7065:b8e:ffff::2" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" n=`expr $n + 1` -echo "I:checking GeoIP country database by code ($n)" +echo_i "checking GeoIP country database by code ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -28,11 +29,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP country database by code (using client subnet) ($n)" +echo_i "checking GeoIP country database by code (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -42,26 +43,26 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking response scope using client subnet ($n)" +echo_i "checking response scope using client subnet ($n)" ret=0 -$DIG +tcp -p5300 @10.53.0.2 txt example -b 127.0.0.1 +subnet="10.53.0.1/32" > dig.out.ns2.test$n.1 || ret=1 +$DIG +tcp -p ${PORT} @10.53.0.2 txt example -b 127.0.0.1 +subnet="10.53.0.1/32" > dig.out.ns2.test$n.1 || ret=1 grep 'CLIENT-SUBNET.*10.53.0.1/32/32' dig.out.ns2.test$n.1 > /dev/null || ret=1 -$DIG +tcp -p5300 @10.53.0.2 txt example -b 127.0.0.1 +subnet="192.0.2.64/32" > dig.out.ns2.test$n.2 || ret=1 +$DIG +tcp -p ${PORT} @10.53.0.2 txt example -b 127.0.0.1 +subnet="192.0.2.64/32" > dig.out.ns2.test$n.2 || ret=1 grep 'CLIENT-SUBNET.*192.0.2.64/32/24' dig.out.ns2.test$n.2 > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named2.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named2.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP country database by three-letter code ($n)" +echo_i "checking GeoIP country database by three-letter code ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -71,16 +72,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named3.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named3.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP country database by name ($n)" +echo_i "checking GeoIP country database by name ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -90,16 +91,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named4.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named4.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP region code, no specified database ($n)" +echo_i "checking GeoIP region code, no specified database ($n)" ret=0 lret=0 # skipping 2 on purpose here; it has the same region code as 1 @@ -110,16 +111,16 @@ for i in 1 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named5.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named5.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP region database by region name and country code ($n)" +echo_i "checking GeoIP region database by region name and country code ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -129,11 +130,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP region database (using client subnet) ($n)" +echo_i "checking GeoIP region database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -143,29 +144,29 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named6.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named6.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 if $TESTSOCK6 fd92:7065:b8e:ffff::3 then n=`expr $n + 1` - echo "I:checking GeoIP city database by city name using IPv6 ($n)" + echo_i "checking GeoIP city database by city name using IPv6 ($n)" ret=0 - $DIG +tcp +short -p 5300 @fd92:7065:b8e:ffff::1 -6 txt example -b fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 - [ $ret -eq 0 ] || echo "I:failed" + $DIG +tcp +short -p ${PORT} @fd92:7065:b8e:ffff::1 -6 txt example -b fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 + [ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` else - echo "I:IPv6 unavailable; skipping" + echo_i "IPv6 unavailable; skipping" fi n=`expr $n + 1` -echo "I:checking GeoIP city database by city name ($n)" +echo_i "checking GeoIP city database by city name ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -175,11 +176,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP city database (using client subnet) ($n)" +echo_i "checking GeoIP city database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -189,16 +190,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named7.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named7.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP isp database ($n)" +echo_i "checking GeoIP isp database ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -208,11 +209,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP isp database (using client subnet) ($n)" +echo_i "checking GeoIP isp database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -222,16 +223,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named8.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named8.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP org database ($n)" +echo_i "checking GeoIP org database ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -241,11 +242,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP org database (using client subnet) ($n)" +echo_i "checking GeoIP org database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -255,16 +256,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named9.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named9.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP asnum database ($n)" +echo_i "checking GeoIP asnum database ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -274,11 +275,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP asnum database (using client subnet) ($n)" +echo_i "checking GeoIP asnum database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -288,16 +289,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named10.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named10.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP asnum database - ASNNNN only ($n)" +echo_i "checking GeoIP asnum database - ASNNNN only ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -307,11 +308,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP asnum database - ASNNNN only (using client subnet) ($n)" +echo_i "checking GeoIP asnum database - ASNNNN only (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -321,16 +322,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named11.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named11.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP domain database ($n)" +echo_i "checking GeoIP domain database ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -340,11 +341,11 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP domain database (using client subnet) ($n)" +echo_i "checking GeoIP domain database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -354,16 +355,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named12.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named12.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP netspeed database ($n)" +echo_i "checking GeoIP netspeed database ($n)" ret=0 lret=0 for i in 1 2 3 4; do @@ -373,11 +374,11 @@ for i in 1 2 3 4; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP netspeed database (using client subnet) ($n)" +echo_i "checking GeoIP netspeed database (using client subnet) ($n)" ret=0 lret=0 for i in 1 2 3 4; do @@ -387,29 +388,29 @@ for i in 1 2 3 4; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named13.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named13.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP blackhole ACL ($n)" +echo_i "checking GeoIP blackhole ACL ($n)" ret=0 $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 status 2>&1 > rndc.out.ns2.test$n || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +$RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1 +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named14.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named14.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking GeoIP country database by code (using nested ACLs) ($n)" +echo_i "checking GeoIP country database by code (using nested ACLs) ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -419,16 +420,16 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:reloading server" -cp -f ns2/named14.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server" +copy_setports ns2/named14.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 n=`expr $n + 1` -echo "I:checking geoip-use-ecs ($n)" +echo_i "checking geoip-use-ecs ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do @@ -443,20 +444,20 @@ for i in 1 2 3 4 5 6 7; do [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:reloading server with different geoip-directory ($n)" -cp -f ns2/named15.conf ns2/named.conf -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +echo_i "reloading server with different geoip-directory ($n)" +copy_setports ns2/named15.conf.in ns2/named.conf +$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i sleep 3 awk '/using "..\/data2" as GeoIP directory/ {m=1} ; { if (m>0) { print } }' ns2/named.run | grep "GeoIP City .* DB not available" > /dev/null || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking GeoIP v4/v6 when only IPv6 database is available ($n)" +echo_i "checking GeoIP v4/v6 when only IPv6 database is available ($n)" ret=0 $DIG $DIGOPTS -4 txt example -b 10.53.0.2 > dig.out.ns2.test$n.1 || ret=1 j=`cat dig.out.ns2.test$n.1 | tr -d '"'` @@ -466,15 +467,15 @@ if $TESTSOCK6 fd92:7065:b8e:ffff::2; then j=`cat dig.out.ns2.test$n.2 | tr -d '"'` [ "$j" = "2" ] || ret=1 fi -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking other GeoIP options are parsed correctly ($n)" +echo_i "checking other GeoIP options are parsed correctly ($n)" ret=0 $CHECKCONF options.conf || ret=1 -[ $ret -eq 0 ] || echo "I:failed" +[ $ret -eq 0 ] || echo_i "failed" status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/glue/clean.sh b/bin/tests/system/glue/clean.sh index 6978f03e33..c547cb9326 100644 --- a/bin/tests/system/glue/clean.sh +++ b/bin/tests/system/glue/clean.sh @@ -6,13 +6,12 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.9 2007/09/26 03:22:43 marka Exp $ - # # Clean up after glue tests. # rm -f dig.out ns1/cache +rm -f */named.conf rm -f */named.memstats rm -f */named.run rm -f ns*/named.lock diff --git a/bin/tests/system/glue/ns1/named.conf b/bin/tests/system/glue/ns1/named.conf.in similarity index 88% rename from bin/tests/system/glue/ns1/named.conf rename to bin/tests/system/glue/ns1/named.conf.in index 1494df76e2..e93db18f7e 100644 --- a/bin/tests/system/glue/ns1/named.conf +++ b/bin/tests/system/glue/ns1/named.conf.in @@ -6,15 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.17 2009/01/30 23:47:50 tbox Exp $ */ - -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/glue/setup.sh b/bin/tests/system/glue/setup.sh index a856261f15..9dfd4fb8f6 100644 --- a/bin/tests/system/glue/setup.sh +++ b/bin/tests/system/glue/setup.sh @@ -6,6 +6,10 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: setup.sh,v 1.6 2007/06/19 23:47:03 tbox Exp $ +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf cd ns1 && cp -f cache.in cache diff --git a/bin/tests/system/glue/tests.sh b/bin/tests/system/glue/tests.sh index 4f8a753463..531793dfdb 100644 --- a/bin/tests/system/glue/tests.sh +++ b/bin/tests/system/glue/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.9 2007/06/19 23:47:03 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -15,15 +13,17 @@ SYSTEMTESTTOP=.. # Do glue tests. # +DIGOPTS="+norec -p ${PORT}" + status=0 -echo "I:testing that a ccTLD referral gets a full glue set from the root zone" -$DIG +norec @10.53.0.1 -p 5300 foo.bar.fi. A >dig.out || status=1 +echo_i "testing that a ccTLD referral gets a full glue set from the root zone" +$DIG $DIGOPTS @10.53.0.1 foo.bar.fi. A >dig.out || status=1 $PERL ../digcomp.pl --lc fi.good dig.out || status=1 -echo "I:testing that we don't find out-of-zone glue" -$DIG +norec @10.53.0.1 -p 5300 example.net. a > dig.out || status=1 +echo_i "testing that we don't find out-of-zone glue" +$DIG $DIGOPTS @10.53.0.1 example.net. a > dig.out || status=1 $PERL ../digcomp.pl noglue.good dig.out || status=1 -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index 681c0dccf9..184191cc82 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -4,6 +4,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +rm -f */named.conf rm -f */named.memstats rm -f */named.run rm -f */trusted.conf @@ -75,7 +76,6 @@ rm -f ns4/K* rm -f ns4/noixfr.db rm -f ns4/noixfr.db.jnl rm -f ns5/K* -rm -f ns5/named.conf rm -f ns5/bits.bk rm -f ns5/bits.bk.jnl rm -f ns5/bits.bk.signed diff --git a/bin/tests/system/inline/ns1/named.conf b/bin/tests/system/inline/ns1/named.conf.in similarity index 89% rename from bin/tests/system/inline/ns1/named.conf rename to bin/tests/system/inline/ns1/named.conf.in index 41474ea26b..2f3fffc3db 100644 --- a/bin/tests/system/inline/ns1/named.conf +++ b/bin/tests/system/inline/ns1/named.conf.in @@ -6,8 +6,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/10/25 01:54:20 marka Exp $ */ - // NS1 controls { /* empty */ }; @@ -16,7 +14,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns2/named.conf b/bin/tests/system/inline/ns2/named.conf.in similarity index 88% rename from bin/tests/system/inline/ns2/named.conf rename to bin/tests/system/inline/ns2/named.conf.in index b63d8ead6a..391395c677 100644 --- a/bin/tests/system/inline/ns2/named.conf +++ b/bin/tests/system/inline/ns2/named.conf.in @@ -6,19 +6,19 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.4 2012/02/23 07:09:28 tbox Exp $ */ - // NS2 include "../../common/rndc.key"; -controls { inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns3/named.conf b/bin/tests/system/inline/ns3/named.conf.in similarity index 93% rename from bin/tests/system/inline/ns3/named.conf rename to bin/tests/system/inline/ns3/named.conf.in index 052fbe21ac..0a11511a3f 100644 --- a/bin/tests/system/inline/ns3/named.conf +++ b/bin/tests/system/inline/ns3/named.conf.in @@ -6,19 +6,19 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.8 2012/02/23 06:53:15 marka Exp $ */ - // NS3 include "../../common/rndc.key"; -controls { inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns4/named.conf b/bin/tests/system/inline/ns4/named.conf.in similarity index 84% rename from bin/tests/system/inline/ns4/named.conf rename to bin/tests/system/inline/ns4/named.conf.in index a5532a09cf..d30bda7b1a 100644 --- a/bin/tests/system/inline/ns4/named.conf +++ b/bin/tests/system/inline/ns4/named.conf.in @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.2 2011/08/30 23:46:52 tbox Exp $ */ - -// NS2 - -controls { /* empty */ }; +// NS4 options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns5/named.conf.post b/bin/tests/system/inline/ns5/named.conf.post index f66eeb88f0..7f6a8b9713 100644 --- a/bin/tests/system/inline/ns5/named.conf.post +++ b/bin/tests/system/inline/ns5/named.conf.post @@ -6,19 +6,19 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id$ */ - // NS5 include "../../common/rndc.key"; -controls { inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns5/named.conf.pre b/bin/tests/system/inline/ns5/named.conf.pre index c17d7694a1..94255fa3d8 100644 --- a/bin/tests/system/inline/ns5/named.conf.pre +++ b/bin/tests/system/inline/ns5/named.conf.pre @@ -6,19 +6,19 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf.pre,v 1.2 2011/10/12 00:10:20 marka Exp $ */ - // NS5 include "../../common/rndc.key"; -controls { inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns6/named.conf b/bin/tests/system/inline/ns6/named.conf.in similarity index 81% rename from bin/tests/system/inline/ns6/named.conf rename to bin/tests/system/inline/ns6/named.conf.in index 146f142035..20ad53002e 100644 --- a/bin/tests/system/inline/ns6/named.conf +++ b/bin/tests/system/inline/ns6/named.conf.in @@ -6,19 +6,19 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.2 2011/10/25 01:54:21 marka Exp $ */ - // NS6 include "../../common/rndc.key"; -controls { inet 10.53.0.6 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.6; notify-source 10.53.0.6; transfer-source 10.53.0.6; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/ns7/named.conf b/bin/tests/system/inline/ns7/named.conf.in similarity index 93% rename from bin/tests/system/inline/ns7/named.conf rename to bin/tests/system/inline/ns7/named.conf.in index c92e9843ff..4540b9aed3 100644 --- a/bin/tests/system/inline/ns7/named.conf +++ b/bin/tests/system/inline/ns7/named.conf.in @@ -24,13 +24,15 @@ include "../../common/rndc.key"; -controls { inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; }; }; +controls { + inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; options { query-source address 10.53.0.7; notify-source 10.53.0.7; transfer-source 10.53.0.7; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.7; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh index fd3badc59e..f53833fd3b 100644 --- a/bin/tests/system/inline/setup.sh +++ b/bin/tests/system/inline/setup.sh @@ -33,7 +33,13 @@ touch ns4/trusted.conf cp ns4/noixfr.db.in ns4/noixfr.db rm -f ns4/noixfr.db.jnl -cp ns5/named.conf.pre ns5/named.conf +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.pre ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf (cd ns3; $SHELL -e sign.sh) (cd ns1; $SHELL -e sign.sh) diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 587ae2eaaa..18342d66a0 100755 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -9,16 +9,17 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -DIGOPTS="+tcp +dnssec" +DIGOPTS="+tcp +dnssec -p ${PORT}" +RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" status=0 n=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 for i in 1 2 3 4 5 6 7 8 9 0 do - nsec3param=`$DIG +short @10.53.0.3 -p 5300 nsec3param nsec3.` + nsec3param=`$DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param nsec3.` test "$nsec3param" = "1 0 0 -" && break sleep 1 done @@ -27,400 +28,400 @@ done for i in 1 2 3 4 5 6 7 8 9 0 do ans=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - retransfer3 > /dev/null 2>&1 || ans=1 + $RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - retransfer3 > /dev/null 2>&1 || ans=1 [ $ans = 0 ] && break + sleep 1 done for i in 1 2 3 4 5 6 7 8 9 0 do - nsec3param=`$DIG +short @10.53.0.3 -p 5300 nsec3param retransfer3.` + nsec3param=`$DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param retransfer3.` test "$nsec3param" = "1 0 0 -" && break sleep 1 done n=`expr $n + 1` -echo "I:checking that rrsigs are replaced with ksk only ($n)" +echo_i "checking that rrsigs are replaced with ksk only ($n)" ret=0 -$DIG @10.53.0.3 -p 5300 axfr nsec3. | +$DIG $DIGOPTS @10.53.0.3 axfr nsec3. | awk '/RRSIG NSEC3/ {a[$1]++} END { for (i in a) {if (a[i] != 1) exit (1)}}' || ret=1 -#$DIG @10.53.0.3 -p 5300 axfr nsec3. | grep -w NSEC | grep -v "IN.RRSIG.NSEC" -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that the zone is signed on initial transfer ($n)" +echo_i "checking that the zone is signed on initial transfer ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 keys=`grep '^Done signing' signing.out.test$n | wc -l` [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking expired signatures are updated on load ($n)" +echo_i "checking expired signatures are updated on load ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 -p 5300 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n expiry=`awk '$4 == "RRSIG" { print $9 }' dig.out.ns3.test$n` [ "$expiry" = "20110101000000" ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking removal of private type record via 'rndc signing -clear' ($n)" +echo_i "checking removal of private type record via 'rndc signing -clear' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list bits > signing.out.test$n 2>&1 +$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 keys=`sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n` for key in $keys; do - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear ${key} bits > /dev/null || ret=1 + $RNDCCMD 10.53.0.3 signing -clear ${key} bits > /dev/null || ret=1 break; # We only want to remove 1 record for now. -done 2>&1 |sed 's/^/I:ns3 /' +done 2>&1 |sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 num=`grep "Done signing with" signing.out.test$n | wc -l` [ $num = 1 ] && break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking private type was properly signed ($n)" +echo_i "checking private type was properly signed ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.6 -p 5300 bits TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking removal of remaining private type record via 'rndc signing -clear all' ($n)" +echo_i "checking removal of remaining private type record via 'rndc signing -clear all' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all bits > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -clear all bits > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 grep "No signing records found" signing.out.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking negative private type response was properly signed ($n)" +echo_i "checking negative private type response was properly signed ($n)" ret=0 sleep 1 -$DIG $DIGOPTS @10.53.0.6 -p 5300 bits TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone bits -server 10.53.0.2 5300 +server 10.53.0.2 ${PORT} update add added.bits 0 A 1.2.3.4 send EOF n=`expr $n + 1` -echo "I:checking that the record is added on the hidden master ($n)" +echo_i "checking that the record is added on the hidden master ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.2 -p 5300 added.bits A > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 added.bits A > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that update has been transfered and has been signed ($n)" +echo_i "checking that update has been transfered and has been signed ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 added.bits A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.bits A > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone bits -server 10.53.0.2 5300 +server 10.53.0.2 ${PORT} update add bits 0 SOA ns2.bits. . 2011072400 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072400) serial on hidden master ($n)" +echo_i "checking YYYYMMDDVV (2011072400) serial on hidden master ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072400) serial in signed zone ($n)" +echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that the zone is signed on initial transfer, noixfr ($n)" +echo_i "checking that the zone is signed on initial transfer, noixfr ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list noixfr > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list noixfr > signing.out.test$n 2>&1 keys=`grep '^Done signing' signing.out.test$n | wc -l` [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone noixfr -server 10.53.0.4 5300 +server 10.53.0.4 ${PORT} update add added.noixfr 0 A 1.2.3.4 send EOF n=`expr $n + 1` -echo "I:checking that the record is added on the hidden master, noixfr ($n)" +echo_i "checking that the record is added on the hidden master, noixfr ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.4 -p 5300 added.noixfr A > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 added.noixfr A > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that update has been transfered and has been signed, noixfr ($n)" +echo_i "checking that update has been transfered and has been signed, noixfr ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 added.noixfr A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.noixfr A > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone noixfr -server 10.53.0.4 5300 +server 10.53.0.4 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072400 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072400) serial on hidden master, noixfr ($n)" +echo_i "checking YYYYMMDDVV (2011072400) serial on hidden master, noixfr ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr ($n)" +echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that the master zone signed on initial load ($n)" +echo_i "checking that the master zone signed on initial load ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list master > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list master > signing.out.test$n 2>&1 keys=`grep '^Done signing' signing.out.test$n | wc -l` [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking removal of private type record via 'rndc signing -clear' (master) ($n)" +echo_i "checking removal of private type record via 'rndc signing -clear' (master) ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list master > signing.out.test$n 2>&1 +$RNDCCMD 10.53.0.3 signing -list master > signing.out.test$n 2>&1 keys=`sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n` for key in $keys; do - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear ${key} master > /dev/null || ret=1 + $RNDCCMD 10.53.0.3 signing -clear ${key} master > /dev/null || ret=1 break; # We only want to remove 1 record for now. -done 2>&1 |sed 's/^/I:ns3 /' +done 2>&1 |sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list master > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list master > signing.out.test$n 2>&1 num=`grep "Done signing with" signing.out.test$n | wc -l` [ $num = 1 ] && break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking private type was properly signed (master) ($n)" +echo_i "checking private type was properly signed (master) ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.6 -p 5300 master TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 master TYPE65534 > dig.out.ns6.test$n grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking removal of remaining private type record via 'rndc signing -clear' (master) ($n)" +echo_i "checking removal of remaining private type record via 'rndc signing -clear' (master) ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all master > /dev/null || ret=1 +$RNDCCMD 10.53.0.3 signing -clear all master > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list master > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list master > signing.out.test$n 2>&1 grep "No signing records found" signing.out.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check adding of record to unsigned master ($n)" +echo_i "check adding of record to unsigned master ($n)" ret=0 cp ns3/master2.db.in ns3/master.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload master || ret=1 +$RNDCCMD 10.53.0.3 reload master 2>&1 | sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 e.master A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 e.master A > dig.out.ns3.test$n grep "10.0.0.5" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check adding record fails when SOA serial not changed ($n)" +echo_i "check adding record fails when SOA serial not changed ($n)" ret=0 echo "c A 10.0.0.3" >> ns3/master.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload || ret=1 +$RNDCCMD 10.53.0.3 reload 2>&1 | sed 's/^/ns3 /' | cat_i sleep 1 -$DIG $DIGOPTS @10.53.0.3 -p 5300 c.master A > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 c.master A > dig.out.ns3.test$n grep "NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check adding record works after updating SOA serial ($n)" +echo_i "check adding record works after updating SOA serial ($n)" ret=0 cp ns3/master3.db.in ns3/master.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload master || ret=1 +$RNDCCMD 10.53.0.3 reload master 2>&1 | sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 c.master A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 c.master A > dig.out.ns3.test$n grep "10.0.0.3" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check the added record was properly signed ($n)" +echo_i "check the added record was properly signed ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 -p 5300 e.master A > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.3 e.master A > dig.out.ns6.test$n grep "10.0.0.5" dig.out.ns6.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ans=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ans=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that the dynamic master zone signed on initial load ($n)" +echo_i "checking that the dynamic master zone signed on initial load ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list dynamic > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list dynamic > signing.out.test$n 2>&1 keys=`grep '^Done signing' signing.out.test$n | wc -l` [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking master zone that was updated while offline is correct ($n)" +echo_i "checking master zone that was updated while offline is correct ($n)" ret=0 -serial=`$DIG $DIGOPTS +short @10.53.0.3 -p 5300 updated SOA | awk '{print $3}'` +serial=`$DIG $DIGOPTS +nodnssec +short @10.53.0.3 updated SOA | awk '{print $3}'` # serial should have changed [ "$serial" = "2000042407" ] && ret=1 # e.updated should exist and should be signed -$DIG $DIGOPTS @10.53.0.3 -p 5300 e.updated A > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 e.updated A > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 # updated.db.signed.jnl should exist, should have the source serial @@ -431,398 +432,397 @@ serial=`$JOURNALPRINT ns3/updated.db.signed.jnl | head -1 | awk '{print $4}'` [ "$serial" = "2000042408" ] || ret=1 diffsize=`$JOURNALPRINT ns3/updated.db.signed.jnl | wc -l` [ "$diffsize" -le 13 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking adding of record to unsigned master using UPDATE ($n)" +echo_i "checking adding of record to unsigned master using UPDATE ($n)" ret=0 -[ -f ns3/dynamic.db.jnl ] && { ret=1 ; echo "I:journal exists (pretest)" ; } +[ -f ns3/dynamic.db.jnl ] && { ret=1 ; echo_i "journal exists (pretest)" ; } $NSUPDATE << EOF zone dynamic -server 10.53.0.3 5300 +server 10.53.0.3 ${PORT} update add e.dynamic 0 A 1.2.3.4 send EOF -[ -f ns3/dynamic.db.jnl ] || { ret=1 ; echo "I:journal does not exist (posttest)" ; } +[ -f ns3/dynamic.db.jnl ] || { ret=1 ; echo_i "journal does not exist (posttest)" ; } for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 e.dynamic > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 e.dynamic > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 grep "1.2.3.4" dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 done -[ $ans = 0 ] || { ret=1; echo "I:signed record not found"; cat dig.out.ns3.test$n ; } +[ $ans = 0 ] || { ret=1; echo_i "signed record not found"; cat dig.out.ns3.test$n ; } -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:stop bump in the wire signer server ($n)" +echo_i "stop bump in the wire signer server ($n)" ret=0 $PERL ../stop.pl . ns3 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:restart bump in the wire signer server ($n)" +echo_i "restart bump in the wire signer server ($n)" ret=0 -$PERL ../start.pl --noclean --restart . ns3 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +$PERL ../start.pl --noclean --restart --port ${PORT} . ns3 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone bits -server 10.53.0.2 5300 +server 10.53.0.2 ${PORT} update add bits 0 SOA ns2.bits. . 2011072450 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072450) serial on hidden master ($n)" +echo_i "checking YYYYMMDDVV (2011072450) serial on hidden master ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072450) serial in signed zone ($n)" +echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone noixfr -server 10.53.0.4 5300 +server 10.53.0.4 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072450 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072450) serial on hidden master, noixfr ($n)" +echo_i "checking YYYYMMDDVV (2011072450) serial on hidden master, noixfr ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr ($n)" +echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone bits -server 10.53.0.3 5300 +server 10.53.0.3 ${PORT} update add bits 0 SOA ns2.bits. . 2011072460 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking forwarded update on hidden master ($n)" +echo_i "checking forwarded update on hidden master ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.2 -p 5300 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking forwarded update on signed zone ($n)" +echo_i "checking forwarded update on signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone noixfr -server 10.53.0.3 5300 +server 10.53.0.3 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072460 20 20 1814400 3600 send EOF n=`expr $n + 1` -echo "I:checking forwarded update on hidden master, noixfr ($n)" +echo_i "checking forwarded update on hidden master, noixfr ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.4 -p 5300 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking forwarded update on signed zone, noixfr ($n)" +echo_i "checking forwarded update on signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` ret=0 n=`expr $n + 1` -echo "I:checking turning on of inline signing in a slave zone via reload ($n)" -$DIG $DIGOPTS @10.53.0.5 -p 5300 +dnssec bits SOA > dig.out.ns5.test$n +echo_i "checking turning on of inline signing in a slave zone via reload ($n)" +$DIG $DIGOPTS @10.53.0.5 +dnssec bits SOA > dig.out.ns5.test$n grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:setup broken"; fi +if [ $ret != 0 ]; then echo_i "setup broken"; fi status=`expr $status + $ret` -cp ns5/named.conf.post ns5/named.conf +copy_setports ns5/named.conf.post ns5/named.conf (cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE bits) > /dev/null 2>&1 (cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE -f KSK bits) > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.5 -p 9953 reload 2>&1 | sed 's/^/I:ns5 /' +$RNDCCMD 10.53.0.5 reload 2>&1 | sed 's/^/ns5 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.5 -p 5300 bits SOA > dig.out.ns5.test$n + $DIG $DIGOPTS @10.53.0.5 bits SOA > dig.out.ns5.test$n grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns5.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking rndc freeze/thaw of dynamic inline zone no change ($n)" +echo_i "checking rndc freeze/thaw of dynamic inline zone no change ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze dynamic > freeze.test$n 2>&1 || { echo "I: rndc freeze dynamic failed" ; sed 's/^/I:/' < freeze.test$n ; ret=1; } +$RNDCCMD 10.53.0.3 freeze dynamic > freeze.test$n 2>&1 || { echo_i "/' < freeze.test$n"; ret=1; } sleep 1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 thaw dynamic > thaw.test$n 2>&1 || { echo "I: rndc thaw dynamic failed" ; ret=1; } +$RNDCCMD 10.53.0.3 thaw dynamic > thaw.test$n 2>&1 || { echo_i "rndc thaw dynamic failed" ; ret=1; } sleep 1 grep "zone dynamic/IN (unsigned): ixfr-from-differences: unchanged" ns3/named.run > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking rndc freeze/thaw of dynamic inline zone ($n)" +echo_i "checking rndc freeze/thaw of dynamic inline zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze dynamic > freeze.test$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 freeze dynamic > freeze.test$n 2>&1 || ret=1 sleep 1 awk '$2 == ";" && $3 == "serial" { printf("%d %s %s\n", $1 + 1, $2, $3); next; } { print; } END { print "freeze1.dynamic. 0 TXT freeze1"; } ' ns3/dynamic.db > ns3/dynamic.db.new mv ns3/dynamic.db.new ns3/dynamic.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 thaw dynamic > thaw.test$n 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +$RNDCCMD 10.53.0.3 thaw dynamic > thaw.test$n 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check added record freeze1.dynamic ($n)" +echo_i "check added record freeze1.dynamic ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 freeze1.dynamic TXT > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 freeze1.dynamic TXT > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 test $ret = 0 && break sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # allow 1 second so that file time stamps change sleep 1 n=`expr $n + 1` -echo "I:checking rndc freeze/thaw of server ($n)" +echo_i "checking rndc freeze/thaw of server ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze > freeze.test$n 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 freeze > freeze.test$n 2>&1 || ret=1 sleep 1 awk '$2 == ";" && $3 == "serial" { printf("%d %s %s\n", $1 + 1, $2, $3); next; } { print; } END { print "freeze2.dynamic. 0 TXT freeze2"; } ' ns3/dynamic.db > ns3/dynamic.db.new mv ns3/dynamic.db.new ns3/dynamic.db -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 thaw > thaw.test$n 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +$RNDCCMD 10.53.0.3 thaw > thaw.test$n 2>&1 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check added record freeze2.dynamic ($n)" +echo_i "check added record freeze2.dynamic ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 freeze2.dynamic TXT > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 freeze2.dynamic TXT > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 test $ret = 0 && break sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check rndc reload allows reuse of inline-signing zones ($n)" +echo_i "check rndc reload allows reuse of inline-signing zones ($n)" ret=0 -{ $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reload 2>&1 || ret=1 ; } | -sed 's/^/I:ns3 /' +{ $RNDCCMD 10.53.0.3 reload 2>&1 || ret=1 ; } | sed 's/^/ns3 /' | cat_i grep "not reusable" ns3/named.run > /dev/null 2>&1 && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check rndc sync removes both signed and unsigned journals ($n)" +echo_i "check rndc sync removes both signed and unsigned journals ($n)" ret=0 [ -f ns3/dynamic.db.jnl ] || ret=1 [ -f ns3/dynamic.db.signed.jnl ] || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync -clean dynamic 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 sync -clean dynamic 2>&1 || ret=1 [ -f ns3/dynamic.db.jnl ] && ret=1 [ -f ns3/dynamic.db.signed.jnl ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` $NSUPDATE << EOF zone retransfer -server 10.53.0.2 5300 +server 10.53.0.2 ${PORT} update add added.retransfer 0 A 1.2.3.4 send EOF n=`expr $n + 1` -echo "I:checking that the retransfer record is added on the hidden master ($n)" +echo_i "checking that the retransfer record is added on the hidden master ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.2 -p 5300 added.retransfer A > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 added.retransfer A > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking that the change has not been transfered due to notify ($n)" +echo_i "checking that the change has not been transfered due to notify ($n)" ret=0 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 done -if [ $ans != 1 ]; then echo "I:failed"; ret=1; fi +if [ $ans != 1 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check rndc retransfer of a inline slave zone works ($n)" +echo_i "check rndc retransfer of a inline slave zone works ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 retransfer retransfer 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 retransfer retransfer 2>&1 || ret=1 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 added.retransfer A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 done [ $ans = 1 ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check rndc retransfer of a inline nsec3 slave retains nsec3 ($n)" +echo_i "check rndc retransfer of a inline nsec3 slave retains nsec3 ($n)" ret=0 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 nonexist.retransfer3 A > dig.out.ns3.pre.test$n + $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.pre.test$n grep "status: NXDOMAIN" dig.out.ns3.pre.test$n > /dev/null || ans=1 grep "NSEC3" dig.out.ns3.pre.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 done -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 retransfer retransfer3 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 retransfer retransfer3 2>&1 || ret=1 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 nonexist.retransfer3 A > dig.out.ns3.post.test$n + $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n grep "status: NXDOMAIN" dig.out.ns3.post.test$n > /dev/null || ans=1 grep "NSEC3" dig.out.ns3.post.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 done [ $ans = 1 ] && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # NOTE: The test below should be considered fragile. More details can be found # in the comment inside ns7/named.conf. n=`expr $n + 1` -echo "I:check rndc retransfer of a inline nsec3 slave does not trigger an infinite loop ($n)" +echo_i "check rndc retransfer of a inline nsec3 slave does not trigger an infinite loop ($n)" ret=0 zone=nsec3-loop # Add slave zone using rndc -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 addzone $zone \ +$RNDCCMD 10.53.0.7 addzone $zone \ '{ type slave; masters { 10.53.0.2; }; file "'$zone'.db"; inline-signing yes; auto-dnssec maintain; };' # Wait until slave zone is fully signed using NSEC for i in 1 2 3 4 5 6 7 8 9 0 do ret=1 - $RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 signing -list $zone > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.7 signing -list $zone > signing.out.test$n 2>&1 keys=`grep '^Done signing' signing.out.test$n | wc -l` [ $keys -eq 3 ] && ret=0 && break sleep 1 done # Switch slave zone to NSEC3 -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1 +$RNDCCMD 10.53.0.7 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1 # Wait until slave zone is fully signed using NSEC3 for i in 1 2 3 4 5 6 7 8 9 0 do ret=1 - nsec3param=`$DIG +short @10.53.0.7 -p 5300 nsec3param $zone` + nsec3param=`$DIG $DIGOPTS +nodnssec +short @10.53.0.7 nsec3param $zone` test "$nsec3param" = "1 0 2 12345678" && ret=0 && break sleep 1 done # Attempt to retransfer the slave zone from master -$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 retransfer $zone +$RNDCCMD 10.53.0.7 retransfer $zone # Check whether the signer managed to fully sign the retransferred zone by # waiting for a specific SOA serial number to appear in the logs; if this # specific SOA serial number does not appear in the logs, it means the signer @@ -837,63 +837,63 @@ do [ $? -eq 0 ] && ret=0 && break sleep 1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:stop bump in the wire signer server ($n)" +echo_i "stop bump in the wire signer server ($n)" ret=0 $PERL ../stop.pl . ns3 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:update SOA record while stopped" +echo_i "update SOA record while stopped" cp ns3/master4.db.in ns3/master.db rm ns3/master.db.jnl n=`expr $n + 1` -echo "I:restart bump in the wire signer server ($n)" +echo_i "restart bump in the wire signer server ($n)" ret=0 -$PERL ../start.pl --noclean --restart . ns3 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +$PERL ../start.pl --noclean --restart --port ${PORT} . ns3 || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:updates to SOA parameters other than serial while stopped are reflected in signed zone ($n)" +echo_i "updates to SOA parameters other than serial while stopped are reflected in signed zone ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 -p 5300 master SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 master SOA > dig.out.ns3.test$n grep "hostmaster" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 done [ $ans = 0 ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:test add/del zone combinations ($n)" +echo_i "test add/del zone combinations ($n)" ret=0 for zone in a b c d e f g h i j k l m n o p q r s t u v w x y z do -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone test-$zone \ +$RNDCCMD 10.53.0.2 addzone test-$zone \ '{ type master; file "bits.db.in"; allow-transfer { any; }; };' -$DIG $DIGOPTS @10.53.0.2 -p 5300 test-$zone SOA > dig.out.ns2.$zone.test$n +$DIG $DIGOPTS @10.53.0.2 test-$zone SOA > dig.out.ns2.$zone.test$n grep "status: NOERROR," dig.out.ns2.$zone.test$n > /dev/null || { ret=1; cat dig.out.ns2.$zone.test$n; } -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone test-$zone \ +$RNDCCMD 10.53.0.3 addzone test-$zone \ '{ type slave; masters { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone test-$zone > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 delzone test-$zone > /dev/null 2>&1 done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing adding external keys to a inline zone ($n)" +echo_i "testing adding external keys to a inline zone ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 -p 5300 dnskey externalkey > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n for alg in 3 7 12 13 do [ $alg = 3 -a ! -f checkdsa ] && continue; @@ -901,23 +901,23 @@ do [ $alg = 13 -a ! -f checkecdsa ] && continue; case $alg in - 3) echo "I: checking DSA";; - 7) echo "I: checking NSEC3RSASHA1";; - 12) echo "I: checking GOST";; - 13) echo "I: checking ECDSAP256SHA256";; - *) echo "I: checking $alg";; + 3) echo_i "checking DSA";; + 7) echo_i "checking NSEC3RSASHA1";; + 12) echo_i "checking GOST";; + 13) echo_i "checking ECDSAP256SHA256";; + *) echo_i "checking $alg";; esac dnskeys=`grep "IN.DNSKEY.25[67] [0-9]* $alg " dig.out.ns3.test$n | wc -l` rrsigs=`grep "RRSIG.DNSKEY $alg " dig.out.ns3.test$n | wc -l` - test ${dnskeys:-0} -eq 3 || { echo "I: failed $alg (dnskeys ${dnskeys:-0})"; ret=1; } - test ${rrsigs:-0} -eq 2 || { echo "I: failed $alg (rrsigs ${rrsigs:-0})"; ret=1; } + test ${dnskeys:-0} -eq 3 || { echo_i "failed $alg (dnskeys ${dnskeys:-0})"; ret=1; } + test ${rrsigs:-0} -eq 2 || { echo_i "failed $alg (rrsigs ${rrsigs:-0})"; ret=1; } done -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing imported key won't overwrite a private key ($n)" +echo_i "testing imported key won't overwrite a private key ($n)" ret=0 key=`$KEYGEN -r $RANDFILE -q -a rsasha256 import.example` cp ${key}.key import.key @@ -928,134 +928,134 @@ rm -f ${key}.private $IMPORTKEY -f import.key import.example > /dev/null 2>&1 || ret=1 # now that it's an external key, re-import should succeed $IMPORTKEY -f import.key import.example > /dev/null 2>&1 || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing updating inline secure serial via 'rndc signing -serial' ($n)" +echo_i "testing updating inline secure serial via 'rndc signing -serial' ($n)" ret=0 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 sleep 1 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.ns3.post.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n` [ ${newserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing updating inline secure serial via 'rndc signing -serial' with negative change ($n)" +echo_i "testing updating inline secure serial via 'rndc signing -serial' with negative change ($n)" ret=0 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n oldserial=`awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n` newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 sleep 1 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.ns3.post.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n` [ ${oldserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` # # Freezing only operates on the raw zone. # n=`expr $n + 1` -echo "I:testing updating inline secure serial via 'rndc signing -serial' when frozen ($n)" +echo_i "testing updating inline secure serial via 'rndc signing -serial' when frozen ($n)" ret=0 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n oldserial=`awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n` newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze nsec3 > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 thaw nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 freeze nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 thaw nsec3 > /dev/null 2>&1 sleep 1 -$DIG nsec3. SOA -p 5300 @10.53.0.3 > dig.out.ns3.post.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n` [ ${newserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing updating dynamic serial via 'rndc signing -serial' ($n)" +echo_i "testing updating dynamic serial via 'rndc signing -serial' ($n)" ret=0 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 signing -serial ${newserial:-0} bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 sleep 1 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.post.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns2.post.test$n` [ ${newserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing updating dynamic serial via 'rndc signing -serial' with negative change ($n)" +echo_i "testing updating dynamic serial via 'rndc signing -serial' with negative change ($n)" ret=0 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n oldserial=`awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n` newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 signing -serial ${newserial:-0} bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 sleep 1 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.post.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns2.post.test$n` [ ${oldserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing updating dynamic serial via 'rndc signing -serial' when frozen ($n)" +echo_i "testing updating dynamic serial via 'rndc signing -serial' when frozen ($n)" ret=0 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n oldserial=`awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n` newserial=`$PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n` -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 freeze bits > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 signing -serial ${newserial:-0} bits > /dev/null 2>&1 -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 thaw bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 freeze bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 thaw bits > /dev/null 2>&1 sleep 1 -$DIG bits. SOA -p 5300 @10.53.0.2 > dig.out.ns2.post.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.post.test$n serial=`awk '$4 == "SOA" { print $7 }' dig.out.ns2.post.test$n` [ ${oldserial:-0} -eq ${serial:-1} ] || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing that inline signing works with inactive ZSK and active KSK ($n)" +echo_i "testing that inline signing works with inactive ZSK and active KSK ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 -p 5300 soa inactivezsk > dig.out.ns3.pre.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.3 soa inactivezsk > dig.out.ns3.pre.test$n || ret=1 soa1=`awk '$4 == "SOA" { print $7 }' dig.out.ns3.pre.test$n` $NSUPDATE << EOF -server 10.53.0.2 5300 +server 10.53.0.2 ${PORT} update add added.inactivezsk 0 IN TXT added record send EOF for i in 1 2 3 4 5 6 7 8 9 10 do - $DIG $DIGOPTS @10.53.0.3 -p 5300 soa inactivezsk > dig.out.ns3.post.test$n || ret=1 + $DIG $DIGOPTS @10.53.0.3 soa inactivezsk > dig.out.ns3.post.test$n || ret=1 soa2=`awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n` test ${soa1:-0} -ne ${soa2:-0} && break sleep 1 done test ${soa1:-0} -ne ${soa2:-0} || ret=1 -$DIG $DIGOPTS @10.53.0.3 -p 5300 txt added.inactivezsk > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.3 txt added.inactivezsk > dig.out.ns3.test$n || ret=1 grep "ANSWER: 3," dig.out.ns3.test$n > /dev/null || ret=1 grep "RRSIG" dig.out.ns3.test$n > /dev/null || ret=1 grep "TXT 7 2" dig.out.ns3.test$n > /dev/null || ret=1 grep "TXT 8 2" dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:testing that inline signing works with inactive KSK and active ZSK ($n)" +echo_i "testing that inline signing works with inactive KSK and active ZSK ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 -p 5300 axfr inactiveksk > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 axfr inactiveksk > dig.out.ns3.test$n # # check that DNSKEY is signed with ZSK for algorithm 7 @@ -1081,24 +1081,24 @@ kskid=`awk "${awk}" dig.out.ns3.test$n | $DSFROMKEY -2 -f - inactiveksk | awk '{ print $4}' ` grep "DNSKEY 8 1 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that zonestatus reports 'type: master' for a inline master zone ($n)" +echo_i "check that zonestatus reports 'type: master' for a inline master zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 zonestatus master > rndc.out.ns3.test$n +$RNDCCMD 10.53.0.3 zonestatus master > rndc.out.ns3.test$n grep "type: master" rndc.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:check that zonestatus reports 'type: slave' for a inline slave zone ($n)" +echo_i "check that zonestatus reports 'type: slave' for a inline slave zone ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 zonestatus bits > rndc.out.ns3.test$n +$RNDCCMD 10.53.0.3 zonestatus bits > rndc.out.ns3.test$n grep "type: slave" rndc.out.ns3.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/integrity/clean.sh b/bin/tests/system/integrity/clean.sh index 22c066fb22..409ea83ef5 100644 --- a/bin/tests/system/integrity/clean.sh +++ b/bin/tests/system/integrity/clean.sh @@ -7,3 +7,6 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. rm -f dig.out.test* +rm -f */named.memstats +rm -f */named.conf +rm -f */named.run diff --git a/bin/tests/system/integrity/ns1/named.conf b/bin/tests/system/integrity/ns1/named.conf.in similarity index 96% rename from bin/tests/system/integrity/ns1/named.conf rename to bin/tests/system/integrity/ns1/named.conf.in index 136b5b6914..4076214bbd 100644 --- a/bin/tests/system/integrity/ns1/named.conf +++ b/bin/tests/system/integrity/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -22,8 +20,6 @@ options { check-integrity no; }; -include "../../common/controls.conf"; - zone "." { type hint; file "../../common/root.hint"; diff --git a/bin/tests/system/integrity/setup.sh b/bin/tests/system/integrity/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/integrity/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/integrity/tests.sh b/bin/tests/system/integrity/tests.sh index 2c1e91c1a6..eac1f113de 100644 --- a/bin/tests/system/integrity/tests.sh +++ b/bin/tests/system/integrity/tests.sh @@ -9,116 +9,118 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" + status=0 n=1 -echo "I:check that 'check-integrity yes; check-mx-cname fail;' works ($n)" +echo_i "check that 'check-integrity yes; check-mx-cname fail;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx mx-cname-fail > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx mx-cname-fail > dig.out.test$n || ret=1 grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-fail/IN: mx-cname-fail/MX 'cname.mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity yes; check-mx-cname warn;' works ($n)" +echo_i "check that 'check-integrity yes; check-mx-cname warn;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx mx-cname-warn > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx mx-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-warn/IN: mx-cname-warn/MX 'cname.mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity yes; check-mx-cname ignore;' works ($n)" +echo_i "check that 'check-integrity yes; check-mx-cname ignore;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx mx-cname-ignore > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx mx-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-ignore/IN: mx-cname-ignore/MX 'cname.mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-mx-cname fail;' works ($n)" +echo_i "check that 'check-integrity no; check-mx-cname fail;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx no-mx-cname-fail > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-fail > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-fail/IN: no-mx-cname-fail/MX 'cname.no-mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-mx-cname warn;' works ($n)" +echo_i "check that 'check-integrity no; check-mx-cname warn;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx no-mx-cname-warn > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-warn/IN: no-mx-cname-warn/MX 'cname.no-mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-mx-cname ignore;' works ($n)" +echo_i "check that 'check-integrity no; check-mx-cname ignore;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 mx no-mx-cname-ignore > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-ignore/IN: no-mx-cname-ignore/MX 'cname.no-mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity yes; check-srv-cname fail;' works ($n)" +echo_i "check that 'check-integrity yes; check-srv-cname fail;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv srv-cname-fail > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv srv-cname-fail > dig.out.test$n || ret=1 grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-fail/IN: srv-cname-fail/SRV 'cname.srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity yes; check-srv-cname warn;' works ($n)" +echo_i "check that 'check-integrity yes; check-srv-cname warn;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv srv-cname-warn > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv srv-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-warn/IN: srv-cname-warn/SRV 'cname.srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity yes; check-srv-cname ignore;' works ($n)" +echo_i "check that 'check-integrity yes; check-srv-cname ignore;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv srv-cname-ignore > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv srv-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-ignore/IN: srv-cname-ignore/SRV 'cname.srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-srv-cname fail;' works ($n)" +echo_i "check that 'check-integrity no; check-srv-cname fail;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv no-srv-cname-fail > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-fail > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-fail/IN: no-srv-cname-fail/SRV 'cname.no-srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-srv-cname warn;' works ($n)" +echo_i "check that 'check-integrity no; check-srv-cname warn;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv no-srv-cname-warn > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-warn/IN: no-srv-cname-warn/SRV 'cname.no-srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:check that 'check-integrity no; check-srv-cname ignore;' works ($n)" +echo_i "check that 'check-integrity no; check-srv-cname ignore;' works ($n)" ret=0 -$DIG -p 5300 @10.53.0.1 srv no-srv-cname-ignore > dig.out.test$n || ret=1 +$DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-ignore/IN: no-srv-cname-ignore/SRV 'cname.no-srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" test $status -eq 0 || exit 1 diff --git a/bin/tests/system/ixfr/clean.sh b/bin/tests/system/ixfr/clean.sh index 139a4596c8..d05798901e 100644 --- a/bin/tests/system/ixfr/clean.sh +++ b/bin/tests/system/ixfr/clean.sh @@ -6,12 +6,11 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.10 2012/02/07 23:47:24 tbox Exp $ - -rm -f ns1/named.conf ns1/myftp.db +rm -f ns1/myftp.db rm -f ns3/*.jnl ns3/mytest.db ns3/subtest.db rm -f ns4/*.jnl ns4/*.db rm -f */named.memstats +rm -f */named.conf rm -f */named.run rm -f */ans.run rm -f dig.out dig.out1 dig.out2 dig.out3 diff --git a/bin/tests/system/ixfr/ns3/named.conf b/bin/tests/system/ixfr/ns3/named.conf.in similarity index 86% rename from bin/tests/system/ixfr/ns3/named.conf rename to bin/tests/system/ixfr/ns3/named.conf.in index c7fae8ced1..4dd73c3f27 100644 --- a/bin/tests/system/ixfr/ns3/named.conf +++ b/bin/tests/system/ixfr/ns3/named.conf.in @@ -6,14 +6,12 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/09/07 23:46:27 tbox Exp $ */ - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; allow-transfer { any; }; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -27,7 +25,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view "primary" { diff --git a/bin/tests/system/ixfr/ns4/named.conf b/bin/tests/system/ixfr/ns4/named.conf.in similarity index 86% rename from bin/tests/system/ixfr/ns4/named.conf rename to bin/tests/system/ixfr/ns4/named.conf.in index 7987fac810..848542c59e 100644 --- a/bin/tests/system/ixfr/ns4/named.conf +++ b/bin/tests/system/ixfr/ns4/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.conf,v 1.3 2011/09/07 23:46:28 tbox Exp $ */ - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; @@ -26,7 +24,7 @@ key rndc_key { }; controls { - inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; view "primary" { diff --git a/bin/tests/system/ixfr/prereq.sh b/bin/tests/system/ixfr/prereq.sh index 9610b33bf3..1091ea833d 100644 --- a/bin/tests/system/ixfr/prereq.sh +++ b/bin/tests/system/ixfr/prereq.sh @@ -10,6 +10,6 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null then : else - echo "I:This test requires the Net::DNS library." >&2 + echo_i "This test requires the Net::DNS library." >&2 exit 1 fi diff --git a/bin/tests/system/ixfr/setup.sh b/bin/tests/system/ixfr/setup.sh index a6eb686899..44c0b53a7d 100644 --- a/bin/tests/system/ixfr/setup.sh +++ b/bin/tests/system/ixfr/setup.sh @@ -16,7 +16,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port ${PORT}; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -30,10 +30,13 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port ${CONTROLPORT} allow { any; } keys { rndc_key; }; }; EOF +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf + # Setup initial db files for ns3 cp ns3/mytest0.db ns3/mytest.db cp ns3/subtest0.db ns3/subtest.db diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index 0477f248d3..91dbc51b6a 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -6,8 +6,6 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.11 2012/02/22 14:22:54 marka Exp $ - # WARNING: The test labelled "testing request-ixfr option in view vs zone" # is fragile because it depends upon counting instances of records @@ -19,12 +17,11 @@ SYSTEMTESTTOP=.. status=0 -DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" -DIGCMD="$DIG $DIGOPTS @10.53.0.1 -p 5300" -SENDCMD="$PERL ../send.pl 10.53.0.2 5301" -RNDCCMD="$RNDC -s 10.53.0.1 -p 9953 -c ../common/rndc.conf" +DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" +SENDCMD="$PERL ../send.pl 10.53.0.2 ${EXTRAPORT1}" +RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s" -echo "I:testing initial AXFR" +echo_i "testing initial AXFR" $SENDCMD < dig.out + $DIG $DIGOPTS @10.53.0.1 nil. SOA > dig.out grep "SOA" dig.out > /dev/null && break sleep 1 done -$DIGCMD nil. TXT | grep 'initial AXFR' >/dev/null || { - echo "I:failed" +$DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'initial AXFR' >/dev/null || { + echo_i "failed" status=1 } -echo "I:testing successful IXFR" +echo_i "testing successful IXFR" # We change the IP address of a.nil., and the TXT record at the apex. # Then we do a SOA-only update. @@ -91,16 +88,16 @@ EOF sleep 1 -$RNDCCMD refresh nil +$RNDCCMD 10.53.0.1 refresh nil sleep 2 -$DIGCMD nil. TXT | grep 'successful IXFR' >/dev/null || { - echo "I:failed" +$DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'successful IXFR' >/dev/null || { + echo_i "failed" status=1 } -echo "I:testing AXFR fallback after IXFR failure" +echo_i "testing AXFR fallback after IXFR failure" # Provide a broken IXFR response and a working fallback AXFR response @@ -125,34 +122,34 @@ EOF sleep 1 -$RNDCCMD refresh nil +$RNDCCMD 10.53.0.1 refresh nil sleep 2 -$DIGCMD nil. TXT | grep 'fallback AXFR' >/dev/null || { - echo "I:failed" +$DIG $DIGOPTS @10.53.0.1 nil. TXT | grep 'fallback AXFR' >/dev/null || { + echo_i "failed" status=1 } -echo "I:testing ixfr-from-differences option" -# ns3 is master; ns4 is slave +echo_i "testing ixfr-from-differences option" +# ns3 is master; ns4 is slave $CHECKZONE test. ns3/mytest.db > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I:named-checkzone returned failure on ns3/mytest.db" + echo_i "named-checkzone returned failure on ns3/mytest.db" fi # modify the master -#echo "I: digging against master: " -#$DIG $DIGOPTS @10.53.0.3 -p 5300 a host1.test. -#echo "I: digging against slave: " -#$DIG $DIGOPTS @10.53.0.4 -p 5300 a host1.test. +#echo_i "digging against master: " +#$DIG $DIGOPTS @10.53.0.3 a host1.test. +#echo_i "digging against slave: " +#$DIG $DIGOPTS @10.53.0.4 a host1.test. cp ns3/mytest1.db ns3/mytest.db -$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +$RNDCCMD 10.53.0.3 reload for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG +tcp -p 5300 @10.53.0.4 SOA test > dig.out + $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out grep -i "hostmaster\.test\..2" dig.out > /dev/null && break sleep 1 done @@ -167,28 +164,28 @@ do done if [ $INCR -ne 1 ] then - echo "I:failed to get incremental response" + echo_i "failed to get incremental response" status=1 fi -echo "I:testing request-ixfr option in view vs zone" +echo_i "testing request-ixfr option in view vs zone" # There's a view with 2 zones. In the view, "request-ixfr yes" # but in the zone "sub.test", request-ixfr no" # we want to make sure that a change to sub.test results in AXFR, while # changes to test. result in IXFR -echo "I: this result should be AXFR" +echo_i " this result should be AXFR" cp ns3/subtest1.db ns3/subtest.db # change to sub.test zone, should be AXFR -$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +$RNDCCMD 10.53.0.3 reload for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG +tcp -p 5300 @10.53.0.4 SOA sub.test > dig.out + $DIG $DIGOPTS +tcp @10.53.0.4 SOA sub.test > dig.out grep -i "hostmaster\.test\..3" dig.out > /dev/null && break sleep 1 done -echo "I: this result should be AXFR" +echo_i " this result should be AXFR" for i in 0 1 2 3 4 5 6 7 8 9 do NONINCR=`grep 'sub\.test/IN/primary' ns4/named.run|grep "got nonincremental" | wc -l` @@ -197,19 +194,19 @@ do done if [ $NONINCR -ne 2 ] then - echo "I:failed to get nonincremental response in 2nd AXFR test" + echo_i "failed to get nonincremental response in 2nd AXFR test" status=1 else - echo "I: success: AXFR it was" + echo_i " success: AXFR it was" fi -echo "I: this result should be IXFR" +echo_i " this result should be IXFR" cp ns3/mytest2.db ns3/mytest.db # change to test zone, should be IXFR -$RNDC -s 10.53.0.3 -p 9953 -c ../common/rndc.conf reload +$RNDCCMD 10.53.0.3 reload for i in 0 1 2 3 4 5 6 7 8 9 do - $DIG +tcp -p 5300 @10.53.0.4 SOA test > dig.out + $DIG $DIGOPTS +tcp @10.53.0.4 SOA test > dig.out grep -i "hostmaster\.test\..4" dig.out > /dev/null && break sleep 1 done @@ -222,39 +219,39 @@ do done if [ $INCR -ne 2 ] then - echo "I:failed to get incremental response in 2nd IXFR test" + echo_i "failed to get incremental response in 2nd IXFR test" status=1 else - echo "I: success: IXFR it was" + echo_i " success: IXFR it was" fi -echo "I:testing DiG's handling of a multi message AXFR style IXFR response" +echo_i "testing DiG's handling of a multi message AXFR style IXFR response" ( (sleep 10 && kill $$) 2>/dev/null & sub=$! -$DIG ixfr=0 large -p 5300 @10.53.0.3 > dig.out +$DIG -p ${PORT} ixfr=0 large @10.53.0.3 > dig.out kill $sub ) lines=`grep hostmaster.large dig.out | wc -l` -test ${lines:-0} -eq 2 || { echo "I:failed"; status=1; } +test ${lines:-0} -eq 2 || { echo_i "failed"; status=1; } messages=`sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out` -test ${messages:-0} -gt 1 || { echo "I:failed"; status=1; } +test ${messages:-0} -gt 1 || { echo_i "failed"; status=1; } -echo "I:test 'dig +notcp ixfr=' vs 'dig ixfr= +notcp' vs 'dig ixfr='" +echo_i "test 'dig +notcp ixfr=' vs 'dig ixfr= +notcp' vs 'dig ixfr='" ret=0 # Should be "switch to TCP" response -$DIG +notcp ixfr=1 test -p 5300 @10.53.0.4 > dig.out1 || ret=1 -$DIG ixfr=1 +notcp test -p 5300 @10.53.0.4 > dig.out2 || ret=1 +$DIG $DIGOPTS +notcp ixfr=1 test @10.53.0.4 > dig.out1 || ret=1 +$DIG $DIGOPTS ixfr=1 +notcp test @10.53.0.4 > dig.out2 || ret=1 $PERL ../digcomp.pl dig.out1 dig.out2 || ret=1 awk '$4 == "SOA" { soacnt++} END {if (soacnt == 1) exit(0); else exit(1);}' dig.out1 || ret=1 awk '$4 == "SOA" { if ($7 == 4) exit(0); else exit(1);}' dig.out1 || ret=1 # Should be incremental transfer. -$DIG ixfr=1 test -p 5300 @10.53.0.4 > dig.out3 || ret=1 +$DIG $DIGOPTS ixfr=1 test @10.53.0.4 > dig.out3 || ret=1 awk '$4 == "SOA" { soacnt++} END { if (soacnt == 6) exit(0); else exit(1);}' dig.out3 || ret=1 if [ ${ret} != 0 ]; then - echo "I:failed"; + echo_i "failed"; status=1; fi -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/keepalive/clean.sh b/bin/tests/system/keepalive/clean.sh index 06637d06d9..86b1b38852 100644 --- a/bin/tests/system/keepalive/clean.sh +++ b/bin/tests/system/keepalive/clean.sh @@ -8,5 +8,6 @@ rm -f dig.out.* rm -f output rm -f ns*/named.memstats rm -f ns*/named.run +rm -f ns*/named.conf rm -f ns*/named.stats rm -f ns*/named.lock diff --git a/bin/tests/system/padding/ns1/named.conf b/bin/tests/system/keepalive/ns1/named.conf.in similarity index 85% rename from bin/tests/system/padding/ns1/named.conf rename to bin/tests/system/keepalive/ns1/named.conf.in index f1ba08caa7..3925fdba40 100644 --- a/bin/tests/system/padding/ns1/named.conf +++ b/bin/tests/system/keepalive/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -26,7 +24,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/keepalive/ns2/named.conf b/bin/tests/system/keepalive/ns2/named.conf.in similarity index 89% rename from bin/tests/system/keepalive/ns2/named.conf rename to bin/tests/system/keepalive/ns2/named.conf.in index 5c2948a8ec..da8860bddb 100644 --- a/bin/tests/system/keepalive/ns2/named.conf +++ b/bin/tests/system/keepalive/ns2/named.conf.in @@ -12,14 +12,14 @@ key rndc_key { }; controls { - inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/keepalive/ns3/named.conf b/bin/tests/system/keepalive/ns3/named.conf.in similarity index 87% rename from bin/tests/system/keepalive/ns3/named.conf rename to bin/tests/system/keepalive/ns3/named.conf.in index 18283942db..4f0d80607b 100644 --- a/bin/tests/system/keepalive/ns3/named.conf +++ b/bin/tests/system/keepalive/ns3/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; directory "."; pid-file "named.pid"; listen-on { 10.53.0.3; }; @@ -32,7 +30,7 @@ key rndc_key { }; controls { - inet 10.53.0.3 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; zone "." { diff --git a/bin/tests/system/keepalive/setup.sh b/bin/tests/system/keepalive/setup.sh index 25cb9a6979..f8ef06b98b 100644 --- a/bin/tests/system/keepalive/setup.sh +++ b/bin/tests/system/keepalive/setup.sh @@ -11,4 +11,8 @@ SYSTEMTESTTOP=.. $SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf + test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/keepalive/tests.sh b/bin/tests/system/keepalive/tests.sh index cb9268235e..82299cef30 100644 --- a/bin/tests/system/keepalive/tests.sh +++ b/bin/tests/system/keepalive/tests.sh @@ -9,84 +9,85 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -RNDCCMD="$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953" +DIGOPTS="-p ${PORT}" +RNDCCMD="$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT}" n=0 status=0 -echo "I:checking that dig handles TCP keepalive ($n)" +echo_i "checking that dig handles TCP keepalive ($n)" ret=0 n=`expr $n + 1` -$DIG +qr +keepalive foo.example @10.53.0.2 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +qr +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that dig added TCP keepalive ($n)" +echo_i "checking that dig added TCP keepalive ($n)" ret=0 n=`expr $n + 1` $RNDCCMD stats grep "EDNS TCP keepalive option received" ns2/named.stats > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that TCP keepalive is added for TCP responses ($n)" +echo_i "checking that TCP keepalive is added for TCP responses ($n)" ret=0 n=`expr $n + 1` -$DIG +vc +keepalive foo.example @10.53.0.2 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking that TCP keepalive requires TCP ($n)" +echo_i "checking that TCP keepalive requires TCP ($n)" ret=0 n=`expr $n + 1` -$DIG +keepalive foo.example @10.53.0.2 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking default value ($n)" +echo_i "checking default value ($n)" ret=0 n=`expr $n + 1` -$DIG +vc +keepalive foo.example @10.53.0.3 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.3 > dig.out.test$n grep "; TCP KEEPALIVE: 30.0 secs" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking configured value ($n)" +echo_i "checking configured value ($n)" ret=0 n=`expr $n + 1` -$DIG +vc +keepalive foo.example @10.53.0.2 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE: 15.0 secs" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking re-configured value ($n)" +echo_i "checking re-configured value ($n)" ret=0 n=`expr $n + 1` $RNDCCMD tcp-timeouts 300 300 300 200 > output diff -b output expected || ret=1 -$DIG +vc +keepalive foo.example @10.53.0.2 -p 5300 > dig.out.test$n +$DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:checking server config entry ($n)" +echo_i "checking server config entry ($n)" ret=0 n=`expr $n + 1` $RNDCCMD stats oka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \ tail -1 | awk '{ print $1}'` -$DIG bar.example @10.53.0.3 -p 5300 > dig.out.test$n +$DIG $DIGOPTS bar.example @10.53.0.3 > dig.out.test$n $RNDCCMD stats nka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \ tail -1 | awk '{ print $1}'` #echo oka ':' $oka #echo nka ':' $nka if [ "$oka" -eq "$nka" ]; then ret=1; fi -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/keymgr/prereq.sh b/bin/tests/system/keymgr/prereq.sh index dd6d92ef28..673708b806 100644 --- a/bin/tests/system/keymgr/prereq.sh +++ b/bin/tests/system/keymgr/prereq.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/bin/tests/system/keymgr/setup.sh b/bin/tests/system/keymgr/setup.sh index 32771046ae..2faa29a0db 100644 --- a/bin/tests/system/keymgr/setup.sh +++ b/bin/tests/system/keymgr/setup.sh @@ -15,7 +15,7 @@ $SHELL clean.sh # Test 1: KSK goes inactive before successor is active dir=01-ksk-inactive -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` @@ -26,7 +26,7 @@ zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` # Test 2: ZSK goes inactive before successor is active dir=02-zsk-inactive -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` @@ -37,7 +37,7 @@ ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` # Test 3: KSK is unpublished before its successor is published dir=03-ksk-unpublished -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` @@ -48,7 +48,7 @@ zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` # Test 4: ZSK is unpublished before its successor is published dir=04-zsk-unpublished -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` @@ -60,7 +60,7 @@ ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` # Test 5: KSK deleted and successor published before KSK is deactivated # and successor activated. dir=05-ksk-unpub-active -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` @@ -71,7 +71,7 @@ zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` # Test 6: ZSK deleted and successor published before ZSK is deactivated # and successor activated. dir=06-zsk-unpub-active -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` @@ -81,7 +81,7 @@ ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` # Test 7: KSK rolled with insufficient delay after prepublication. dir=07-ksk-ttl -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` @@ -92,7 +92,7 @@ zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` # Test 8: ZSK rolled with insufficient delay after prepublication. dir=08-zsk-ttl -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com` @@ -108,7 +108,7 @@ rm -f $dir/K*.private # Test 10: Valid key set, but rollover period has changed dir=10-change-roll -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` @@ -118,7 +118,7 @@ zsk2=`$KEYGEN -K $dir -S $zsk1` # Test 11: Many keys all simultaneously scheduled to be active in the future dir=11-many-simul -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -q3fk -P now+1mo -A now+1mo example.com` @@ -129,7 +129,7 @@ z4=`$KEYGEN -K $dir -a rsasha1 -q3 -P now+1mo -A now+1mo example.com` # Test 12: Many keys all simultaneously scheduled to be active in the past dir=12-many-active -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -q3fk example.com` @@ -140,7 +140,7 @@ z4=`$KEYGEN -K $dir -a rsasha1 -q3 example.com` # Test 13: Multiple simultaneous keys with no configured roll period dir=13-noroll -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -q3fk example.com` @@ -150,7 +150,7 @@ z1=`$KEYGEN -K $dir -a rsasha1 -q3 example.com` # Test 14: Keys exist but have the wrong algorithm dir=14-wrongalg -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -qfk example.com` @@ -164,7 +164,7 @@ z4=`$KEYGEN -K $dir -q -S ${z3}.key` # Test 15: No zones specified; just search the directory for keys dir=15-unspec -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -q3fk example.com` @@ -179,7 +179,7 @@ z4=`$KEYGEN -K $dir -q -S ${z3}.key` # Test 16: No zones specified; search the directory for keys; # keys have the wrong algorithm for their policies dir=16-wrongalg-unspec -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -qfk example.com` @@ -194,7 +194,7 @@ z4=`$KEYGEN -K $dir -q -S ${z3}.key` # Test 17: Keys are simultaneously active but we run with no force # flag (this should fail) dir=17-noforce -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private k1=`$KEYGEN -K $dir -a rsasha1 -q3fk example.com` @@ -205,7 +205,7 @@ z4=`$KEYGEN -K $dir -a rsasha1 -q3 example.com` # Test 18: Prepublication interval is set to a nonstandard value dir=18-nonstd-prepub -echo I:set up $dir +echo_i "set up $dir" rm -f $dir/K*.key rm -f $dir/K*.private ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com` diff --git a/bin/tests/system/keymgr/tests.sh b/bin/tests/system/keymgr/tests.sh index b15fc025b2..c5192a5628 100644 --- a/bin/tests/system/keymgr/tests.sh +++ b/bin/tests/system/keymgr/tests.sh @@ -22,11 +22,11 @@ matchall () { done } -echo "I:checking for DNSSEC key coverage issues" +echo_i "checking for DNSSEC key coverage issues" ret=0 for dir in [0-9][0-9]-*; do ret=0 - echo "I:$dir ($n)" + echo_i "$dir ($n)" kargs= cargs= kmatch= cmatch= kret= cret=0 warn= error= ok= . $dir/expect @@ -91,18 +91,18 @@ for dir in [0-9][0-9]-*; do fi n=`expr $n + 1` - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done -echo "I:checking policy.conf parser ($n)" +echo_i "checking policy.conf parser ($n)" ret=0 ${PYTHON} testpolicy.py policy.sample > policy.out $DOS2UNIX policy.out > /dev/null cmp -s policy.good policy.out || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/legacy/clean.sh b/bin/tests/system/legacy/clean.sh index 59f40a34b3..a711c9b62a 100644 --- a/bin/tests/system/legacy/clean.sh +++ b/bin/tests/system/legacy/clean.sh @@ -5,7 +5,7 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. rm -f dig.out.* -rm -f ns1/named.conf +rm -f ns?/named.conf rm -f ns?/named.memstats rm -f ns?/named.run rm -f ns*/named.lock diff --git a/bin/tests/system/legacy/ns1/named1.conf b/bin/tests/system/legacy/ns1/named1.conf.in similarity index 93% rename from bin/tests/system/legacy/ns1/named1.conf rename to bin/tests/system/legacy/ns1/named1.conf.in index 7ec5328057..6cf0e5f333 100644 --- a/bin/tests/system/legacy/ns1/named1.conf +++ b/bin/tests/system/legacy/ns1/named1.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns1/named2.conf b/bin/tests/system/legacy/ns1/named2.conf.in similarity index 93% rename from bin/tests/system/legacy/ns1/named2.conf rename to bin/tests/system/legacy/ns1/named2.conf.in index 3f1c9c96ac..8c150287ab 100644 --- a/bin/tests/system/legacy/ns1/named2.conf +++ b/bin/tests/system/legacy/ns1/named2.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns2/named.conf b/bin/tests/system/legacy/ns2/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns2/named.conf rename to bin/tests/system/legacy/ns2/named.conf.in index 9c983bbff5..a3823b0505 100644 --- a/bin/tests/system/legacy/ns2/named.conf +++ b/bin/tests/system/legacy/ns2/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns3/named.conf b/bin/tests/system/legacy/ns3/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns3/named.conf rename to bin/tests/system/legacy/ns3/named.conf.in index 16c436447e..cb319c3eff 100644 --- a/bin/tests/system/legacy/ns3/named.conf +++ b/bin/tests/system/legacy/ns3/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns4/named.conf b/bin/tests/system/legacy/ns4/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns4/named.conf rename to bin/tests/system/legacy/ns4/named.conf.in index 1c1c4c534c..8285ea033d 100644 --- a/bin/tests/system/legacy/ns4/named.conf +++ b/bin/tests/system/legacy/ns4/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.4; notify-source 10.53.0.4; transfer-source 10.53.0.4; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.4; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns5/named.conf b/bin/tests/system/legacy/ns5/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns5/named.conf rename to bin/tests/system/legacy/ns5/named.conf.in index 3965f3a2c7..99d7b31704 100644 --- a/bin/tests/system/legacy/ns5/named.conf +++ b/bin/tests/system/legacy/ns5/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.5; notify-source 10.53.0.5; transfer-source 10.53.0.5; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.5; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns6/named.conf b/bin/tests/system/legacy/ns6/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns6/named.conf rename to bin/tests/system/legacy/ns6/named.conf.in index 71e91b5793..7a095e3cc8 100644 --- a/bin/tests/system/legacy/ns6/named.conf +++ b/bin/tests/system/legacy/ns6/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.6; notify-source 10.53.0.6; transfer-source 10.53.0.6; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.6; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns6/sign.sh b/bin/tests/system/legacy/ns6/sign.sh index f12b089fb7..212243b772 100755 --- a/bin/tests/system/legacy/ns6/sign.sh +++ b/bin/tests/system/legacy/ns6/sign.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh -echo "I:sign edns512" +echo_i "sign edns512" zone=edns512 infile=edns512.db.in diff --git a/bin/tests/system/legacy/ns7/named.conf b/bin/tests/system/legacy/ns7/named.conf.in similarity index 93% rename from bin/tests/system/legacy/ns7/named.conf rename to bin/tests/system/legacy/ns7/named.conf.in index bc9cd24acd..6c3b53d425 100644 --- a/bin/tests/system/legacy/ns7/named.conf +++ b/bin/tests/system/legacy/ns7/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.7; notify-source 10.53.0.7; transfer-source 10.53.0.7; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.7; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index e9635491ac..63507f2fac 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh -echo "I:sign edns512-notcp" +echo_i "sign edns512-notcp" zone=edns512-notcp infile=edns512-notcp.db.in diff --git a/bin/tests/system/legacy/setup.sh b/bin/tests/system/legacy/setup.sh index bf57e5c6d5..8a2c961f14 100644 --- a/bin/tests/system/legacy/setup.sh +++ b/bin/tests/system/legacy/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2014, 2016 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -9,4 +9,13 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -cp -f ns1/named1.conf ns1/named.conf +$SHELL clean.sh + +copy_setports ns1/named1.conf.in ns1/named.conf + +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 3dd6bda79d..fa042ef48c 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -6,159 +6,158 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id$ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" + status=0 n=0 n=`expr $n + 1` -echo "I:checking drop edns server setup ($n)" +echo_i "checking drop edns server setup ($n)" ret=0 -$DIG +edns @10.53.0.2 -p 5300 dropedns soa > dig.out.1.test$n +$DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n grep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 -$DIG +noedns @10.53.0.2 -p 5300 dropedns soa > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +noedns @10.53.0.2 dropedns soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 -$DIG +noedns +tcp @10.53.0.2 -p 5300 dropedns soa > dig.out.3.test$n || ret=1 +$DIG $DIGOPTS +noedns +tcp @10.53.0.2 dropedns soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 -$DIG +edns +tcp @10.53.0.2 -p 5300 dropedns soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n grep "connection timed out; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to drop edns server succeeds ($n)" +echo_i "checking recursive lookup to drop edns server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 dropedns soa > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 dropedns soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking drop edns + no tcp server setup ($n)" +echo_i "checking drop edns + no tcp server setup ($n)" ret=0 -$DIG +edns @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.1.test$n +$DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n grep "connection timed out; no servers could be reached" dig.out.1.test$n > /dev/null || ret=1 -$DIG +noedns +tcp @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +noedns +tcp @10.53.0.3 dropedns-notcp soa > dig.out.2.test$n grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null -$DIG +noedns @10.53.0.3 -p 5300 dropedns-notcp soa > dig.out.3.test$n || ret=1 +$DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to drop edns + no tcp server succeeds ($n)" +echo_i "checking recursive lookup to drop edns + no tcp server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 dropedns-notcp soa > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 dropedns-notcp soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking plain dns server setup ($n)" +echo_i "checking plain dns server setup ($n)" ret=0 -$DIG +edns @10.53.0.4 -p 5300 plain soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +edns @10.53.0.4 plain soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to plain dns server succeeds ($n)" +echo_i "checking recursive lookup to plain dns server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 plain soa > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 plain soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking plain dns + no tcp server setup ($n)" +echo_i "checking plain dns + no tcp server setup ($n)" ret=0 -$DIG +edns @10.53.0.5 -p 5300 plain-notcp soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 -$DIG +edns +tcp @10.53.0.5 -p 5300 plain-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to plain dns + no tcp server succeeds ($n)" +echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 plain-notcp soa > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 plain-notcp soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking edns 512 server setup ($n)" +echo_i "checking edns 512 server setup ($n)" ret=0 -$DIG +edns @10.53.0.6 -p 5300 edns512 soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG +edns +tcp @10.53.0.6 -p 5300 edns512 soa > dig.out.2.test$n || ret=1 +$DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG +edns @10.53.0.6 -p 5300 txt500.edns512 txt > dig.out.3.test$n +$DIG $DIGOPTS +edns @10.53.0.6 txt500.edns512 txt > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null -$DIG +edns +bufsize=512 +ignor @10.53.0.6 -p 5300 txt500.edns512 txt > dig.out.4.test$n +$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.6 txt500.edns512 txt > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to edns 512 server succeeds ($n)" +echo_i "checking recursive lookup to edns 512 server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 txt500.edns512 txt > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 txt500.edns512 txt > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking edns 512 + no tcp server setup ($n)" +echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 -$DIG +noedns @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +noedns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG +noedns +tcp @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +noedns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n grep "connection timed out; no servers could be reached" dig.out.2.test$n > /dev/null -$DIG +edns @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.3.test$n +$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null -$DIG +edns +bufsize=512 +ignor @10.53.0.7 -p 5300 edns512-notcp soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.7 edns512-notcp soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` -echo "I:checking recursive lookup to edns 512 + no tcp server succeeds ($n)" +echo_i "checking recursive lookup to edns 512 + no tcp server succeeds ($n)" ret=0 -$DIG +tcp @10.53.0.1 -p 5300 edns512-notcp soa > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` if $SHELL ../testcrypto.sh > /dev/null 2>&1 then $PERL $SYSTEMTESTTOP/stop.pl . ns1 - cp -f ns1/named2.conf ns1/named.conf + copy_setports ns1/named2.conf.in ns1/named.conf - $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns1 n=`expr $n + 1` - echo "I:checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" + echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" ret=0 - $DIG +tcp @10.53.0.1 -p 5300 edns512-notcp soa > dig.out.test$n + $DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n grep "status: SERVFAIL" dig.out.test$n > /dev/null || grep "connection timed out;" dig.out.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo "I:failed"; fi + if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` else - echo "I:skipping checking recursive lookup to edns 512 + no tcp + trust anchor fails as crypto not enabled" + echo_i "skipping checking recursive lookup to edns 512 + no tcp + trust anchor fails as crypto not enabled" fi - -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/limits/clean.sh b/bin/tests/system/limits/clean.sh index bc306a8783..0eeb38e794 100644 --- a/bin/tests/system/limits/clean.sh +++ b/bin/tests/system/limits/clean.sh @@ -6,12 +6,11 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: clean.sh,v 1.11 2007/09/26 03:22:44 marka Exp $ - # # Clean up after limits tests. # rm -f dig.out.* rm -f */named.memstats +rm -f */named.conf rm -f */named.run rm -f ns*/named.lock diff --git a/bin/tests/system/limits/ns1/named.conf b/bin/tests/system/limits/ns1/named.conf.in similarity index 94% rename from bin/tests/system/limits/ns1/named.conf rename to bin/tests/system/limits/ns1/named.conf.in index d783741eea..ef88cd93db 100644 --- a/bin/tests/system/limits/ns1/named.conf +++ b/bin/tests/system/limits/ns1/named.conf.in @@ -6,13 +6,11 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -controls { /* empty */ }; - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/limits/setup.sh b/bin/tests/system/limits/setup.sh new file mode 100644 index 0000000000..c69f051dbc --- /dev/null +++ b/bin/tests/system/limits/setup.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh +copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/limits/tests.sh b/bin/tests/system/limits/tests.sh index 0978cbad1f..14ed1c935a 100644 --- a/bin/tests/system/limits/tests.sh +++ b/bin/tests/system/limits/tests.sh @@ -6,46 +6,46 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.19 2011/11/04 23:46:15 tbox Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +DIGOPTS="-p ${PORT}" + status=0 -echo "I:1000 A records" -$DIG +tcp +norec 1000.example. @10.53.0.1 a -p 5300 > dig.out.1000 || status=1 -#dig 1000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.1000 +echo_i "1000 A records" +$DIG $DIGOPTS +tcp +norec 1000.example. @10.53.0.1 a > dig.out.1000 || status=1 +# $DIG $DIGOPTS 1000.example. @10.53.0.1 a > knowngood.dig.out.1000 $PERL ../digcomp.pl knowngood.dig.out.1000 dig.out.1000 || status=1 -echo "I:2000 A records" -$DIG +tcp +norec 2000.example. @10.53.0.1 a -p 5300 > dig.out.2000 || status=1 -#dig 2000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.2000 +echo_i "2000 A records" +$DIG $DIGOPTS +tcp +norec 2000.example. @10.53.0.1 a > dig.out.2000 || status=1 +# $DIG $DIGOPTS 2000.example. @10.53.0.1 a > knowngood.dig.out.2000 $PERL ../digcomp.pl knowngood.dig.out.2000 dig.out.2000 || status=1 -echo "I:3000 A records" -$DIG +tcp +norec 3000.example. @10.53.0.1 a -p 5300 > dig.out.3000 || status=1 -#dig 3000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.3000 +echo_i "3000 A records" +$DIG $DIGOPTS +tcp +norec 3000.example. @10.53.0.1 a > dig.out.3000 || status=1 +# $DIG $DIGOPTS 3000.example. @10.53.0.1 a > knowngood.dig.out.3000 $PERL ../digcomp.pl knowngood.dig.out.3000 dig.out.3000 || status=1 -echo "I:4000 A records" -$DIG +tcp +norec 4000.example. @10.53.0.1 a -p 5300 > dig.out.4000 || status=1 -#dig 4000.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.4000 +echo_i "4000 A records" +$DIG $DIGOPTS +tcp +norec 4000.example. @10.53.0.1 a > dig.out.4000 || status=1 +# $DIG $DIGOPTS 4000.example. @10.53.0.1 a > knowngood.dig.out.4000 $PERL ../digcomp.pl knowngood.dig.out.4000 dig.out.4000 || status=1 -echo "I:exactly maximum rrset" -$DIG +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a -p 5300 > dig.out.a-maximum-rrset \ +echo_i "exactly maximum rrset" +$DIG $DIGOPTS +tcp +norec +noedns a-maximum-rrset.example. @10.53.0.1 a > dig.out.a-maximum-rrset \ || status=1 -#dig a-maximum-rrset.example. @10.53.0.1 a -p 5300 > knowngood.dig.out.a-maximum-rrset +# $DIG $DIGOPTS a-maximum-rrset.example. @10.53.0.1 a > knowngood.dig.out.a-maximum-rrset $PERL ../digcomp.pl knowngood.dig.out.a-maximum-rrset dig.out.a-maximum-rrset || status=1 -echo "I:exceed maximum rrset (5000 A records)" -$DIG +tcp +norec +noadd 5000.example. @10.53.0.1 a -p 5300 > dig.out.exceed || status=1 +echo_i "exceed maximum rrset (5000 A records)" +$DIG $DIGOPTS +tcp +norec +noadd 5000.example. @10.53.0.1 a > dig.out.exceed || status=1 # Look for truncation bit (tc). grep 'flags: .*tc.*;' dig.out.exceed > /dev/null || { - echo "I:TC bit was not set" + echo_i "TC bit was not set" status=1 } -echo "I:exit status: $status" +echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/logfileconfig/clean.sh b/bin/tests/system/logfileconfig/clean.sh index 95f3370d7e..6cc8ffcbd8 100644 --- a/bin/tests/system/logfileconfig/clean.sh +++ b/bin/tests/system/logfileconfig/clean.sh @@ -9,10 +9,12 @@ # # Clean up after log file tests # +rm -f ns1/rndc.conf +rm -f ns1/controls.conf +rm -f ns1/named.conf rm -f ns1/named.pid ns1/named.run rm -f ns1/named.memstats ns1/dig.out rm -f ns1/named_log ns1/named_pipe ns1/named_sym -rm -f ns1/named.conf rm -rf ns1/named_dir rm -f ns1/named_deflog rm -f ns*/named.lock diff --git a/bin/tests/system/logfileconfig/ns1/controls.conf.in b/bin/tests/system/logfileconfig/ns1/controls.conf.in new file mode 100644 index 0000000000..bc5b110151 --- /dev/null +++ b/bin/tests/system/logfileconfig/ns1/controls.conf.in @@ -0,0 +1,13 @@ +/* + * Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +controls { + inet 127.0.0.1 port @CONTROLPORT@ + allow { 127.0.0.1/32; ::1/128; } + keys { "rndc-key"; }; +}; diff --git a/bin/tests/system/logfileconfig/ns1/named.dirconf b/bin/tests/system/logfileconfig/ns1/named.dirconf index 1853f75fb7..6dc80df243 100644 --- a/bin/tests/system/logfileconfig/ns1/named.dirconf +++ b/bin/tests/system/logfileconfig/ns1/named.dirconf @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.dirconf,v 1.2 2011/03/04 14:43:57 smann Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -31,11 +27,7 @@ logging { category lame-servers { null; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.iso8601 b/bin/tests/system/logfileconfig/ns1/named.iso8601 index 3040855a81..555d87b2e7 100644 --- a/bin/tests/system/logfileconfig/ns1/named.iso8601 +++ b/bin/tests/system/logfileconfig/ns1/named.iso8601 @@ -10,11 +10,9 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -29,11 +27,7 @@ logging { category default { default_log; default_debug; }; }; -controls { - inet 127.0.0.1 port 9593 - allow { 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.iso8601-utc b/bin/tests/system/logfileconfig/ns1/named.iso8601-utc index 14241c7135..4d8e6782bb 100644 --- a/bin/tests/system/logfileconfig/ns1/named.iso8601-utc +++ b/bin/tests/system/logfileconfig/ns1/named.iso8601-utc @@ -10,11 +10,9 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -29,11 +27,7 @@ logging { category default { default_log; default_debug; }; }; -controls { - inet 127.0.0.1 port 9593 - allow { 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.pipeconf b/bin/tests/system/logfileconfig/ns1/named.pipeconf index 1207017a00..61258dc14d 100644 --- a/bin/tests/system/logfileconfig/ns1/named.pipeconf +++ b/bin/tests/system/logfileconfig/ns1/named.pipeconf @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.pipeconf,v 1.2 2011/03/04 14:43:57 smann Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -31,11 +27,7 @@ logging { category lame-servers { null; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.plain b/bin/tests/system/logfileconfig/ns1/named.plain index a8811984c4..4372788a5f 100644 --- a/bin/tests/system/logfileconfig/ns1/named.plain +++ b/bin/tests/system/logfileconfig/ns1/named.plain @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.plain,v 1.2 2011/03/04 14:43:57 smann Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -38,11 +34,7 @@ logging { category queries { query_log; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.plainconf b/bin/tests/system/logfileconfig/ns1/named.plainconf index dd524828a6..bafe9bf1a5 100644 --- a/bin/tests/system/logfileconfig/ns1/named.plainconf +++ b/bin/tests/system/logfileconfig/ns1/named.plainconf @@ -10,21 +10,15 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.symconf b/bin/tests/system/logfileconfig/ns1/named.symconf index f60be1e9b4..d13e33b397 100644 --- a/bin/tests/system/logfileconfig/ns1/named.symconf +++ b/bin/tests/system/logfileconfig/ns1/named.symconf @@ -6,17 +6,13 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* $Id: named.symconf,v 1.2 2011/03/04 14:43:57 smann Exp $ */ - options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -31,11 +27,7 @@ logging { category lame-servers { null; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.tsconf b/bin/tests/system/logfileconfig/ns1/named.tsconf index b578f2d1e0..b8b0dfabc0 100644 --- a/bin/tests/system/logfileconfig/ns1/named.tsconf +++ b/bin/tests/system/logfileconfig/ns1/named.tsconf @@ -10,11 +10,9 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -38,11 +36,7 @@ logging { category queries { query_log; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.unlimited b/bin/tests/system/logfileconfig/ns1/named.unlimited index 446caee041..4d6e007f18 100644 --- a/bin/tests/system/logfileconfig/ns1/named.unlimited +++ b/bin/tests/system/logfileconfig/ns1/named.unlimited @@ -10,11 +10,9 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -38,11 +36,7 @@ logging { category queries { query_log; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/named.versconf b/bin/tests/system/logfileconfig/ns1/named.versconf index b2547d5fd4..2fc040db97 100644 --- a/bin/tests/system/logfileconfig/ns1/named.versconf +++ b/bin/tests/system/logfileconfig/ns1/named.versconf @@ -10,11 +10,9 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; - listen-on port 5300 { - 10.53.0.1; - }; + listen-on { 10.53.0.1; }; listen-on-v6 { none; }; recursion no; notify yes; @@ -38,11 +36,7 @@ logging { category queries { query_log; }; }; -controls { - inet 127.0.0.1 port 9593 allow { - 127.0.0.1/32; ::1/128; } - keys { "rndc-key"; }; -}; +include "controls.conf"; key "rndc-key" { algorithm hmac-sha256; diff --git a/bin/tests/system/logfileconfig/ns1/rndc.conf b/bin/tests/system/logfileconfig/ns1/rndc.conf.in similarity index 90% rename from bin/tests/system/logfileconfig/ns1/rndc.conf rename to bin/tests/system/logfileconfig/ns1/rndc.conf.in index 4e427ddbab..0fa1909a01 100644 --- a/bin/tests/system/logfileconfig/ns1/rndc.conf +++ b/bin/tests/system/logfileconfig/ns1/rndc.conf.in @@ -12,7 +12,7 @@ options { server 127.0.0.1 { key "rndc-key"; - addresses { 127.0.0.1 port 9593; }; + addresses { 127.0.0.1 port @CONTROLPORT@; }; }; key "rndc-key" { diff --git a/bin/tests/system/logfileconfig/setup.sh b/bin/tests/system/logfileconfig/setup.sh index 42af44bf95..c115a219df 100644 --- a/bin/tests/system/logfileconfig/setup.sh +++ b/bin/tests/system/logfileconfig/setup.sh @@ -11,4 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -cp ns1/named.plain ns1/named.conf +copy_setports ns1/named.plain ns1/named.conf +copy_setports ns1/rndc.conf.in ns1/rndc.conf +copy_setports ns1/controls.conf.in ns1/controls.conf diff --git a/bin/tests/system/logfileconfig/tests.sh b/bin/tests/system/logfileconfig/tests.sh index a2672e471e..631c15af82 100644 --- a/bin/tests/system/logfileconfig/tests.sh +++ b/bin/tests/system/logfileconfig/tests.sh @@ -6,31 +6,31 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -# $Id: tests.sh,v 1.4 2011/03/22 16:51:50 smann Exp $ - SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh THISDIR=`pwd` CONFDIR="ns1" -DIRCONF="${THISDIR}/${CONFDIR}/named.dirconf" -PIPECONF="${THISDIR}/${CONFDIR}/named.pipeconf" -SYMCONF="${THISDIR}/${CONFDIR}/named.symconf" + PLAINCONF="${THISDIR}/${CONFDIR}/named.plainconf" -ISOCONF="${THISDIR}/${CONFDIR}/named.iso8601" -ISOCONFUTC="${THISDIR}/${CONFDIR}/named.iso8601-utc" -VERSCONF="${THISDIR}/${CONFDIR}/named.versconf" -TSCONF="${THISDIR}/${CONFDIR}/named.tsconf" -UNLIMITEDCONF="${THISDIR}/${CONFDIR}/named.unlimited" PLAINFILE="named_log" +DIRCONF="${THISDIR}/${CONFDIR}/named.dirconf" DIRFILE="named_dir" +PIPECONF="${THISDIR}/${CONFDIR}/named.pipeconf" PIPEFILE="named_pipe" +SYMCONF="${THISDIR}/${CONFDIR}/named.symconf" SYMFILE="named_sym" -DLFILE="named_deflog" -ISOFILE="named_iso8601" -ISOUTCFILE="named_iso8601_utc" +VERSCONF="${THISDIR}/${CONFDIR}/named.versconf" VERSFILE="named_vers" +TSCONF="${THISDIR}/${CONFDIR}/named.tsconf" TSFILE="named_ts" +UNLIMITEDCONF="${THISDIR}/${CONFDIR}/named.unlimited" UNLIMITEDFILE="named_unlimited" +ISOCONF="${THISDIR}/${CONFDIR}/named.iso8601" +ISOFILE="named_iso8601" +ISOCONFUTC="${THISDIR}/${CONFDIR}/named.iso8601-utc" +ISOUTCFILE="named_iso8601_utc" +DLFILE="named_deflog" + PIDFILE="${THISDIR}/${CONFDIR}/named.pid" myRNDC="$RNDC -c ${THISDIR}/${CONFDIR}/rndc.conf" myNAMED="$NAMED -c ${THISDIR}/${CONFDIR}/named.conf -m record,size,mctx -T clienttest -T nosyslog -d 99 -X named.lock -U 4" @@ -61,75 +61,75 @@ n=0 cd $CONFDIR -echo "I:testing log file validity (named -g + only plain files allowed)" +echo_i "testing log file validity (named -g + only plain files allowed)" n=`expr $n + 1` -echo "I: testing plain file (named -g) ($n)" +echo_i "testing plain file (named -g) ($n)" # First run with a known good config. echo > $PLAINFILE -cp $PLAINCONF named.conf +copy_setports $PLAINCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing plain file succeeded" + echo_i "testing plain file succeeded" else - echo "I: testing plain file failed (unexpected)" - echo "I:exit status: 1" + echo_i "testing plain file failed (unexpected)" + echo_i "exit status: 1" exit 1 fi # Now try directory, expect failure n=`expr $n + 1` -echo "I: testing directory as log file (named -g) ($n)" +echo_i "testing directory as log file (named -g) ($n)" echo > named.run rm -rf $DIRFILE mkdir -p $DIRFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $DIRCONF named.conf + copy_setports $DIRCONF named.conf echo > named.run $myRNDC reconfig > rndc.out.test$n 2>&1 grep "checking logging configuration failed: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing directory as file succeeded (UNEXPECTED)" - echo "I:exit status: 1" + echo_i "testing directory as file succeeded (UNEXPECTED)" + echo_i "exit status: 1" exit 1 else - echo "I: testing directory as log file failed (expected)" + echo_i "testing directory as log file failed (expected)" fi else - echo "I: skipping directory test (unable to create directory)" + echo_i "skipping directory test (unable to create directory)" fi # Now try pipe file, expect failure n=`expr $n + 1` -echo "I: testing pipe file as log file (named -g) ($n)" +echo_i "testing pipe file as log file (named -g) ($n)" echo > named.run rm -f $PIPEFILE mkfifo $PIPEFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $PIPECONF named.conf + copy_setports $PIPECONF named.conf echo > named.run $myRNDC reconfig > rndc.out.test$n 2>&1 grep "checking logging configuration failed: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing pipe file as log file succeeded (UNEXPECTED)" - echo "I:exit status: 1" + echo_i "testing pipe file as log file succeeded (UNEXPECTED)" + echo_i "exit status: 1" exit 1 else - echo "I: testing pipe file as log file failed (expected)" + echo_i "testing pipe file as log file failed (expected)" fi else - echo "I: skipping pipe test (unable to create pipe)" + echo_i "skipping pipe test (unable to create pipe)" fi # Now try symlink file to plain file, expect success n=`expr $n + 1` -echo "I: testing symlink to plain file as log file (named -g) ($n)" +echo_i "testing symlink to plain file as log file (named -g) ($n)" # Assume success echo > named.run echo > $PLAINFILE @@ -137,20 +137,20 @@ rm -f $SYMFILE $SYMFILE ln -s $PLAINFILE $SYMFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $SYMCONF named.conf + copy_setports $SYMCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 echo > named.run grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing symlink to plain file succeeded" + echo_i "testing symlink to plain file succeeded" else - echo "I: testing symlink to plain file failed (unexpected)" - echo "I:exit status: 1" + echo_i "testing symlink to plain file failed (unexpected)" + echo_i "exit status: 1" exit 1 fi else - echo "I: skipping symlink test (unable to create symlink)" + echo_i "skipping symlink test (unable to create symlink)" fi # Stop the server and run through a series of tests with various config # files while controlling the stop/start of the server. @@ -162,82 +162,82 @@ $myNAMED > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I:failed to start $myNAMED" - echo "I:exit status: $status" + echo_i "failed to start $myNAMED" + echo_i "exit status: $status" exit $status fi status=0 -echo "I:testing log file validity (only plain files allowed)" +echo_i "testing log file validity (only plain files allowed)" n=`expr $n + 1` -echo "I: testing plain file (named -g) ($n)" +echo_i "testing plain file (named -g) ($n)" # First run with a known good config. echo > $PLAINFILE -cp $PLAINCONF named.conf +copy_setports $PLAINCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing plain file succeeded" + echo_i "testing plain file succeeded" else - echo "I: testing plain file failed (unexpected)" - echo "I:exit status: 1" + echo_i "testing plain file failed (unexpected)" + echo_i "exit status: 1" exit 1 fi # Now try directory, expect failure n=`expr $n + 1` -echo "I: testing directory as log file ($n)" +echo_i "testing directory as log file ($n)" echo > named.run rm -rf $DIRFILE mkdir -p $DIRFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $DIRCONF named.conf + copy_setports $DIRCONF named.conf echo > named.run $myRNDC reconfig > rndc.out.test$n 2>&1 grep "configuring logging: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing directory as file succeeded (UNEXPECTED)" - echo "I:exit status: 1" + echo_i "testing directory as file succeeded (UNEXPECTED)" + echo_i "exit status: 1" exit 1 else - echo "I: testing directory as log file failed (expected)" + echo_i "testing directory as log file failed (expected)" fi else - echo "I: skipping directory test (unable to create directory)" + echo_i "skipping directory test (unable to create directory)" fi # Now try pipe file, expect failure n=`expr $n + 1` -echo "I: testing pipe file as log file ($n)" +echo_i "testing pipe file as log file ($n)" echo > named.run rm -f $PIPEFILE mkfifo $PIPEFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $PIPECONF named.conf + copy_setports $PIPECONF named.conf echo > named.run $myRNDC reconfig > rndc.out.test$n 2>&1 grep "configuring logging: invalid file" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing pipe file as log file succeeded (UNEXPECTED)" - echo "I:exit status: 1" + echo_i "testing pipe file as log file succeeded (UNEXPECTED)" + echo_i "exit status: 1" exit 1 else - echo "I: testing pipe file as log file failed (expected)" + echo_i "testing pipe file as log file failed (expected)" fi else - echo "I: skipping pipe test (unable to create pipe)" + echo_i "skipping pipe test (unable to create pipe)" fi # Now try symlink file to plain file, expect success n=`expr $n + 1` -echo "I: testing symlink to plain file as log file ($n)" +echo_i "testing symlink to plain file as log file ($n)" # Assume success status=0 echo > named.run @@ -246,33 +246,33 @@ rm -f $SYMFILE ln -s $PLAINFILE $SYMFILE >/dev/null 2>&1 if [ $? -eq 0 ] then - cp $SYMCONF named.conf + copy_setports $SYMCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 echo > named.run grep "reloading configuration failed" named.run > /dev/null 2>&1 if [ $? -ne 0 ] then - echo "I: testing symlink to plain file succeeded" + echo_i "testing symlink to plain file succeeded" else - echo "I: testing symlink to plain file failed (unexpected)" - echo "I:exit status: 1" + echo_i "testing symlink to plain file failed (unexpected)" + echo_i "exit status: 1" exit 1 fi else - echo "I: skipping symlink test (unable to create symlink)" + echo_i "skipping symlink test (unable to create symlink)" fi n=`expr $n + 1` -echo "I:testing default logfile using named -L file ($n)" +echo_i "testing default logfile using named -L file ($n)" # Now stop the server again and test the -L option rm -f $DLFILE $PERL ../../stop.pl .. ns1 if ! test -f $PIDFILE; then - cp $PLAINCONF named.conf + copy_setports $PLAINCONF named.conf $myNAMED -L $DLFILE > /dev/null 2>&1 if [ $? -ne 0 ]; then - echo "I: failed to start $myNAMED" - echo "I:exit status: $status" + echo_i "failed to start $myNAMED" + echo_i "exit status: $status" exit $status fi @@ -280,134 +280,134 @@ if ! test -f $PIDFILE; then sleep 1 if [ -f "$DLFILE" ]; then - echo "I: testing default logfile using named -L succeeded" + echo_i "testing default logfile using named -L succeeded" else - echo "I: testing default logfile using named -L failed" - echo "I:exit status: 1" + echo_i "testing default logfile using named -L failed" + echo_i "exit status: 1" exit 1 fi else - echo "I: failed to cleanly stop $myNAMED" - echo "I:exit status: 1" + echo_i "failed to cleanly stop $myNAMED" + echo_i "exit status: 1" exit 1 fi -echo "I:testing logging functionality" +echo_i "testing logging functionality" n=`expr $n + 1` -echo "I: testing iso8601 timestamp ($n)" -cp $ISOCONF named.conf +echo_i "testing iso8601 timestamp ($n)" +copy_setports $ISOCONF named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 if grep '^....-..-..T..:..:..\.... ' $ISOFILE > /dev/null; then - echo "I: testing iso8601 timestamp succeeded" + echo_i "testing iso8601 timestamp succeeded" else - echo "I: testing iso8601 timestamp failed" + echo_i "testing iso8601 timestamp failed" status=`expr $status + 1` fi n=`expr $n + 1` -echo "I: testing iso8601-utc timestamp ($n)" -cp $ISOCONFUTC named.conf +echo_i "testing iso8601-utc timestamp ($n)" +copy_setports $ISOCONFUTC named.conf $myRNDC reconfig > rndc.out.test$n 2>&1 if grep '^....-..-..T..:..:..\....Z' $ISOUTCFILE > /dev/null; then - echo "I: testing iso8601-utc timestamp succeeded" + echo_i "testing iso8601-utc timestamp succeeded" else - echo "I: testing iso8601-utc timestamp failed" + echo_i "testing iso8601-utc timestamp failed" status=`expr $status + 1` fi n=`expr $n + 1` -echo "I: testing explicit versions ($n)" -cp $VERSCONF named.conf +echo_i "testing explicit versions ($n)" +copy_setports $VERSCONF named.conf # a seconds since epoch version number touch $VERSFILE.1480039317 t1=`$PERL -e 'print time()."\n";'` $myRNDC reconfig > rndc.out.test$n 2>&1 -$DIG version.bind txt ch @10.53.0.1 -p 5300 > dig.out.test$n +$DIG version.bind txt ch @10.53.0.1 -p ${PORT} > dig.out.test$n t2=`$PERL -e 'print time()."\n";'` t=`expr ${t2:-0} - ${t1:-0}` if test ${t:-1000} -gt 5 then - echo "I: testing explicit versions failed: cleanup of old entries took too long ($t secs)" + echo_i "testing explicit versions failed: cleanup of old entries took too long ($t secs)" status=`expr $status + 1` fi if ! grep "status: NOERROR" dig.out.test$n > /dev/null then - echo "I: testing explicit versions failed: DiG lookup failed" + echo_i "testing explicit versions failed: DiG lookup failed" status=`expr $status + 1` fi if test_with_retry -f $VERSFILE.1480039317 then - echo "I: testing explicit versions failed: $VERSFILE.1480039317 not removed" + echo_i "testing explicit versions failed: $VERSFILE.1480039317 not removed" status=`expr $status + 1` fi if test_with_retry -f $VERSFILE.5 then - echo "I: testing explicit versions failed: $VERSFILE.5 exists" + echo_i "testing explicit versions failed: $VERSFILE.5 exists" status=`expr $status + 1` fi if test_with_retry ! -f $VERSFILE.4 then - echo "I: testing explicit versions failed: $VERSFILE.4 does not exist" + echo_i "testing explicit versions failed: $VERSFILE.4 does not exist" status=`expr $status + 1` fi n=`expr $n + 1` -echo "I: testing timestamped versions ($n)" -cp $TSCONF named.conf +echo_i "testing timestamped versions ($n)" +copy_setports $TSCONF named.conf # a seconds since epoch version number touch $TSFILE.2015010112000012 t1=`$PERL -e 'print time()."\n";'` $myRNDC reconfig > rndc.out.test$n 2>&1 -$DIG version.bind txt ch @10.53.0.1 -p 5300 > dig.out.test$n +$DIG version.bind txt ch @10.53.0.1 -p ${PORT} > dig.out.test$n t2=`$PERL -e 'print time()."\n";'` t=`expr ${t2:-0} - ${t1:-0}` if test ${t:-1000} -gt 5 then - echo "I: testing timestamped versions failed: cleanup of old entries took too long ($t secs)" + echo_i "testing timestamped versions failed: cleanup of old entries took too long ($t secs)" status=`expr $status + 1` fi if ! grep "status: NOERROR" dig.out.test$n > /dev/null then - echo "I: testing timestamped versions failed: DiG lookup failed" + echo_i "testing timestamped versions failed: DiG lookup failed" status=`expr $status + 1` fi if test_with_retry -f $TSFILE.1480039317 then - echo "I: testing timestamped versions failed: $TSFILE.1480039317 not removed" + echo_i "testing timestamped versions failed: $TSFILE.1480039317 not removed" status=`expr $status + 1` fi n=`expr $n + 1` -echo "I: testing unlimited versions ($n)" -cp $UNLIMITEDCONF named.conf +echo_i "testing unlimited versions ($n)" +copy_setports $U