Merge branch '4-fix-the-last-three-system-tests-parallel-run' into 'master'

Convert the last three system tests (ecdsa, eddsa and tkey) to use dynamic ports

See merge request !3257

bin/tests/system/conf.sh.common

@@ -37,7 +37,7 @@ export LANG=C
 # SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should
 # be added to SEQUENTIAL_WINDOWS in conf.sh.win32.
 #
-SEQUENTIAL_COMMON="ecdsa eddsa tkey"
+SEQUENTIAL_COMMON=""
 
 #
 # These tests can use ports assigned by the caller (other than 5300
@@ -58,7 +58,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
 	checkconf checknames checkzone \
 	cookie database digdelv dlz dlzexternal \
 	dns64 dscp dsdigest dyndb \
-	ednscompliance emptyzones \
+	ecdsa eddsa ednscompliance emptyzones \
 	fetchlimit filter-aaaa formerr forward \
 	geoip2 glue idna include-multiplecfg \
 	inline integrity ixfr \
@@ -70,7 +70,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
 	rrchecker rrl rrsetorder rsabigexponent runtime \
 	sfcache smartsign sortlist \
 	spf staticstub statistics statschannel stub synthfromdnssec \
-	tcp tools tsig tsiggss ttl \
+	tcp tkey tools tsig tsiggss ttl \
 	unknown upforwd verify views wildcard \
 	xfer xferquota zero zonechecks"
 

bin/tests/system/ecdsa/.gitignore

+/ns1/named.conf
+/ns2/named.conf

bin/tests/system/ecdsa/clean.sh

@@ -9,11 +9,17 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */K* */dsset-* */*.signed */trusted.conf
-rm -f ns1/root.db
-rm -f ns1/signer.err
-rm -f dig.out*
-rm -f */named.run
-rm -f */named.memstats
-rm -f ns*/named.lock
+set -e
+
+rm -f ./dig.out*
+rm -f ns*/*.signed
+rm -f ns*/K*
+rm -f ns*/dsset-*
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns*/named.memstats
+rm -f ns*/named.run
+rm -f ns*/root.db
+rm -f ns*/signer.err
+rm -f ns*/trusted.conf

bin/tests/system/ecdsa/ns1/named.conf → bin/tests/system/ecdsa/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/ecdsa/ns1/sign.sh

@@ -9,21 +9,22 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
 
 zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone`
-key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone`
-$DSFROMKEY -a sha-384 $key2.key > dsset-384
+key1=$($KEYGEN -q -a ECDSAP256SHA256 -n zone "$zone")
+key2=$($KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK "$zone")
+$DSFROMKEY -a sha-384 "$key2.key" > dsset-384
 
-cat $infile $key1.key $key2.key > $zonefile
+cat "$infile" "$key1.key" "$key2.key" > $zonefile
 
-$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err
 
 # Configure the resolving server with a static key.
-keyfile_to_static_ds $key1 > trusted.conf
+keyfile_to_static_ds "$key1" > trusted.conf
 cp trusted.conf ../ns2/trusted.conf

bin/tests/system/ecdsa/ns2/named.conf → bin/tests/system/ecdsa/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/ecdsa/setup.sh

@@ -9,7 +9,11 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
 
 cd ns1 && $SHELL sign.sh

bin/tests/system/ecdsa/tests.sh

@@ -9,26 +9,28 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
 
 status=0
-n=0
+n=1
 
-rm -f dig.out.*
+dig_with_opts() {
+    "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
+}
 
-DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
 
 # Check the example. domain
 echo "I:checking that positive validation works ($n)"
 ret=0
-$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
 if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
 
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/eddsa/clean.sh

@@ -9,11 +9,17 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f */K* */dsset-* */*.signed */trusted.conf
-rm -f ns1/root.db
-rm -f ns*/signer.err
-rm -f dig.out*
-rm -f */named.run
-rm -f */named.memstats
-rm -f ns*/named.lock
+set -e
+
+rm -f ./dig.out*
+rm -f ns*/*.signed
+rm -f ns*/K*
+rm -f ns*/dsset-*
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns*/named.memstats
+rm -f ns*/named.run
+rm -f ns*/root.db
+rm -f ns*/signer.err
+rm -f ns*/trusted.conf

bin/tests/system/eddsa/ns1/named.conf → bin/tests/system/eddsa/ns1/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };

bin/tests/system/eddsa/ns1/sign.sh

@@ -9,24 +9,25 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
 
 zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -a ED25519 -n zone $zone`
-key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone`
-#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone`
-$DSFROMKEY -a sha-256 $key2.key > dsset-256
+key1=$($KEYGEN -q -a ED25519 -n zone "$zone")
+key2=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone")
+#key2=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone")
+$DSFROMKEY -a sha-256 "$key2.key" > dsset-256
 
-cat $infile $key1.key $key2.key > $zonefile
+cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
 
-$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err
 
 # Configure the resolving server with a static key.
-keyfile_to_static_ds $key1 > trusted.conf
+keyfile_to_static_ds "$key1" > trusted.conf
 cp trusted.conf ../ns2/trusted.conf
 
 cd ../ns2 && $SHELL sign.sh

bin/tests/system/eddsa/ns2/named.conf → bin/tests/system/eddsa/ns2/named.conf.in

@@ -17,7 +17,7 @@ options {
 	query-source address 10.53.0.2;
 	notify-source 10.53.0.2;
 	transfer-source 10.53.0.2;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.2; };
 	listen-on-v6 { none; };

bin/tests/system/eddsa/ns2/sign.sh

@@ -9,8 +9,9 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
 
 zone=example.com.
 zonefile=example.com.db
@@ -22,7 +23,7 @@ for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \
 	 Xexample.com.+016+09713.key Xexample.com.+016+09713.private \
 	 Xexample.com.+016+38353.key Xexample.com.+016+38353.private
 do
-	cp $i `echo $i | sed s/X/K/`
+	cp "$i" "$(echo $i | sed s/X/K/)"
 done
 
-$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/prereq.sh

@@ -9,7 +9,10 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
 
-exec $SHELL ../testcrypto.sh eddsa
+. "$SYSTEMTESTTOP/conf.sh"
+
+if ! $SHELL ../testcrypto.sh eddsa; then
+	exit 1
+fi

bin/tests/system/eddsa/setup.sh

@@ -9,7 +9,11 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
 
 cd ns1 && $SHELL sign.sh

bin/tests/system/eddsa/tests.sh

@@ -9,27 +9,28 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
 
 status=0
 n=1
 
-rm -f dig.out.*
-
-DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+dig_with_opts() {
+    "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
+}
 
 # Check the example. domain
 
 echo "I:checking that positive validation works ($n)"
 ret=0
-$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
 if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
 
 # Check test vectors (RFC 8080 + errata)
 
@@ -39,9 +40,9 @@ grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/nul
 grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
 grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1
 grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
 if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
 
 echo "I:checking that Ed448 test vectors match ($n)"
 ret=0
@@ -57,9 +58,9 @@ grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/nul
 grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1
 grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1
 
-n=`expr $n + 1`
+n=$((n+1))
 if [ $ret != 0 ]; then echo "I:failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
 
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/tkey/clean.sh

@@ -9,10 +9,15 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f dig.out.* rndc.out.* ns1/named.conf
-rm -f K* ns1/K*
-rm -f */named.memstats
-rm -f */named.run
-rm -f ns1/_default.tsigkeys
-rm -f ns*/named.lock
+set -e
+
+rm -f ./K*
+rm -f ./dig.out.*
+rm -f ./rndc.out.*
+rm -f ns*/K*
+rm -f ns*/_default.tsigkeys
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns*/named.memstats
+rm -f ns*/named.run

bin/tests/system/tkey/keycreate.c

@@ -52,9 +52,11 @@
 
 #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
 
-#define PORT	5300
 #define TIMEOUT 30
 
+static char *ip_address = NULL;
+static int port = 0;
+
 static dst_key_t *ourkey;
 static isc_mem_t *mctx;
 static dns_tsigkey_t *tsigkey, *initialkey;
@@ -141,10 +143,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
 	isc_event_free(&event);
 
 	result = ISC_R_FAILURE;
-	if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
+	if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
 		CHECK("inet_pton", result);
 	}
-	isc_sockaddr_fromin(&address, &inaddr, PORT);
+	isc_sockaddr_fromin(&address, &inaddr, port);
 
 	dns_fixedname_init(&keyname);
 	isc_buffer_constinit(&namestr, "tkeytest.", 9);
@@ -210,18 +212,16 @@ main(int argc, char *argv[]) {
 
 	RUNCHECK(isc_app_start());
 
-	if (argc < 2) {
+	if (argc < 4) {
 		fprintf(stderr, "I:no DH key provided\n");
 		exit(-1);
 	}
-	if (strcmp(argv[1], "-r") == 0) {
-		fprintf(stderr, "I:the -r option has been deprecated\n");
-		exit(-1);
-	}
-	ourkeyname = argv[1];
+	ip_address = argv[1];
+	port = atoi(argv[2]);
+	ourkeyname = argv[3];
 
-	if (argc >= 3) {
-		ownername_str = argv[2];
+	if (argc >= 5) {
+		ownername_str = argv[4];
 	}
 
 	dns_result_register();

bin/tests/system/tkey/keydelete.c

@@ -51,9 +51,10 @@
 
 #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
 
-#define PORT	5300
 #define TIMEOUT 30
 
+static char *ip_address;
+static int port;
 static isc_mem_t *mctx;
 static dns_tsigkey_t *tsigkey;
 static dns_tsig_keyring_t *ring;
@@ -114,10 +115,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
 	isc_event_free(&event);
 
 	result = ISC_R_FAILURE;
-	if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
+	if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
 		CHECK("inet_pton", result);
 	}
-	isc_sockaddr_fromin(&address, &inaddr, PORT);
+	isc_sockaddr_fromin(&address, &inaddr, port);
 
 	query = NULL;
 	result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
@@ -155,7 +156,7 @@ main(int argc, char **argv) {
 
 	RUNCHECK(isc_app_start());
 
-	if (argc < 2) {
+	if (argc < 4) {
 		fprintf(stderr, "I:no key to delete\n");
 		exit(-1);
 	}
@@ -163,7 +164,9 @@ main(int argc, char **argv) {
 		fprintf(stderr, "I:The -r options has been deprecated\n");
 		exit(-1);
 	}
-	keyname = argv[1];
+	ip_address = argv[1];
+	port = atoi(argv[2]);
+	keyname = argv[3];
 
 	dns_result_register();
 

bin/tests/system/tkey/ns1/named.conf.in

@@ -15,7 +15,7 @@ options {
 	query-source address 10.53.0.1;
 	notify-source 10.53.0.1;
 	transfer-source 10.53.0.1;
-	port 5300;
+	port @PORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
 	listen-on-v6 { none; };
@@ -32,7 +32,7 @@ key rndc_key {
 };
 
 controls {
-	inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
 key "tkeytest." {

bin/tests/system/tkey/ns1/setup.sh

@@ -9,10 +9,10 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+set -e
 
-keyname=`$KEYGEN -T KEY -a DH -b 768 -n host server`
-keyid=$(keyfile_to_key_id $keyname)
-rm -f named.conf
-sed -e "s;KEYID;$keyid;" < named.conf.in > named.conf
+. "$SYSTEMTESTTOP/conf.sh"
+
+keyname=$($KEYGEN -T KEY -a DH -b 768 -n host server)
+keyid=$(keyfile_to_key_id "$keyname")
+sed -i -e "s;KEYID;$keyid;" named.conf

bin/tests/system/tkey/setup.sh

@@ -9,7 +9,10 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
+
+. "$SYSTEMTESTTOP/conf.sh"
+
+copy_setports ns1/named.conf.in ns1/named.conf
 
 cd ns1 && $SHELL setup.sh

bin/tests/system/tkey/tests.sh

@@ -9,137 +9,153 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+set -e
 
-DIGOPTS="@10.53.0.1 -p 5300"
+. "$SYSTEMTESTTOP/conf.sh"
+
+dig_with_opts() {
+	"$DIG" @10.53.0.1 -p "$PORT" "$@"
+}
 
 status=0
+n=1
 
-echo "I:generating new DH key"
+echo "I:generating new DH key ($n)"
 ret=0
-dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host client` || ret=1
+dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1
 if [ $ret != 0 ]; then
 	echo "I:failed"
-	status=`expr $status + $ret`
+	status=$((status+ret))
 	echo "I:exit status: $status"
 	exit $status
 fi
-status=`expr $status + $ret`
+status=$((status+ret))
+n=$((n+1))
 
 for owner in . foo.example.
 do
-	echo "I:creating new key using owner name \"$owner\""
+	echo "I:creating new key using owner name \"$owner\" ($n)"
 	ret=0
-	keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
+	keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1
 	if [ $ret != 0 ]; then
 		echo "I:failed"
-		status=`expr $status + $ret`
+		status=$((status+ret))
 		echo "I:exit status: $status"
 		exit $status
 	fi
-	status=`expr $status + $ret`
+	status=$((status+ret))
+	n=$((n+1))
 
-	echo "I:checking the new key"
+	echo "I:checking the new key ($n)"
 	ret=0
-	$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.1 || ret=1
-	grep "status: NOERROR" dig.out.1 > /dev/null || ret=1
-	grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1
-	grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1
+	dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1
+	grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+	grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1
+	grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1
 	if [ $ret != 0 ]; then
 		echo "I:failed"
 	fi
-	status=`expr $status + $ret`
+	status=$((status+ret))
+	n=$((n+1))
 
-	echo "I:deleting new key"
+	echo "I:deleting new key ($n)"
 	ret=0
-	$KEYDELETE $keyname || ret=1
+	$KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1
 	if [ $ret != 0 ]; then
 		echo "I:failed"
 	fi
-	status=`expr $status + $ret`
+	status=$((status+ret))
+	n=$((n+1))
 
-	echo "I:checking that new key has been deleted"
+	echo "I:checking that new key has been deleted ($n)"
 	ret=0
-	$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.2 || ret=1
-	grep "status: NOERROR" di