Version in base suite: 9.16.44-1~deb11u1
Base version: bind9_9.16.44-1~deb11u1
Target version: bind9_9.16.48-1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/b/bind9/bind9_9.16.44-1~deb11u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/b/bind9/bind9_9.16.48-1.dsc
.editorconfig | 5
.gitlab-ci.yml | 427
.reuse/dep5 | 1
CHANGES | 53
bin/dnssec/dnssec-signzone.c | 2
bin/named/config.c | 4
bin/plugins/filter-aaaa.c | 2
bin/rndc/rndc.rst | 6
bin/tests/system/README | 12
bin/tests/system/acl/tests.sh | 219
bin/tests/system/additional/tests.sh | 540 -
bin/tests/system/addzone/tests.sh | 739 -
bin/tests/system/allow-query/setup.sh | 6
bin/tests/system/allow-query/tests.sh | 527 -
bin/tests/system/auth/tests.sh | 198
bin/tests/system/autosign/ns1/keygen.sh | 26
bin/tests/system/autosign/ns2/keygen.sh | 36
bin/tests/system/autosign/ns3/keygen.sh | 294
bin/tests/system/autosign/ns3/named.conf.in | 1
bin/tests/system/autosign/tests.sh | 1077 +-
bin/tests/system/builtin/tests.sh | 177
bin/tests/system/cacheclean/tests.sh | 192
bin/tests/system/case/tests.sh | 100
bin/tests/system/catz/tests.sh | 1347 +--
bin/tests/system/cds/setup.sh | 44
bin/tests/system/cds/tests.sh | 65
bin/tests/system/chain/ans3/ans.pl | 16
bin/tests/system/chain/ns2/sign.sh | 10
bin/tests/system/chain/prereq.sh | 49
bin/tests/system/chain/tests.sh | 396
bin/tests/system/checkconf/tests.sh | 846 +
bin/tests/system/checkds/ns2/setup.sh | 17
bin/tests/system/checkds/ns5/setup.sh | 8
bin/tests/system/checkds/ns9/setup.sh | 52
bin/tests/system/checkds/prereq.sh | 20
bin/tests/system/checkds/setup.sh | 12
bin/tests/system/checkdstool/dig.sh | 19
bin/tests/system/checkdstool/tests.sh | 108
bin/tests/system/checknames/tests.sh | 138
bin/tests/system/checkzone/setup.sh | 4
bin/tests/system/checkzone/tests.sh | 174
bin/tests/system/ckdnsrps.sh | 127
bin/tests/system/cleanall.sh | 17
bin/tests/system/cleanpkcs11.sh | 2
bin/tests/system/conf.sh.in | 15
bin/tests/system/cookie/prereq.sh | 20
bin/tests/system/cookie/tests.sh | 553 -
bin/tests/system/coverage/setup.sh | 40
bin/tests/system/coverage/tests.sh | 114
bin/tests/system/database/tests.sh | 27
bin/tests/system/dialup/tests.sh | 46
bin/tests/system/digdelv/ns2/sign.sh | 10
bin/tests/system/digdelv/prereq.sh | 9
bin/tests/system/digdelv/tests.sh | 1231 +-
bin/tests/system/dlz/prereq.sh | 4
bin/tests/system/dlz/tests.sh | 58
bin/tests/system/dlzexternal/prereq.sh | 10
bin/tests/system/dlzexternal/setup.sh | 2
bin/tests/system/dlzexternal/tests.sh | 212
bin/tests/system/dns64/ns1/sign.sh | 4
bin/tests/system/dns64/tests.sh | 1536 +--
bin/tests/system/dnssec/ns1/sign.sh | 20
bin/tests/system/dnssec/ns2/sign.sh | 146
bin/tests/system/dnssec/ns3/secure.example.db.in | 5
bin/tests/system/dnssec/ns3/sign.sh | 313
bin/tests/system/dnssec/ns5/sign.sh | 12
bin/tests/system/dnssec/ns6/sign.sh | 4
bin/tests/system/dnssec/ns7/sign.sh | 6
bin/tests/system/dnssec/prereq.sh | 38
bin/tests/system/dnssec/setup.sh | 22
bin/tests/system/dnssec/tests.sh | 4289 +++++-----
bin/tests/system/dnstap/prereq.sh | 4
bin/tests/system/dnstap/tests.sh | 1015 +-
bin/tests/system/dscp/tests.sh | 25
bin/tests/system/dsdigest/ns1/sign.sh | 6
bin/tests/system/dsdigest/ns2/sign.sh | 13
bin/tests/system/dsdigest/tests.sh | 28
bin/tests/system/dupsigs/ns1/reset_keys.sh | 51
bin/tests/system/dupsigs/setup.sh | 5
bin/tests/system/dupsigs/tests.sh | 41
bin/tests/system/dyndb/prereq.sh | 12
bin/tests/system/dyndb/tests.sh | 170
bin/tests/system/ecdsa/ns1/sign.sh | 34
bin/tests/system/ecdsa/setup.sh | 8
bin/tests/system/ecdsa/tests.sh | 42
bin/tests/system/eddsa/ns1/sign.sh | 34
bin/tests/system/eddsa/ns2/sign.sh | 13
bin/tests/system/eddsa/ns3/sign.sh | 13
bin/tests/system/eddsa/prereq.sh | 4
bin/tests/system/eddsa/setup.sh | 16
bin/tests/system/eddsa/tests.sh | 104
bin/tests/system/ednscompliance/tests.sh | 181
bin/tests/system/emptyzones/tests.sh | 16
bin/tests/system/fetchlimit/prereq.sh | 9
bin/tests/system/fetchlimit/tests.sh | 155
bin/tests/system/filter-aaaa/ns1/sign.sh | 10
bin/tests/system/filter-aaaa/ns4/sign.sh | 6
bin/tests/system/filter-aaaa/prereq.sh | 10
bin/tests/system/filter-aaaa/tests.sh | 1543 +--
bin/tests/system/formerr/clean.sh | 6
bin/tests/system/formerr/tests.sh | 30
bin/tests/system/forward/ns1/sign.sh | 6
bin/tests/system/forward/prereq.sh | 29
bin/tests/system/forward/setup.sh | 4
bin/tests/system/forward/tests.sh | 308
bin/tests/system/genzone.sh | 5
bin/tests/system/geoip2/prereq.sh | 4
bin/tests/system/geoip2/setup.sh | 4
bin/tests/system/geoip2/tests.sh | 323
bin/tests/system/glue/tests.sh | 2
bin/tests/system/idna/tests.sh | 456 -
bin/tests/system/ifconfig.sh | 410
bin/tests/system/inline/clean.sh | 26
bin/tests/system/inline/ns1/sign.sh | 4
bin/tests/system/inline/ns3/sign.sh | 77
bin/tests/system/inline/ns8/sign.sh | 9
bin/tests/system/inline/setup.sh | 20
bin/tests/system/inline/tests.sh | 1092 +-
bin/tests/system/integrity/tests.sh | 120
bin/tests/system/ixfr/prereq.sh | 9
bin/tests/system/ixfr/setup.sh | 32
bin/tests/system/ixfr/tests.sh | 163
bin/tests/system/journal/setup.sh | 2
bin/tests/system/journal/tests.sh | 192
bin/tests/system/kasp.sh | 1771 ++--
bin/tests/system/kasp/ns3/setup.sh | 757 -
bin/tests/system/kasp/ns4/setup.sh | 13
bin/tests/system/kasp/ns5/setup.sh | 13
bin/tests/system/kasp/ns6/setup.sh | 377
bin/tests/system/kasp/prereq.sh | 4
bin/tests/system/kasp/setup.sh | 43
bin/tests/system/kasp/tests.sh | 2466 ++---
bin/tests/system/keepalive/tests.sh | 70
bin/tests/system/keymgr/19-old-keys/extra.sh | 16
bin/tests/system/keymgr/setup.sh | 184
bin/tests/system/keymgr/tests.sh | 207
bin/tests/system/keymgr2kasp/clean.sh | 1
bin/tests/system/keymgr2kasp/ns3/setup.sh | 98
bin/tests/system/keymgr2kasp/ns4/setup.sh | 10
bin/tests/system/keymgr2kasp/setup.sh | 8
bin/tests/system/keymgr2kasp/tests.sh | 556 -
bin/tests/system/legacy/ns6/sign.sh | 6
bin/tests/system/legacy/ns7/sign.sh | 8
bin/tests/system/legacy/tests.sh | 270
bin/tests/system/limits/tests.sh | 20
bin/tests/system/logfileconfig/named1.args | 2
bin/tests/system/logfileconfig/named2.args | 2
bin/tests/system/logfileconfig/tests.sh | 180
bin/tests/system/masterfile/tests.sh | 26
bin/tests/system/masterformat/ns1/compile.sh | 24
bin/tests/system/masterformat/setup.sh | 2
bin/tests/system/masterformat/tests.sh | 309
bin/tests/system/metadata/clean.sh | 2
bin/tests/system/metadata/setup.sh | 25
bin/tests/system/metadata/tests.sh | 92
bin/tests/system/mirror/ns1/sign.sh | 14
bin/tests/system/mirror/ns2/sign.sh | 70
bin/tests/system/mirror/setup.sh | 6
bin/tests/system/mirror/tests.sh | 386
bin/tests/system/mkeys/ns1/sign.sh | 24
bin/tests/system/mkeys/ns4/sign.sh | 4
bin/tests/system/mkeys/ns6/setup.sh | 2
bin/tests/system/mkeys/setup.sh | 10
bin/tests/system/mkeys/tests.sh | 581 -
bin/tests/system/names/tests.sh | 22
bin/tests/system/notify/tests.sh | 177
bin/tests/system/nsec3/clean.sh | 1
bin/tests/system/nsec3/ns3/setup.sh | 19
bin/tests/system/nsec3/setup.sh | 8
bin/tests/system/nsec3/tests.sh | 194
bin/tests/system/nslookup/tests.sh | 90
bin/tests/system/nsupdate/krb/setup.sh | 13
bin/tests/system/nsupdate/ns3/sign.sh | 6
bin/tests/system/nsupdate/prereq.sh | 16
bin/tests/system/nsupdate/setup.sh | 39
bin/tests/system/nsupdate/tests.sh | 1341 +--
bin/tests/system/nzd2nzf/prereq.sh | 4
bin/tests/system/nzd2nzf/tests.sh | 46
bin/tests/system/padding/tests.sh | 116
bin/tests/system/parallel.sh | 12
bin/tests/system/pending/ns1/sign.sh | 10
bin/tests/system/pending/ns2/sign.sh | 16
bin/tests/system/pending/tests.sh | 103
bin/tests/system/pipelined/prereq.sh | 20
bin/tests/system/pipelined/tests.sh | 60
bin/tests/system/pkcs11/setup.sh | 76
bin/tests/system/pkcs11/tests.sh | 154
bin/tests/system/qmin/prereq.sh | 20
bin/tests/system/qmin/tests.sh | 348
bin/tests/system/reclimit/ans7/ans.pl | 16
bin/tests/system/reclimit/prereq.sh | 29
bin/tests/system/reclimit/tests.sh | 239
bin/tests/system/redirect/ns1/sign.sh | 8
bin/tests/system/redirect/ns3/sign.sh | 8
bin/tests/system/redirect/ns5/sign.sh | 16
bin/tests/system/redirect/setup.sh | 6
bin/tests/system/redirect/tests.sh | 590 -
bin/tests/system/resolver/ns6/keygen.sh | 10
bin/tests/system/resolver/prereq.sh | 20
bin/tests/system/resolver/tests.sh | 920 +-
bin/tests/system/rndc/setup.sh | 14
bin/tests/system/rndc/tests.sh | 722 -
bin/tests/system/rndc/tests_cve-2023-3341.py | 57
bin/tests/system/rootkeysentinel/ns1/sign.sh | 8
bin/tests/system/rootkeysentinel/ns2/sign.sh | 26
bin/tests/system/rootkeysentinel/tests.sh | 296
bin/tests/system/rpz/clean.sh | 43
bin/tests/system/rpz/qperf.sh | 12
bin/tests/system/rpz/setup.sh | 68
bin/tests/system/rpz/tests.sh | 1148 +-
bin/tests/system/rpzrecurse/prereq.sh | 9
bin/tests/system/rpzrecurse/setup.sh | 64
bin/tests/system/rpzrecurse/tests.sh | 392
bin/tests/system/rrchecker/tests.sh | 105
bin/tests/system/rrl/clean.sh | 2
bin/tests/system/rrl/tests.sh | 285
bin/tests/system/rrsetorder/tests.sh | 448 -
bin/tests/system/rsabigexponent/ns1/sign.sh | 8
bin/tests/system/rsabigexponent/ns2/sign.sh | 9
bin/tests/system/rsabigexponent/prereq.sh | 11
bin/tests/system/rsabigexponent/tests.sh | 40
bin/tests/system/run.sh | 355
bin/tests/system/runall.sh | 76
bin/tests/system/runsequential.sh | 5
bin/tests/system/runtime/setup.sh | 9
bin/tests/system/runtime/tests.sh | 207
bin/tests/system/serve-stale/prereq.sh | 38
bin/tests/system/serve-stale/tests.sh | 2375 ++---
bin/tests/system/setup.sh | 17
bin/tests/system/sfcache/ns1/sign.sh | 10
bin/tests/system/sfcache/ns2/sign.sh | 4
bin/tests/system/sfcache/ns5/sign.sh | 2
bin/tests/system/sfcache/tests.sh | 80
bin/tests/system/shutdown/prereq.sh | 31
bin/tests/system/smartsign/tests.sh | 325
bin/tests/system/sortlist/tests.sh | 18
bin/tests/system/spf/tests.sh | 33
bin/tests/system/start.pl | 21
bin/tests/system/staticstub/ns3/sign.sh | 16
bin/tests/system/staticstub/ns4/sign.sh | 4
bin/tests/system/staticstub/setup.sh | 4
bin/tests/system/staticstub/tests.sh | 200
bin/tests/system/statistics/prereq.sh | 20
bin/tests/system/statistics/tests.sh | 282
bin/tests/system/statschannel/generic.py | 40
bin/tests/system/statschannel/ns2/sign.sh | 20
bin/tests/system/statschannel/prereq.sh | 9
bin/tests/system/statschannel/setup.sh | 2
bin/tests/system/statschannel/tests.sh | 464 -
bin/tests/system/stopall.sh | 5
bin/tests/system/stress/prereq.sh | 20
bin/tests/system/stub/tests.sh | 108
bin/tests/system/synthfromdnssec/ns1/sign.sh | 14
bin/tests/system/synthfromdnssec/setup.sh | 4
bin/tests/system/synthfromdnssec/tests.sh | 289
bin/tests/system/system-test-driver.sh | 72
bin/tests/system/tcp/prereq.sh | 5
bin/tests/system/tcp/tests.sh | 64
bin/tests/system/testcrypto.sh | 121
bin/tests/system/testsummary.sh | 54
bin/tests/system/timeouts/prereq.sh | 20
bin/tests/system/timeouts/setup.sh | 2
bin/tests/system/tkey/ns1/setup.sh | 4
bin/tests/system/tkey/tests.sh | 193
bin/tests/system/tools/tests.sh | 81
bin/tests/system/tsig/prereq.sh | 4
bin/tests/system/tsig/setup.sh | 5
bin/tests/system/tsig/tests.sh | 273
bin/tests/system/tsiggss/prereq.sh | 6
bin/tests/system/tsiggss/setup.sh | 4
bin/tests/system/tsiggss/tests.sh | 151
bin/tests/system/ttl/prereq.sh | 20
bin/tests/system/unknown/setup.sh | 5
bin/tests/system/unknown/tests.sh | 266
bin/tests/system/upforwd/prereq.sh | 9
bin/tests/system/upforwd/setup.sh | 21
bin/tests/system/upforwd/tests.sh | 313
bin/tests/system/verify/tests.sh | 152
bin/tests/system/verify/zones/genzones.sh | 220
bin/tests/system/views/setup.sh | 12
bin/tests/system/views/tests.sh | 92
bin/tests/system/wildcard/ns1/sign.sh | 44
bin/tests/system/wildcard/tests.sh | 304
bin/tests/system/xfer/prereq.sh | 27
bin/tests/system/xfer/setup.sh | 6
bin/tests/system/xfer/tests.sh | 361
bin/tests/system/xferquota/tests.sh | 44
bin/tests/system/zero/prereq.sh | 9
bin/tests/system/zero/setup.sh | 2
bin/tests/system/zero/tests.sh | 141
bin/tests/system/zonechecks/setup.sh | 20
bin/tests/system/zonechecks/tests.sh | 273
bin/tests/wire_test.c | 2
cocci/ctype.spatch | 105
contrib/dlz/modules/common/dlz_dbi.c | 2
dangerfile.py | 35
debian/changelog | 21
debian/patches/0003-Remove-the-reference-to-OPTIONS.md-it-breaks-build-o.patch | 22
debian/patches/0004-Disable-treat-warnings-as-errors-in-sphinx-build.patch | 36
debian/patches/series | 3
doc/arm/conf.py | 39
doc/arm/notes.rst | 4
doc/arm/platforms.rst | 10
doc/arm/reference.rst | 2
doc/arm/requirements.txt | 6
doc/arm/security.rst | 50
doc/man/arpaname.1in | 2
doc/man/ddns-confgen.8in | 2
doc/man/delv.1in | 2
doc/man/dig.1in | 2
doc/man/dnssec-cds.8in | 2
doc/man/dnssec-checkds.8in | 2
doc/man/dnssec-coverage.8in | 2
doc/man/dnssec-dsfromkey.8in | 2
doc/man/dnssec-importkey.8in | 2
doc/man/dnssec-keyfromlabel.8in | 2
doc/man/dnssec-keygen.8in | 2
doc/man/dnssec-keymgr.8in | 2
doc/man/dnssec-revoke.8in | 2
doc/man/dnssec-settime.8in | 2
doc/man/dnssec-signzone.8in | 2
doc/man/dnssec-verify.8in | 2
doc/man/dnstap-read.1in | 2
doc/man/filter-aaaa.8in | 2
doc/man/host.1in | 2
doc/man/mdig.1in | 2
doc/man/named-checkconf.8in | 2
doc/man/named-checkzone.8in | 2
doc/man/named-compilezone.8in | 2
doc/man/named-journalprint.8in | 2
doc/man/named-nzd2nzf.8in | 2
doc/man/named-rrchecker.1in | 2
doc/man/named.8in | 2
doc/man/named.conf.5in | 2
doc/man/nsec3hash.8in | 2
doc/man/nslookup.1in | 2
doc/man/nsupdate.1in | 2
doc/man/pkcs11-destroy.8in | 2
doc/man/pkcs11-keygen.8in | 2
doc/man/pkcs11-list.8in | 2
doc/man/pkcs11-tokens.8in | 2
doc/man/rndc-confgen.8in | 2
doc/man/rndc.8in | 8
doc/man/rndc.conf.5in | 2
doc/man/tsig-keygen.8in | 2
doc/notes/notes-9.16.12.rst | 2
doc/notes/notes-9.16.15.rst | 6
doc/notes/notes-9.16.20.rst | 2
doc/notes/notes-9.16.22.rst | 2
doc/notes/notes-9.16.27.rst | 4
doc/notes/notes-9.16.3.rst | 6
doc/notes/notes-9.16.33.rst | 8
doc/notes/notes-9.16.37.rst | 6
doc/notes/notes-9.16.4.rst | 7
doc/notes/notes-9.16.42.rst | 4
doc/notes/notes-9.16.44.rst | 2
doc/notes/notes-9.16.45.rst | 26
doc/notes/notes-9.16.46.rst | 19
doc/notes/notes-9.16.47.rst | 20
doc/notes/notes-9.16.48.rst | 69
doc/notes/notes-9.16.6.rst | 13
lib/bind9/check.c | 4
lib/dns/adb.c | 10
lib/dns/catz.c | 8
lib/dns/dst_api.c | 27
lib/dns/include/dns/message.h | 40
lib/dns/include/dns/name.h | 37
lib/dns/include/dns/rbt.h | 6
lib/dns/include/dns/stats.h | 2
lib/dns/include/dns/validator.h | 1
lib/dns/include/dst/dst.h | 4
lib/dns/mapapi | 2
lib/dns/master.c | 2
lib/dns/message.c | 391
lib/dns/name.c | 1
lib/dns/ncache.c | 2
lib/dns/nsec3.c | 8
lib/dns/opensslrsa_link.c | 5
lib/dns/private.c | 8
lib/dns/rbt.c | 1
lib/dns/rbtdb.c | 153
lib/dns/rdata.c | 2
lib/dns/resolver.c | 4
lib/dns/result.c | 2
lib/dns/rootns.c | 53
lib/dns/rpz.c | 5
lib/dns/tsig.c | 22
lib/dns/update.c | 53
lib/dns/validator.c | 67
lib/dns/win32/libdns.def.in | 3
lib/dns/zone.c | 46
lib/isc/ht.c | 556 -
lib/isc/include/isc/endian.h | 34
lib/isc/include/isc/ht.h | 28
lib/isc/include/isc/netmgr.h | 3
lib/isc/include/isc/radix.h | 2
lib/isc/include/isc/resultclass.h | 2
lib/isc/netaddr.c | 2
lib/isc/netmgr/netmgr-int.h | 1
lib/isc/netmgr/netmgr.c | 36
lib/isc/netmgr/tcp.c | 6
lib/isc/netmgr/tcpdns.c | 4
lib/isc/netmgr/udp.c | 6
lib/isc/netmgr/uv-compat.h | 2
lib/isc/tests/ht_test.c | 57
lib/isc/unix/include/isc/net.h | 4
lib/isc/url.c | 5
lib/isc/win32/file.c | 8
lib/isc/win32/fsaccess.c | 2
lib/isc/win32/include/isc/net.h | 4
lib/isc/win32/include/isc/stat.h | 4
lib/ns/query.c | 34
lib/ns/tests/nstest.c | 2
lib/ns/xfrout.c | 2
srcid | 2
version | 2
416 files changed, 26877 insertions(+), 24985 deletions(-)
diff -Nru bind9-9.16.44/.editorconfig bind9-9.16.48/.editorconfig
--- bind9-9.16.44/.editorconfig 1970-01-01 00:00:00.000000000 +0000
+++ bind9-9.16.48/.editorconfig 2024-02-11 11:31:39.000000000 +0000
@@ -0,0 +1,5 @@
+[{bin/tests/**.sh,bin/tests/**.sh.in,util/**.sh}]
+indent_style = space
+indent_size = 2
+binary_next_line = true
+switch_case_indent = true
diff -Nru bind9-9.16.44/.gitlab-ci.yml bind9-9.16.48/.gitlab-ci.yml
--- bind9-9.16.44/.gitlab-ci.yml 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/.gitlab-ci.yml 2024-02-11 11:31:39.000000000 +0000
@@ -19,7 +19,7 @@
TEST_PARALLEL_JOBS: 4
CONFIGURE: ./configure
- CLANG_VERSION: 16
+ CLANG_VERSION: 17
CLANG: "clang-${CLANG_VERSION}"
SCAN_BUILD: "scan-build-${CLANG_VERSION}"
LLVM_SYMBOLIZER: "/usr/lib/llvm-${CLANG_VERSION}/bin/llvm-symbolizer"
@@ -38,9 +38,6 @@
UBSAN_OPTIONS: "halt_on_error=1:abort_on_error=1:disable_coredump=0"
- TARBALL_COMPRESSOR: xz
- TARBALL_EXTENSION: xz
-
INSTALL_PATH: "${CI_PROJECT_DIR}/.local"
# Disable pytest's "cacheprovider" plugin to prevent it from creating
@@ -83,7 +80,7 @@
- ovh
- amd64
-# Autoscaling GitLab Runner on AWS EC2
+# Autoscaling GitLab Runner on AWS EC2 (amd64)
.linux-amd64: &linux_amd64
tags:
@@ -92,21 +89,16 @@
- runner-manager
- amd64
-# Stress-testing runners
+# Autoscaling GitLab Runner on AWS EC2 (arm64)
-.linux-stress-amd64: &linux_stress_amd64
+.linux-arm64: &linux_arm64
tags:
- - amd64
+ - linux
- aws
- - linux-stress
- - stress
-
-.linux-stress-arm64: &linux_stress_arm64
- tags:
+ - runner-manager
- aarch64
- - aws
- - linux-stress
- - stress
+
+# Stress-testing runners
.freebsd-stress-amd64: &freebsd_stress_amd64
tags:
@@ -124,8 +116,8 @@
# Alpine Linux
-.alpine-3.18-amd64: &alpine_3_18_amd64_image
- image: "$CI_REGISTRY_IMAGE:alpine-3.18-amd64"
+.alpine-3.19-amd64: &alpine_3_19_amd64_image
+ image: "$CI_REGISTRY_IMAGE:alpine-3.19-amd64"
<<: *linux_amd64
# Oracle Linux
@@ -180,24 +172,20 @@
# Fedora
-.tsan-fedora-38-amd64: &tsan_fedora_38_amd64_image
- image: "$CI_REGISTRY_IMAGE:tsan-fedora-38-amd64"
+.tsan-fedora-39-amd64: &tsan_fedora_39_amd64_image
+ image: "$CI_REGISTRY_IMAGE:tsan-fedora-39-amd64"
<<: *linux_amd64
-.fedora-38-amd64: &fedora_38_amd64_image
- image: "$CI_REGISTRY_IMAGE:fedora-38-amd64"
+.fedora-39-amd64: &fedora_39_amd64_image
+ image: "$CI_REGISTRY_IMAGE:fedora-39-amd64"
<<: *linux_amd64
-.fedora-38-arm64: &fedora_38_arm64_image
- image: "$CI_REGISTRY_IMAGE:fedora-38-arm64"
- <<: *linux_stress_arm64
+.fedora-39-arm64: &fedora_39_arm64_image
+ image: "$CI_REGISTRY_IMAGE:fedora-39-arm64"
+ <<: *linux_arm64
# Ubuntu
-.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image
- image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64"
- <<: *linux_amd64
-
.ubuntu-focal-amd64: &ubuntu_focal_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-focal-amd64"
<<: *linux_amd64
@@ -228,8 +216,12 @@
image: "freebsd-13.2-x86_64"
<<: *libvirt_amd64
+.freebsd-14-amd64: &freebsd_14_amd64_image
+ image: "freebsd-14.0-x86_64"
+ <<: *libvirt_amd64
+
.openbsd-amd64: &openbsd_amd64_image
- image: "openbsd-7.3-x86_64"
+ image: "openbsd-7.4-x86_64"
<<: *libvirt_amd64
### Job Templates
@@ -263,15 +255,6 @@
<<: *base_image
stage: precheck
-.autoconf: &autoconf_job
- <<: *default_triggering_rules
- <<: *base_image
- stage: precheck
- script:
- - autoreconf2.69 -fi
- artifacts:
- untracked: true
-
.configure: &configure
- ${CONFIGURE}
--disable-maintainer-mode
@@ -309,12 +292,10 @@
- test -z "${CROSS_COMPILATION}" || grep -F -A 1 "checking whether we are cross compiling" config.log | grep -q "result.*yes"
- test -z "${CROSS_COMPILATION}" || file lib/dns/gen | grep -F -q "ELF 64-bit LSB"
- test -z "${CROSS_COMPILATION}" || ( ! git ls-files -z --others --exclude lib/dns/gen | xargs -0 file | grep "ELF 64-bit LSB" )
- needs:
- - job: autoreconf
- artifacts: true
artifacts:
untracked: true
when: always
+ needs: []
.windows_build: &windows_build_job
stage: build
@@ -351,52 +332,6 @@
- export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh)
- test -n "${SLOT}" && test "${SLOT}" -gt 0
-cross-version-config-tests:
- stage: system
- <<: *base_image
- <<: *default_triggering_rules
- variables:
- CC: gcc
- CFLAGS: "${CFLAGS_COMMON}"
- # Disable option checking to prevent problems with new default options in
- # the &configure anchor.
- EXTRA_CONFIGURE: "--disable-option-checking"
- script:
- # Exclude the dyndb test from the system test as the sample library can't
- # locate the libdns library from the BIND 9 baseline version.
- - sed -i '/^dyndb \\$/d' bin/tests/system/conf.sh.common
- - *configure
- - *setup_interfaces
- - make -j${BUILD_PARALLEL_JOBS:-1}
- - export BIND_BRANCH=16
- # When testing a .0 release, compare it against the previous development
- # release (e.g., 9.19.0 and 9.18.0 should both be compared against 9.17.22).
- - if [ "$(sed -n -E "s|^m4_define\(\[bind_VERSION_PATCH\], ([0-9]+)\)dnl$|\1|p" configure.ac)" = "0" ]; then export BIND_BRANCH=$((BIND_BRANCH - 1 - (BIND_BRANCH % 2))); fi
- - BASELINE="$(curl -s "https://gitlab.isc.org/api/v4/projects/1/repository/tags?search=^v9.${BIND_BRANCH}&order_by=version" | jq -r ".[0].name")"
- - git clone --branch "${BASELINE}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git "bind-${BASELINE}"
- - cd "bind-${BASELINE}"
- - autoreconf2.69 -fi
- - *configure
- - make -j${BUILD_PARALLEL_JOBS:-1}
- - cd bin/tests/system
- # Neutralize shell and pytests; in effect, "nsX" servers are just started
- # and stopped, thus configuration checked.
- - truncate --size=0 */tests{.sh,*.py}
- # Run the setup phase of all system tests in the most recently tagged BIND 9
- # release using the binaries built for the current BIND 9 version. This
- # intends to detect obvious backward compatibility issues with the latter.
- - sed -i -E "s|(export TOP)=.*|\1=${CI_PROJECT_DIR}|" conf.sh
- - make -j${TEST_PARALLEL_JOBS:-1} -k check V=1
- needs:
- - job: autoreconf
- artifacts: true
- artifacts:
- paths:
- - bind-*
- untracked: true
- expire_in: "1 day"
- when: on_failure
-
.system_test_common: &system_test_common
<<: *default_triggering_rules
stage: system
@@ -504,9 +439,6 @@
# Jobs in the precheck stage
-autoreconf:
- <<: *autoconf_job
-
misc:
<<: *precheck_job
script:
@@ -525,7 +457,6 @@
- sh util/check-win32util-configure
- sh util/check-categories.sh
- sh util/xmllint-html.sh
- needs: []
artifacts:
paths:
- checklibs.out
@@ -533,7 +464,6 @@
black:
<<: *precheck_job
- needs: []
script:
- black $(git ls-files '*.py' '*.py.in')
- git diff > black.patch
@@ -546,7 +476,6 @@
clang-format:
<<: *precheck_job
- needs: []
script:
- if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi
- git diff > clang-format.patch
@@ -559,25 +488,41 @@
coccinelle:
<<: *precheck_job
- needs: []
script:
- util/check-cocci
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
reuse:
<<: *precheck_job
- needs: []
image:
name: docker.io/fsfe/reuse:latest
entrypoint: [""]
script:
- reuse lint
-danger:
+shfmt:
<<: *precheck_job
needs: []
script:
- - danger-python ci -f
+ - shfmt -w -i 2 -ci -bn bin/tests/system/ util/ $(find bin/tests/system/ -name "*.sh.in")
+ - git diff > shfmt.patch
+ - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
+ artifacts:
+ paths:
+ - shfmt.patch
+ expire_in: "1 week"
+ when: on_failure
+
+danger:
+ <<: *precheck_job
+ # Keep the GIT_DEPTH environment variable set to a "high number" before
+ # https://github.com/libgit2/libgit2/pull/6662 is addressed and integrated
+ # into pygit2.
+ variables:
+ GIT_DEPTH: 1000
+ script:
+ - pip install git+https://gitlab.isc.org/isc-projects/hazard.git
+ - hazard
only:
refs:
- merge_requests
@@ -588,19 +533,16 @@
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
- needs:
- - job: autoreconf
- artifacts: true
script:
- *configure
- export PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python"
- pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py|^bin/tests/system/)')
# Ignore Pylint wrong-import-position error in system test to enable use of pytest.importorskip
- pylint --rcfile $CI_PROJECT_DIR/.pylintrc --disable=wrong-import-position $(git ls-files 'bin/tests/system/*.py' | grep -vE 'ans\.py')
+ needs: []
checkbashisms:
<<: *precheck_job
- needs: []
script:
- checkbashisms $(find . -path './.git' -prune -o -type f -exec sh -c 'head -n 1 "{}" | grep -qsF "#!/bin/sh"' \; -print | sed -e '/^\.\/install-sh$/d')
@@ -620,10 +562,10 @@
- rm -rf "${BIND_DIRECTORY}/tmp/.doctrees/"
- for man in "${BIND_DIRECTORY}/doc/man/"*; do mv "$man" "$man"in; done
- tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/doc/man/"*in
- - ${TARBALL_COMPRESSOR} "${BIND_DIRECTORY}.tar"
+ - xz "${BIND_DIRECTORY}.tar"
artifacts:
paths:
- - bind-*.tar.${TARBALL_EXTENSION}
+ - bind-*.tar.xz
# Jobs for doc builds on Debian 12 "bookworm" (amd64)
@@ -641,40 +583,96 @@
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} all V=1
- make -j${BUILD_PARALLEL_JOBS:-1} doc V=1
- - if test "$(git status --porcelain | grep -Ev '\?\?' | grep -v -F -e aclocal.m4 -e configure -e ltmain.sh -e m4/ | wc -l)" -gt "0"; then git status --short; exit 1; fi
- - qpdf --check doc/arm/_build/latex/Bv9ARM.pdf
+ - if test "$(git status --porcelain | grep -Ev '\?\?' | grep -v -F -e aclocal.m4 -e configure -e ltmain.sh -e bin/named/bind9.xsl.h -e m4/ | wc -l)" -gt "0"; then git status --short; exit 1; fi
- find doc/man/ -maxdepth 1 -name "*.[0-9]" -exec mandoc -T lint "{}" \; | ( ! grep -v -e "skipping paragraph macro. sp after" -e "unknown font, skipping request. ft C" -e "input text line longer than 80 bytes" )
- needs:
- - job: autoreconf
- artifacts: true
artifacts:
paths:
- doc/arm/
- doc/man/
- doc/misc/
when: always
+ needs: []
+
+docs:pdf:
+ <<: *api_schedules_tags_triggers_web_triggering_rules
+ <<: *base_image
+ stage: docs
+ before_script:
+ - apt-get -y install qpdf texlive-full texlive-xetex xindy
+ script:
+ - *configure
+ - make -C doc/arm/ pdf V=1
+ - qpdf --check doc/arm/_build/latex/Bv9ARM.pdf
+ artifacts:
+ untracked: true
+ needs: []
-# Jobs for regular GCC builds on Alpine Linux 3.18 (amd64)
+# Job detecting named.conf breakage introduced since the previous point release
-gcc:alpine3.18:amd64:
+cross-version-config-tests:
+ stage: system
+ <<: *base_image
+ <<: *default_triggering_rules
+ variables:
+ CC: gcc
+ CFLAGS: "${CFLAGS_COMMON}"
+ # Disable option checking to prevent problems with new default options in
+ # the &configure anchor.
+ EXTRA_CONFIGURE: "--disable-option-checking"
+ script:
+ # Exclude the dyndb test from the system test as the sample library can't
+ # locate the libdns library from the BIND 9 baseline version.
+ - sed -i '/^dyndb \\$/d' bin/tests/system/conf.sh.common
+ - *configure
+ - *setup_interfaces
+ - make -j${BUILD_PARALLEL_JOBS:-1}
+ - export BIND_BRANCH=16
+ # When testing a .0 release, compare it against the previous development
+ # release (e.g., 9.19.0 and 9.18.0 should both be compared against 9.17.22).
+ - if [ "$(sed -n -E "s|^m4_define\(\[bind_VERSION_PATCH\], ([0-9]+)\)dnl$|\1|p" configure.ac)" = "0" ]; then export BIND_BRANCH=$((BIND_BRANCH - 1 - (BIND_BRANCH % 2))); fi
+ - BASELINE="$(curl -s "https://gitlab.isc.org/api/v4/projects/1/repository/tags?search=^v9.${BIND_BRANCH}&order_by=version" | jq -r ".[0].name")"
+ - git clone --branch "${BASELINE}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git "bind-${BASELINE}"
+ - cd "bind-${BASELINE}"
+ - *configure
+ - make -j${BUILD_PARALLEL_JOBS:-1}
+ - cd bin/tests/system
+ # Neutralize shell and pytests; in effect, "nsX" servers are just started
+ # and stopped, thus configuration checked.
+ - truncate --size=0 */tests{.sh,*.py}
+ # Run the setup phase of all system tests in the most recently tagged BIND 9
+ # release using the binaries built for the current BIND 9 version. This
+ # intends to detect obvious backward compatibility issues with the latter.
+ - sed -i -E "s|(export TOP)=.*|\1=${CI_PROJECT_DIR}|" conf.sh
+ - make -j${TEST_PARALLEL_JOBS:-1} -k check V=1
+ artifacts:
+ paths:
+ - bind-*
+ untracked: true
+ expire_in: "1 day"
+ when: on_failure
+ needs: []
+
+# Jobs for regular GCC builds on Alpine Linux 3.19 (amd64)
+
+gcc:alpine3.19:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
- <<: *alpine_3_18_amd64_image
+ <<: *alpine_3_19_amd64_image
<<: *build_job
-system:gcc:alpine3.18:amd64:
- <<: *alpine_3_18_amd64_image
+system:gcc:alpine3.19:amd64:
+ <<: *alpine_3_19_amd64_image
<<: *system_test_job
needs:
- - job: gcc:alpine3.18:amd64
+ - job: gcc:alpine3.19:amd64
artifacts: true
-unit:gcc:alpine3.18:amd64:
- <<: *alpine_3_18_amd64_image
+unit:gcc:alpine3.19:amd64:
+ <<: *alpine_3_19_amd64_image
<<: *unit_test_job
needs:
- - job: gcc:alpine3.18:amd64
+ - job: gcc:alpine3.19:amd64
artifacts: true
# Jobs for regular GCC builds on Oracle Linux 7 (amd64)
@@ -760,8 +758,8 @@
<<: *build_job
before_script:
- (! command -v sphinx-build >/dev/null)
- - tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
- - rm -f bind-*.tar.${TARBALL_EXTENSION}
+ - tar --extract --file bind-*.tar.xz
+ - rm -f bind-*.tar.xz
- cd bind-*
needs:
- job: tarball-create
@@ -904,13 +902,11 @@
script:
- *configure
- *scan_build
- needs:
- - job: autoreconf
- artifacts: true
artifacts:
paths:
- scan-build.reports/
when: on_failure
+ needs: []
# Jobs for regular GCC builds on Debian "sid" (amd64)
# Also tests configration option: --without-lmdb.
@@ -963,8 +959,8 @@
<<: *base_image
<<: *build_job
before_script:
- - tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
- - rm -f bind-*.tar.${TARBALL_EXTENSION}
+ - tar --extract --file bind-*.tar.xz
+ - rm -f bind-*.tar.xz
- cd bind-*
needs:
- job: tarball-create
@@ -1015,25 +1011,6 @@
- job: gcc:tumbleweed:amd64
artifacts: true
-# Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64)
-
-gcc:bionic:amd64:
- variables:
- CC: gcc
- CFLAGS: "${CFLAGS_COMMON} -O2"
- EXTRA_CONFIGURE: "--disable-dnstap --with-gssapi --without-cmocka"
- <<: *ubuntu_bionic_amd64_image
- <<: *build_job
- <<: *api_schedules_tags_triggers_web_triggering_rules
-
-system:gcc:bionic:amd64:
- <<: *ubuntu_bionic_amd64_image
- <<: *system_test_job
- <<: *api_schedules_tags_triggers_web_triggering_rules
- needs:
- - job: gcc:bionic:amd64
- artifacts: true
-
# Jobs for regular GCC builds on Ubuntu 20.04 Focal Fossa (amd64)
gcc:focal:amd64:
@@ -1063,8 +1040,8 @@
gcc:jammy:amd64:
variables:
CC: gcc
- CFLAGS: "${CFLAGS_COMMON}"
- EXTRA_CONFIGURE: "--with-libidn2"
+ CFLAGS: "${CFLAGS_COMMON} -O2"
+ EXTRA_CONFIGURE: "--with-libidn2 --disable-dnstap --with-gssapi --without-cmocka"
<<: *ubuntu_jammy_amd64_image
<<: *build_job
@@ -1082,7 +1059,7 @@
- job: gcc:jammy:amd64
artifacts: true
-# Jobs for ASAN builds on Fedora 38 (amd64)
+# Jobs for ASAN builds on Fedora 39 (amd64)
gcc:asan:
variables:
@@ -1090,18 +1067,18 @@
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2"
- <<: *fedora_38_amd64_image
+ <<: *fedora_39_amd64_image
<<: *build_job
system:gcc:asan:
- <<: *fedora_38_amd64_image
+ <<: *fedora_39_amd64_image
<<: *system_test_job
needs:
- job: gcc:asan
artifacts: true
unit:gcc:asan:
- <<: *fedora_38_amd64_image
+ <<: *fedora_39_amd64_image
<<: *unit_test_job
needs:
- job: gcc:asan
@@ -1130,7 +1107,7 @@
- job: clang:asan
artifacts: true
-# Jobs for TSAN builds on Fedora 38 (amd64)
+# Jobs for TSAN builds on Fedora 39 (amd64)
gcc:tsan:
variables:
@@ -1138,13 +1115,13 @@
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
- <<: *tsan_fedora_38_amd64_image
+ <<: *tsan_fedora_39_amd64_image
<<: *build_job
system:gcc:tsan:
variables:
TSAN_OPTIONS: "${TSAN_OPTIONS_FEDORA}"
- <<: *tsan_fedora_38_amd64_image
+ <<: *tsan_fedora_39_amd64_image
<<: *system_test_tsan_job
needs:
- job: gcc:tsan
@@ -1153,7 +1130,7 @@
unit:gcc:tsan:
variables:
TSAN_OPTIONS: "${TSAN_OPTIONS_FEDORA}"
- <<: *tsan_fedora_38_amd64_image
+ <<: *tsan_fedora_39_amd64_image
<<: *unit_test_tsan_job
needs:
- job: gcc:tsan
@@ -1314,26 +1291,42 @@
- job: clang:freebsd13:amd64
artifacts: true
-# Jobs for Clang builds on OpenBSD (amd64)
+# Jobs for Clang builds on FreeBSD 14 (amd64)
-clang:openbsd:amd64:
+clang:freebsd14:amd64:
variables:
- CC: clang
+ CFLAGS: "${CFLAGS_COMMON}"
+ # Disable BIND 9 GSS-API support because of Heimdal incompatibility; see FreeBSD bug #275241.
+ EXTRA_CONFIGURE: "${WITH_READLINE_LIBEDIT} --without-gssapi"
USER: gitlab-runner
- EXTRA_CONFIGURE: "--disable-dnstap"
- <<: *openbsd_amd64_image
+ <<: *freebsd_14_amd64_image
<<: *build_job
-system:clang:openbsd:amd64:
- <<: *openbsd_amd64_image
+system:clang:freebsd14:amd64:
+ <<: *freebsd_14_amd64_image
<<: *system_test_job
- <<: *api_schedules_triggers_web_triggering_rules
variables:
USER: gitlab-runner
needs:
- - job: clang:openbsd:amd64
+ - job: clang:freebsd14:amd64
artifacts: true
- allow_failure: true
+
+unit:clang:freebsd14:amd64:
+ <<: *freebsd_14_amd64_image
+ <<: *unit_test_job
+ needs:
+ - job: clang:freebsd14:amd64
+ artifacts: true
+
+# Jobs for Clang builds on OpenBSD (amd64)
+
+clang:openbsd:amd64:
+ variables:
+ CC: clang
+ USER: gitlab-runner
+ EXTRA_CONFIGURE: "--disable-dnstap"
+ <<: *openbsd_amd64_image
+ <<: *build_job
# Jobs with libtool disabled
@@ -1395,7 +1388,7 @@
- job: msvc-debug:windows:amd64
artifacts: true
-# Job producing a release tarball
+# Job producing a release directory
release:
<<: *base_image
@@ -1409,24 +1402,22 @@
- find Build/Debug/ \( -name "*.bsc" -o -name "*.idb" \) -print -delete
- find Build/ -regextype posix-extended -regex "Build/.*/($(find bin/tests/ -type f | sed -nE "s|^bin/tests(/system)?/win32/(.*)\.vcxproj$|\2|p" | paste -d"|" -s))\..*" -print -delete
# Create Windows zips
- - openssl dgst -sha256 "${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" | tee Build/Release/SHA256 Build/Debug/SHA256
+ - openssl dgst -sha256 "${BIND_DIRECTORY}.tar.xz" | tee Build/Release/SHA256 Build/Debug/SHA256
- cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Release/
- cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Debug/
- ( cd Build/Release; zip "../../BIND${BIND_DIRECTORY#bind-}.x64.zip" * )
- ( cd Build/Debug; zip "../../BIND${BIND_DIRECTORY#bind-}.debug.x64.zip" * )
# Prepare release tarball contents (tarballs + zips + documentation)
- - mkdir -p release/doc/arm
- - pushd release
- - mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip .
- - tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}"
+ - mkdir -p "${BIND_DIRECTORY}-release/doc/arm"
+ - pushd "${BIND_DIRECTORY}-release"
+ - mv "../${BIND_DIRECTORY}.tar.xz" ../BIND*.zip .
+ - tar --extract --file="${BIND_DIRECTORY}.tar.xz"
- mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README,srcid} .
- rm -rf "${BIND_DIRECTORY}"
- mv "../doc/arm/_build/html" doc/arm/
- mv "../doc/arm/_build/latex/Bv9ARM.pdf" doc/arm/
- echo '
Redirect' > "RELEASE-NOTES-${BIND_DIRECTORY}.html"
- popd
- # Create release tarball
- - tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/
needs:
- job: tarball-create
artifacts: true
@@ -1436,12 +1427,56 @@
artifacts: true
- job: docs
artifacts: true
+ - job: docs:pdf
+ artifacts: true
only:
- tags
artifacts:
paths:
+ - "*-release"
+ expire_in: "1 month"
+
+# Job signing the source tarballs in the release directory
+
+sign:
+ stage: release
+ tags:
+ - signer
+ script:
+ - export RELEASE_DIRECTORY="$(echo *-release)"
+ - pushd "${RELEASE_DIRECTORY}"
+ - |
+ echo
+ cat > /tmp/sign-bind9.sh <>> Signing \${FILE}..."
+ gpg2 --local-user "\${SIGNING_KEY_FINGERPRINT}" --armor --digest-algo SHA512 --detach-sign --output "\${FILE}.asc" "\${FILE}"
+ done
+ } 2>&1 | tee "${CI_PROJECT_DIR}/signing.log"
+ EOF
+ chmod +x /tmp/sign-bind9.sh
+ echo -e "\e[31m*** Please sign the releases by following the instructions at:\e[0m"
+ echo -e "\e[31m*** \e[0m"
+ echo -e "\e[31m*** ${SIGNING_HELP_URL}\e[0m"
+ echo -e "\e[31m*** \e[0m"
+ echo -e "\e[31m*** Sleeping until files in ${PWD} are signed... ⌛\e[0m"
+ while [ "$(find . -name "*.asc" -size +0 | sed "s|\.asc$||" | sort)" != "$(find . -name "*.tar.xz" -o -name "*.zip" | sort)" ]; do sleep 10; done
+ - popd
+ - tar --create --file="${RELEASE_DIRECTORY}.tar.gz" --gzip "${RELEASE_DIRECTORY}"
+ artifacts:
+ paths:
- "*.tar.gz"
+ - signing.log
expire_in: never
+ needs:
+ - job: release
+ artifacts: true
+ only:
+ - tags
+ when: manual
+ allow_failure: false
# Coverity Scan analysis upload
@@ -1482,9 +1517,6 @@
- *coverity_build
after_script:
- mv -v /tmp/cov-int.tar.gz ${CI_PROJECT_DIR}/
- needs:
- - job: autoreconf
- artifacts: true
artifacts:
paths:
- curl-response.txt
@@ -1495,6 +1527,7 @@
variables:
- $COVERITY_SCAN_PROJECT_NAME
- $COVERITY_SCAN_TOKEN
+ needs: []
# Respdiff tests
@@ -1606,18 +1639,16 @@
- git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git
- cd bind-qa/bind9/stress
- LD_LIBRARY_PATH="${INSTALL_PATH}/usr/local/lib" BIND_INSTALL_PATH="${INSTALL_PATH}/usr/local" WORKSPACE="${CI_PROJECT_DIR}" bash stress.sh
- needs:
- - job: autoreconf
- artifacts: true
artifacts:
untracked: true
expire_in: "1 week"
when: always
timeout: 2h
+ needs: []
-stress:authoritative:fedora:38:amd64:
- <<: *fedora_38_amd64_image
- <<: *linux_stress_amd64
+stress:authoritative:fedora:39:amd64:
+ <<: *fedora_39_amd64_image
+ <<: *linux_amd64
<<: *stress_job
variables:
CC: gcc
@@ -1630,9 +1661,9 @@
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /authoritative/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
-stress:recursive:fedora:38:amd64:
- <<: *fedora_38_amd64_image
- <<: *linux_stress_amd64
+stress:recursive:fedora:39:amd64:
+ <<: *fedora_39_amd64_image
+ <<: *linux_amd64
<<: *stress_job
variables:
CC: gcc
@@ -1645,9 +1676,9 @@
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /recursive/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
-stress:rpz:fedora:38:amd64:
- <<: *fedora_38_amd64_image
- <<: *linux_stress_amd64
+stress:rpz:fedora:39:amd64:
+ <<: *fedora_39_amd64_image
+ <<: *linux_amd64
<<: *stress_job
variables:
CC: gcc
@@ -1660,9 +1691,9 @@
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /rpz/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
-stress:authoritative:fedora:38:arm64:
- <<: *fedora_38_arm64_image
- <<: *linux_stress_arm64
+stress:authoritative:fedora:39:arm64:
+ <<: *fedora_39_arm64_image
+ <<: *linux_arm64
<<: *stress_job
variables:
CC: gcc
@@ -1675,9 +1706,9 @@
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /authoritative/i && $BIND_STRESS_TEST_ARCH =~ /arm64/i)
-stress:recursive:fedora:38:arm64:
- <<: *fedora_38_arm64_image
- <<: *linux_stress_arm64
+stress:recursive:fedora:39:arm64:
+ <<: *fedora_39_arm64_image
+ <<: *linux_arm64
<<: *stress_job
variables:
CC: gcc
@@ -1690,9 +1721,9 @@
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /recursive/i && $BIND_STRESS_TEST_ARCH =~ /arm64/i)
-stress:rpz:fedora:38:arm64:
- <<: *fedora_38_arm64_image
- <<: *linux_stress_arm64
+stress:rpz:fedora:39:arm64:
+ <<: *fedora_39_arm64_image
+ <<: *linux_arm64
<<: *stress_job
variables:
CC: gcc
@@ -1784,9 +1815,6 @@
pairwise:
<<: *base_image
stage: build
- needs:
- - job: autoreconf
- artifacts: true
script:
- util/pairwise-testing.sh
artifacts:
@@ -1798,3 +1826,4 @@
only:
variables:
- $PAIRWISE_TESTING
+ needs: []
diff -Nru bind9-9.16.44/.reuse/dep5 bind9-9.16.48/.reuse/dep5
--- bind9-9.16.44/.reuse/dep5 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/.reuse/dep5 2024-02-11 11:31:39.000000000 +0000
@@ -156,6 +156,7 @@
.clang-format
.clang-format.headers
.dir-locals.el
+ .editorconfig
.gitattributes
.gitignore
.gitlab-ci.yml
diff -Nru bind9-9.16.44/CHANGES bind9-9.16.48/CHANGES
--- bind9-9.16.44/CHANGES 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/CHANGES 2024-02-11 11:31:39.000000000 +0000
@@ -1,3 +1,56 @@
+ --- 9.16.48 released ---
+
+6343. [bug] Fix case insensitive setting for isc_ht hashtable.
+ [GL #4568]
+
+ --- 9.16.47 released ---
+
+6322. [security] Specific DNS answers could cause a denial-of-service
+ condition due to DNS validation taking a long time.
+ (CVE-2023-50387) [GL #4424]
+
+6321. [security] Change 6315 inadvertently introduced regressions that
+ could cause named to crash. [GL #4234]
+
+ --- 9.16.46 released ---
+
+6319. [security] Query patterns that continuously triggered cache
+ database maintenance could exhaust all available memory
+ on the host running named. (CVE-2023-6516) [GL #4383]
+
+6317. [security] Restore DNS64 state when handling a serve-stale timeout.
+ (CVE-2023-5679) [GL #4334]
+
+6316. [security] Specific queries could trigger an assertion check with
+ nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
+
+6315. [security] Speed up parsing of DNS messages with many different
+ names. (CVE-2023-4408) [GL #4234]
+
+6314. [bug] Address race conditions in dns_tsigkey_find().
+ [GL #4182]
+
+6304. [bug] The wrong time was being used to determine what RRSIGs
+ where to be generated when dnssec-policy was in use.
+ [GL #4494]
+
+6282. [func] Deprecate AES-based DNS cookies. [GL #4421]
+
+ --- 9.16.45 released ---
+
+6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
+ 2801:1b8:10::b. [GL #4101]
+
+6254. [cleanup] Add semantic patch to do an explicit cast from char
+ to unsigned char in ctype.h class of functions.
+ [GL #4327]
+
+6250. [bug] The wrong covered value was being set by
+ dns_ncache_current for RRSIG records in the returned
+ rdataset structure. This resulted in TYPE0 being
+ reported as the covered value of the RRSIG when dumping
+ the cache contents. [GL #4314]
+
--- 9.16.44 released ---
6245. [security] Limit the amount of recursion that can be performed
diff -Nru bind9-9.16.44/bin/dnssec/dnssec-signzone.c bind9-9.16.48/bin/dnssec/dnssec-signzone.c
--- bind9-9.16.44/bin/dnssec/dnssec-signzone.c 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/dnssec/dnssec-signzone.c 2024-02-11 11:31:39.000000000 +0000
@@ -101,7 +101,7 @@
"dns_dbiterator_current()")
#define IS_NSEC3 (nsec_datatype == dns_rdatatype_nsec3)
-#define OPTOUT(x) (((x)&DNS_NSEC3FLAG_OPTOUT) != 0)
+#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
diff -Nru bind9-9.16.44/bin/named/config.c bind9-9.16.48/bin/named/config.c
--- bind9-9.16.44/bin/named/config.c 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/named/config.c 2024-02-11 11:31:39.000000000 +0000
@@ -303,14 +303,14 @@
"# END TRUST ANCHORS\n\
\n\
primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
- 2001:500:200::b; # b.root-servers.net\n\
+ 2801:1b8:10::b; # b.root-servers.net\n\
2001:500:2::c; # c.root-servers.net\n\
2001:500:2f::f; # f.root-servers.net\n\
2001:500:12::d0d; # g.root-servers.net\n\
2001:7fd::1; # k.root-servers.net\n\
2620:0:2830:202::132; # xfr.cjr.dns.icann.org\n\
2620:0:2d0:202::132; # xfr.lax.dns.icann.org\n\
- 199.9.14.201; # b.root-servers.net\n\
+ 170.247.170.2; # b.root-servers.net\n\
192.33.4.12; # c.root-servers.net\n\
192.5.5.241; # f.root-servers.net\n\
192.112.36.4; # g.root-servers.net\n\
diff -Nru bind9-9.16.44/bin/plugins/filter-aaaa.c bind9-9.16.48/bin/plugins/filter-aaaa.c
--- bind9-9.16.44/bin/plugins/filter-aaaa.c 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/plugins/filter-aaaa.c 2024-02-11 11:31:39.000000000 +0000
@@ -350,7 +350,7 @@
cfg_line, mctx, lctx, actx));
}
- isc_ht_init(&inst->ht, mctx, 16);
+ isc_ht_init(&inst->ht, mctx, 16, ISC_HT_CASE_SENSITIVE);
isc_mutex_init(&inst->hlock);
/*
diff -Nru bind9-9.16.44/bin/rndc/rndc.rst bind9-9.16.48/bin/rndc/rndc.rst
--- bind9-9.16.44/bin/rndc/rndc.rst 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/rndc/rndc.rst 2024-02-11 11:31:39.000000000 +0000
@@ -389,7 +389,8 @@
This command schedules zone maintenance for the given zone.
``reload``
- This command reloads the configuration file and zones.
+ This command reloads the configuration file and zones. As no zone is specified,
+ the reloading of the zones happens asynchronously.
``reload`` *zone* [*class* [*view*]]
This command reloads the given zone.
@@ -546,7 +547,8 @@
refused. If the zone has changed and the ``ixfr-from-differences``
option is in use, the journal file is updated to reflect
changes in the zone. Otherwise, if the zone has changed, any existing
- journal file is removed.
+ journal file is removed. If no zone is specified, the reloading happens
+ asynchronously.
See also ``rndc freeze``.
diff -Nru bind9-9.16.44/bin/tests/system/README bind9-9.16.48/bin/tests/system/README
--- bind9-9.16.44/bin/tests/system/README 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/README 2024-02-11 11:31:39.000000000 +0000
@@ -662,14 +662,12 @@
need to edit multiple files to add a test.)
-Valgrind
+rr
---
-When running system tests, named can be run under Valgrind. The output from
-Valgrind are sent to per-process files that can be reviewed after the test has
-completed. To enable this, set the USE_VALGRIND environment variable to
-"helgrind" to run the Helgrind tool, or any other value to run the Memcheck
-tool. To use "helgrind" effectively, build BIND with --disable-atomic.
-
+When running system tests, named can be run under the rr tool. rr records a
+trace to the $system_test/nsX/named-Y/ directory, which can be later used to
+replay named. To enable this, execute start.pl with the USE_RR environment
+variable set.
Maintenance Notes
===
diff -Nru bind9-9.16.44/bin/tests/system/acl/tests.sh bind9-9.16.48/bin/tests/system/acl/tests.sh
--- bind9-9.16.44/bin/tests/system/acl/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/acl/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -22,38 +22,52 @@
echo_i "testing basic ACL processing"
# key "one" should fail
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
-
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
# any other key should be fine
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
copy_setports ns2/named2.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 5
# prefix 10/8 should fail
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
# any other address should work, as long as it sends key "one"
-t=`expr $t + 1`
-$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
-
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
+
+t=$(expr $t + 1)
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
echo_i "testing nested ACL processing"
# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed
@@ -62,45 +76,66 @@
sleep 5
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# but only one or the other should fail
-t=`expr $t + 1`
-$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
-
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; }
+ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
+
+t=$(expr $t + 1)
+$DIG $DIGOPTS tsigzone. \
+ @10.53.0.2 -b 10.53.0.2 axfr >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $tt failed"
+ status=1
+}
# and other values? right out
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
copy_setports ns2/named4.conf.in ns2/named.conf
@@ -108,63 +143,81 @@
sleep 5
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# should succeed
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 && {
+ echo_i "test $t failed"
+ status=1
+}
# should fail
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
# should fail
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
# should fail
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG $DIGOPTS tsigzone. \
- @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
-grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 >dig.out.${t}
+grep "^;" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
echo_i "testing allow-query-on ACL processing"
copy_setports ns2/named5.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
sleep 5
-t=`expr $t + 1`
+t=$(expr $t + 1)
$DIG -p ${PORT} +tcp soa example. \
- @10.53.0.2 -b 10.53.0.3 > dig.out.${t}
-grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ @10.53.0.2 -b 10.53.0.3 >dig.out.${t}
+grep "status: NOERROR" dig.out.${t} >/dev/null 2>&1 || {
+ echo_i "test $t failed"
+ status=1
+}
echo_i "testing blackhole ACL processing"
-t=`expr $t + 1`
+t=$(expr $t + 1)
ret=0
$DIG -p ${PORT} +tcp soa example. \
- @10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
-grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1
+ @10.53.0.2 -b 10.53.0.3 >dig.out.1.${t}
+grep "status: NOERROR" dig.out.1.${t} >/dev/null 2>&1 || ret=1
$DIG -p ${PORT} +tcp soa example. \
- @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t}
-grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1
-grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1
+ @10.53.0.2 -b 10.53.0.8 >dig.out.2.${t}
+grep "status: NOERROR" dig.out.2.${t} >/dev/null 2>&1 && ret=1
+grep "communications error" dig.out.2.${t} >/dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
- @10.53.0.2 -b 10.53.0.3 > dig.out.3.${t}
-grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1
+ @10.53.0.2 -b 10.53.0.3 >dig.out.3.${t}
+grep "status: NOERROR" dig.out.3.${t} >/dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
- @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t}
-grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
-grep "connection timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
+ @10.53.0.2 -b 10.53.0.8 >dig.out.4.${t}
+grep "status: NOERROR" dig.out.4.${t} >/dev/null 2>&1 && ret=1
+grep "connection timed out" dig.out.4.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# AXFR tests against ns3
@@ -174,26 +227,26 @@
$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
-t=`expr $t + 1`
+t=$(expr $t + 1)
ret=0
echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
-$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
+$DIG -p ${PORT} @10.53.0.3 example.com axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "calling rndc reconfig"
rndc_reconfig ns3 10.53.0.3
sleep 1
-t=`expr $t + 1`
+t=$(expr $t + 1)
ret=0
echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
-$DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
+$DIG -p ${PORT} @10.53.0.3 example.com axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# AXFR tests against ns4
@@ -203,26 +256,26 @@
$RNDCCMD 10.53.0.4 addzone 'example.com {type primary; file "example.db"; }; '
sleep 1
-t=`expr $t + 1`
+t=$(expr $t + 1)
ret=0
echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
-$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
+$DIG -p ${PORT} @10.53.0.4 example.com axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "calling rndc reconfig"
rndc_reconfig ns4 10.53.0.4
sleep 1
-t=`expr $t + 1`
+t=$(expr $t + 1)
ret=0
echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
-$DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
+$DIG -p ${PORT} @10.53.0.4 example.com axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/additional/tests.sh bind9-9.16.48/bin/tests/system/additional/tests.sh
--- bind9-9.16.44/bin/tests/system/additional/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/additional/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -21,229 +21,245 @@
n=0
dotests() {
- n=`expr $n + 1`
- echo_i "test with RT, single zone (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with RT, two zones (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NAPTR, single zone (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NAPTR, two zones (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with LP (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
- case $minimal in
+ n=$(expr $n + 1)
+ echo_i "test with RT, single zone (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with RT, two zones (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NAPTR, single zone (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NAPTR, two zones (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with LP (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ case $minimal in
no)
- grep -w "NS" dig.out.$n > /dev/null || ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
+ grep -w "NS" dig.out.$n >/dev/null || ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
;;
yes)
- grep -w "NS" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
+ grep -w "NS" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
;;
no-auth)
- grep -w "NS" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
+ grep -w "NS" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
;;
no-auth-recursive)
- grep -w "NS" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
- ;;
- esac
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NID (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $minimal = no ] ; then
- # change && to || when we support NID additional processing
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- else
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- fi
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NID + LP (+rec) ($n)"
- ret=0
- $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $minimal = no ] ; then
- # change && to || when we support NID additional processing
- grep -w "LP" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- else
- grep -w "LP" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- fi
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with RT, single zone (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with RT, two zones (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NAPTR, single zone (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NAPTR, two zones (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with LP (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
- case $minimal in
+ grep -w "NS" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
+ ;;
+ esac
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NID (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $minimal = no ]; then
+ # change && to || when we support NID additional processing
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ else
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ fi
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NID + LP (+rec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $minimal = no ]; then
+ # change && to || when we support NID additional processing
+ grep -w "LP" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ else
+ grep -w "LP" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ fi
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with RT, single zone (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with RT, two zones (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NAPTR, single zone (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NAPTR, two zones (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with LP (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ case $minimal in
no)
- grep -w "NS" dig.out.$n > /dev/null || ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
+ grep -w "NS" dig.out.$n >/dev/null || ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
;;
yes)
- grep -w "NS" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
+ grep -w "NS" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
;;
no-auth)
- grep -w "NS" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
+ grep -w "NS" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
;;
no-auth-recursive)
- grep -w "NS" dig.out.$n > /dev/null || ret=1
- grep -w "L64" dig.out.$n > /dev/null || ret=1
- grep -w "L32" dig.out.$n > /dev/null || ret=1
- ;;
- esac
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NID (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $minimal = no ] ; then
- # change && to || when we support NID additional processing
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- else
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- fi
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NID + LP (+norec) ($n)"
- ret=0
- $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
- if [ $minimal = no ] ; then
- # change && to || when we support NID additional processing
- grep -w "LP" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- else
- grep -w "LP" dig.out.$n > /dev/null && ret=1
- grep -w "L64" dig.out.$n > /dev/null && ret=1
- grep -w "L32" dig.out.$n > /dev/null && ret=1
- fi
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NS, root zone ($n)"
- ret=0
- $DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1
- # Always expect glue for root priming queries, regardless $minimal
- grep 'ADDITIONAL: 3' dig.out.$n > /dev/null || ret=1
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
-
- n=`expr $n + 1`
- echo_i "test with NS, non-root zone ($n)"
- ret=0
- $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
- case $minimal in
+ grep -w "NS" dig.out.$n >/dev/null || ret=1
+ grep -w "L64" dig.out.$n >/dev/null || ret=1
+ grep -w "L32" dig.out.$n >/dev/null || ret=1
+ ;;
+ esac
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NID (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $minimal = no ]; then
+ # change && to || when we support NID additional processing
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ else
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ fi
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NID + LP (+norec) ($n)"
+ ret=0
+ $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 >dig.out.$n || ret=1
+ if [ $minimal = no ]; then
+ # change && to || when we support NID additional processing
+ grep -w "LP" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ else
+ grep -w "LP" dig.out.$n >/dev/null && ret=1
+ grep -w "L64" dig.out.$n >/dev/null && ret=1
+ grep -w "L32" dig.out.$n >/dev/null && ret=1
+ fi
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NS, root zone ($n)"
+ ret=0
+ $DIG $DIGOPTS -t NS . @10.53.0.1 >dig.out.$n || ret=1
+ # Always expect glue for root priming queries, regardless $minimal
+ grep 'ADDITIONAL: 3' dig.out.$n >/dev/null || ret=1
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
+
+ n=$(expr $n + 1)
+ echo_i "test with NS, non-root zone ($n)"
+ ret=0
+ $DIG $DIGOPTS -t NS rt.example @10.53.0.1 >dig.out.$n || ret=1
+ case $minimal in
yes)
- grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+ grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1
;;
no)
- grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+ grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1
;;
no-auth)
- grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+ grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1
;;
no-auth-recursive)
- grep 'ADDITIONAL: 2' dig.out.$n > /dev/null || ret=1
+ grep 'ADDITIONAL: 2' dig.out.$n >/dev/null || ret=1
;;
- esac
- if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
- fi
+ esac
+ if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
+ fi
}
echo_i "testing with 'minimal-responses yes;'"
@@ -258,44 +274,48 @@
minimal=no
dotests
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing with 'minimal-any no;' ($n)"
ret=0
-$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
echo_i "reconfiguring server: minimal-any yes"
copy_setports ns1/named3.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
-$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing with 'minimal-any yes;' over TCP ($n)"
ret=0
-$DIG $DIGOPTS -t ANY +tcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY +tcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing with 'minimal-any yes;' over UDP ($n)"
ret=0
-$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
echo_i "testing with 'minimal-responses no-auth;'"
@@ -310,68 +330,74 @@
minimal=no-auth-recursive
dotests
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing returning TLSA records with MX query ($n)"
ret=0
-$DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1
-grep "mx\.example\..*MX.0 mail\.mx\.example" dig.out.$n > /dev/null || ret=1
-grep "mail\.mx\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1
-grep "_25\._tcp\.mail\.mx\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t mx mx.example @10.53.0.1 >dig.out.$n || ret=1
+grep "mx\.example\..*MX.0 mail\.mx\.example" dig.out.$n >/dev/null || ret=1
+grep "mail\.mx\.example\..*A.1\.2\.3\.4" dig.out.$n >/dev/null || ret=1
+grep "_25\._tcp\.mail\.mx\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing returning TLSA records with SRV query ($n)"
ret=0
-$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1
-grep "_xmpp-client\._tcp\.srv\.example\..*SRV.1 0 5222 server\.srv\.example" dig.out.$n > /dev/null || ret=1
-grep "server\.srv\.example\..*A.1\.2\.3\.4" dig.out.$n > /dev/null || ret=1
-grep "_5222\._tcp\.server\.srv\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 >dig.out.$n || ret=1
+grep "_xmpp-client\._tcp\.srv\.example\..*SRV.1 0 5222 server\.srv\.example" dig.out.$n >/dev/null || ret=1
+grep "server\.srv\.example\..*A.1\.2\.3\.4" dig.out.$n >/dev/null || ret=1
+grep "_5222\._tcp\.server\.srv\.example\..*TLSA.3 0 1 5B30F9602297D558EB719162C225088184FAA32CA45E1ED15DE58A21 D9FCE383" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
echo_i "reconfiguring server: minimal-responses no"
copy_setports ns1/named2.conf.in ns1/named.conf
rndc_reconfig ns1 10.53.0.1
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing NS handling in ANY responses (authoritative) ($n)"
ret=0
-$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
-grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "AUTHORITY: 0" dig.out.$n >/dev/null || ret=1
+grep "NS[ ]*ns" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing NS handling in ANY responses (recursive) ($n)"
ret=0
-$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1
-grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
-grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t ANY rt.example @10.53.0.3 >dig.out.$n || ret=1
+grep "AUTHORITY: 0" dig.out.$n >/dev/null || ret=1
+grep "NS[ ]*ns" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)"
ret=0
-$DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
-grep "ADDITIONAL: 2" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t NS rt.example @10.53.0.1 >dig.out.$n || ret=1
+grep "ADDITIONAL: 2" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)"
ret=0
-$DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1
-grep "ADDITIONAL: 3" dig.out.$n > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
- echo_i "failed"; status=$((status+1))
+$DIG $DIGOPTS -t NS ex @10.53.0.3 >dig.out.$n || ret=1
+grep "ADDITIONAL: 3" dig.out.$n >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+ echo_i "failed"
+ status=$((status + 1))
fi
echo_i "exit status: $status"
diff -Nru bind9-9.16.44/bin/tests/system/addzone/tests.sh bind9-9.16.48/bin/tests/system/addzone/tests.sh
--- bind9-9.16.44/bin/tests/system/addzone/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/addzone/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -18,9 +18,9 @@
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
check_zonestatus() (
- $RNDCCMD "10.53.0.$1" zonestatus -redirect > "zonestatus.out.ns$1.$n" &&
- grep "type: redirect" "zonestatus.out.ns$1.$n" > /dev/null &&
- grep "serial: 1" "zonestatus.out.ns$1.$n" > /dev/null
+ $RNDCCMD "10.53.0.$1" zonestatus -redirect >"zonestatus.out.ns$1.$n" \
+ && grep "type: redirect" "zonestatus.out.ns$1.$n" >/dev/null \
+ && grep "serial: 1" "zonestatus.out.ns$1.$n" >/dev/null
)
status=0
@@ -28,463 +28,465 @@
echo_i "checking normally loaded zone ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG $DIGOPTS @10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# When LMDB support is compiled in, this tests that migration from
# NZF to NZD occurs during named startup
echo_i "checking previously added zone ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG $DIGOPTS @10.53.0.2 a.previous.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.previous.example' dig.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if $FEATURETEST --with-lmdb; then
- echo_i "checking that existing NZF file was renamed after migration ($n)"
- [ -e ns2/3bf305731dd26307.nzf~ ] || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "checking that existing NZF file was renamed after migration ($n)"
+ [ -e ns2/3bf305731dd26307.nzf~ ] || ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
echo_i "adding new zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'added.example { type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-_check_adding_new_zone () (
- $DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.added.example' dig.out.ns2.$n > /dev/null
+_check_adding_new_zone() (
+ $DIG $DIGOPTS @10.53.0.2 a.added.example a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.added.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_adding_new_zone || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
nextpart ns2/named.run >/dev/null
echo_i "checking addzone errors are logged correctly"
ret=0
-$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' >/dev/null 2>&1 || ret=1
wait_for_log_peek 20 "addzone: 'mister' unexpected" ns2/named.run || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
nextpart ns2/named.run >/dev/null
echo_i "checking modzone errors are logged correctly"
ret=0
-$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' >/dev/null 2>&1 || ret=1
wait_for_log_peek 20 "modzone: 'mister' unexpected" ns2/named.run || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "adding a zone that requires quotes ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone '"32/1.0.0.127-in-addr.added.example" {
check-names ignore; type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
_check_zone_that_requires_quotes() (
- $DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 "a.32/1.0.0.127-in-addr.added.example" a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_zone_that_requires_quotes || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "adding a zone with a quote in the name ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone '"foo\"bar.example" { check-names ignore; type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
_check_zone_with_a_quote() (
- $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.foo\\"bar.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_zone_with_a_quote || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "adding new zone with missing file ($n)"
ret=0
-$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
-grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n
-grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
-$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
-grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
+$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a >dig.out.ns2.pre.$n || ret=1
+grep "status: REFUSED" dig.out.ns2.pre.$n >/dev/null || ret=1
+$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2>rndc.out.ns2.$n
+grep "file not found" rndc.out.ns2.$n >/dev/null || ret=1
+$DIG $DIGOPTS +all @10.53.0.2 a.missing.example a >dig.out.ns2.post.$n || ret=1
+grep "status: REFUSED" dig.out.ns2.post.$n >/dev/null || ret=1
digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if ! $FEATURETEST --with-lmdb; then
- echo_i "verifying no comments in NZF file ($n)"
- ret=0
- hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
- [ $hcount -eq 0 ] || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "verifying no comments in NZF file ($n)"
+ ret=0
+ hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
+ [ $hcount -eq 0 ] || ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
echo_i "checking rndc showzone with previously added zone ($n)"
ret=0
-$RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
+$RNDCCMD 10.53.0.2 showzone previous.example >rndc.out.ns2.$n
expected='zone "previous.example" { type primary; file "previous.db"; };'
-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
-n=`expr $n + 1`
+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if $FEATURETEST --with-lmdb; then
- echo_i "checking zone is present in NZD ($n)"
- ret=0
- $NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "checking zone is present in NZD ($n)"
+ ret=0
+ $NZD2NZF ns2/_default.nzd | grep previous.example >/dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
echo_i "deleting previously added zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone previous.example 2>&1 | sed 's/^/I:ns2 /'
_check_deleting_previously_added_zone() (
- $DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n &&
- grep 'status: REFUSED' dig.out.ns2.$n > /dev/null &&
- ! grep '^a.previous.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.previous.example a >dig.out.ns2.$n \
+ && grep 'status: REFUSED' dig.out.ns2.$n >/dev/null \
+ && ! grep '^a.previous.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_previously_added_zone || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
check_nzd2nzf() (
- $NZD2NZF ns2/_default.nzd > nzd2nzf.out.$n &&
- ! grep previous.example nzd2nzf.out.$n > /dev/null
+ $NZD2NZF ns2/_default.nzd >nzd2nzf.out.$n \
+ && ! grep previous.example nzd2nzf.out.$n >/dev/null
)
if $FEATURETEST --with-lmdb; then
- echo_i "checking zone was deleted from NZD ($n)"
- retry_quiet 10 check_nzd2nzf || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "checking zone was deleted from NZD ($n)"
+ retry_quiet 10 check_nzd2nzf || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
if ! $FEATURETEST --with-lmdb; then
- echo_i "checking NZF file now has comment ($n)"
- ret=0
- hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
- [ $hcount -eq 1 ] || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "checking NZF file now has comment ($n)"
+ ret=0
+ hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
+ [ $hcount -eq 1 ] || ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
echo_i "deleting newly added zone added.example ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone added.example 2>&1 | sed 's/^/I:ns2 /'
_check_deleting_newly_added_zone() (
- $DIG $DIGOPTS @10.53.0.2 a.added.example a > dig.out.ns2.$n &&
- grep 'status: REFUSED' dig.out.ns2.$n > /dev/null &&
- ! grep '^a.added.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.added.example a >dig.out.ns2.$n \
+ && grep 'status: REFUSED' dig.out.ns2.$n >/dev/null \
+ && ! grep '^a.added.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "deleting newly added zone with escaped quote ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone "foo\\\"bar.example" 2>&1 | sed 's/^/I:ns2 /'
_check_deleting_newly_added_zone_quote() (
- $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a > dig.out.ns2.$n &&
- grep 'status: REFUSED' dig.out.ns2.$n > /dev/null &&
- ! grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 "a.foo\"bar.example" a >dig.out.ns2.$n \
+ && grep 'status: REFUSED' dig.out.ns2.$n >/dev/null \
+ && ! grep "^a.foo\"bar.example" dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone_quote || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc showzone with a normally-loaded zone ($n)"
ret=0
-$RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
+$RNDCCMD 10.53.0.2 showzone normal.example >rndc.out.ns2.$n
expected='zone "normal.example" { type primary; file "normal.db"; };'
-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
-n=`expr $n + 1`
+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)"
ret=0
-$RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
+$RNDCCMD 10.53.0.2 showzone finaldot.example >rndc.out.ns2.$n
expected='zone "finaldot.example." { type primary; file "normal.db"; };'
-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
-n=`expr $n + 1`
+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)"
ret=0
-$RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
+$RNDCCMD 10.53.0.1 showzone -redirect >rndc.out.ns1.$n
expected='zone "." { type redirect; file "redirect.db"; };'
-[ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1
-n=`expr $n + 1`
+[ "$(cat rndc.out.ns1.$n)" = "$expected" ] || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)"
ret=0
-$RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
-grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1
-grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.1 zonestatus -redirect >rndc.out.ns1.$n
+grep "type: redirect" rndc.out.ns1.$n >/dev/null || ret=1
+grep "serial: 0" rndc.out.ns1.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc reload with a normally-loaded redirect zone ($n)"
ret=0
sleep 1
cp -f ns1/redirect.db.2 ns1/redirect.db
-$RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n
+$RNDCCMD 10.53.0.1 reload -redirect >rndc.out.ns1.$n
retry_quiet 5 check_zonestatus 1 || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "delete a normally-loaded zone ($n)"
ret=0
-$RNDCCMD 10.53.0.2 delzone normal.example > rndc.out.ns2.$n 2>&1
-grep "is no longer active and will be deleted" rndc.out.ns2.$n > /dev/null || ret=11
-grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n > /dev/null || ret=1
-grep "must also be removed from named.conf." rndc.out.ns2.$n > /dev/null || ret=1
+$RNDCCMD 10.53.0.2 delzone normal.example >rndc.out.ns2.$n 2>&1
+grep "is no longer active and will be deleted" rndc.out.ns2.$n >/dev/null || ret=11
+grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n >/dev/null || ret=1
+grep "must also be removed from named.conf." rndc.out.ns2.$n >/dev/null || ret=1
_check_delete_normally_loaded_zone() (
- $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n &&
- grep 'status: REFUSED' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.normal.example a >dig.out.ns2.$n \
+ && grep 'status: REFUSED' dig.out.ns2.$n >/dev/null
)
retry_quiet 5 _check_delete_normally_loaded_zone || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to add primary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inline.example { type primary; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
_check_add_primary_zone_with_inline() (
- $DIG $DIGOPTS @10.53.0.2 a.inline.example a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.inline.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.inline.example a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.inline.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 5 _check_add_primary_zone_with_inline || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to add primary zone with inline signing and missing file ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
-grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2>rndc.out.ns2.$n
+grep "file not found" rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to add secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
_check_add_secondary_with_inline() (
- $DIG $DIGOPTS @10.53.0.2 a.inlinesec.example a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.inlinesec.example a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.inlinesec.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 5 _check_add_secondary_with_inline || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to delete secondary zone with inline signing ($n)"
ret=0
retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1
-$RNDCCMD 10.53.0.2 delzone inlinesec.example > rndc.out2.test$n 2>&1 || ret=1
-test -f inlinesec.bk ||
-grep '^inlinesec.bk$' rndc.out2.test$n > /dev/null || {
- echo_i "failed to report inlinesec.bk"; ret=1;
+$RNDCCMD 10.53.0.2 delzone inlinesec.example >rndc.out2.test$n 2>&1 || ret=1
+test -f inlinesec.bk \
+ || grep '^inlinesec.bk$' rndc.out2.test$n >/dev/null || {
+ echo_i "failed to report inlinesec.bk"
+ ret=1
}
-test ! -f inlinesec.bk.signed ||
-grep '^inlinesec.bk.signed$' rndc.out2.test$n > /dev/null || {
- echo_i "failed to report inlinesec.bk.signed"; ret=1;
+test ! -f inlinesec.bk.signed \
+ || grep '^inlinesec.bk.signed$' rndc.out2.test$n >/dev/null || {
+ echo_i "failed to report inlinesec.bk.signed"
+ ret=1
}
-n=`expr $n + 1`
-status=`expr $status + $ret`
+n=$(expr $n + 1)
+status=$(expr $status + $ret)
echo_i "restoring secondary zone with inline signing ($n)"
$RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
_check_restoring_secondary_with_inline() (
- $DIG $DIGOPTS @10.53.0.2 a.inlinesec.example a > dig.out.ns2.$n &&
- grep 'status: NOERROR' dig.out.ns2.$n > /dev/null &&
- grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.2 a.inlinesec.example a >dig.out.ns2.$n \
+ && grep 'status: NOERROR' dig.out.ns2.$n >/dev/null \
+ && grep '^a.inlinesec.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 5 _check_restoring_secondary_with_inline || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "deleting secondary zone with automatic zone file removal ($n)"
ret=0
retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1
-$RNDCCMD 10.53.0.2 delzone -clean inlinesec.example > /dev/null 2>&1
+$RNDCCMD 10.53.0.2 delzone -clean inlinesec.example >/dev/null 2>&1
retry_quiet 10 test ! -f ns2/inlinesec.bk.signed -a ! -f ns2/inlinesec.bk
-n=`expr $n + 1`
-status=`expr $status + $ret`
+n=$(expr $n + 1)
+status=$(expr $status + $ret)
echo_i "modifying zone configuration ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'mod.example { type primary; file "added.db"; };' 2>&1 | sed 's/^/ns2 /' | cat_i
-$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.1.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns >dig.out.ns2.1.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.1.$n >/dev/null || ret=1
$RNDCCMD 10.53.0.2 modzone 'mod.example { type primary; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/ns2 /' | cat_i
-$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
-$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$DIG +norec $DIGOPTS @10.53.0.2 mod.example ns >dig.out.ns2.2.$n || ret=1
+$RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that adding a 'stub' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' >rndc.out.ns2.$n 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that adding a 'static-stub' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' >rndc.out.ns2.$n 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that adding a 'primary redirect' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 addzone '"." { type redirect; file "redirect.db"; };' >rndc.out.ns2.$n 2>&1 || ret=1
_check_add_primary_redirect() (
- $RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 &&
- grep "type redirect;" showzone.out.ns2.$n > /dev/null &&
- $RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 &&
- grep "type: redirect" zonestatus.out.ns2.$n > /dev/null &&
- grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
+ $RNDCCMD 10.53.0.2 showzone -redirect >showzone.out.ns2.$n 2>&1 \
+ && grep "type redirect;" showzone.out.ns2.$n >/dev/null \
+ && $RNDCCMD 10.53.0.2 zonestatus -redirect >zonestatus.out.ns2.$n 2>&1 \
+ && grep "type: redirect" zonestatus.out.ns2.$n >/dev/null \
+ && grep "serial: 0" zonestatus.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_add_primary_redirect || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that reloading a added 'primary redirect' zone works ($n)"
ret=0
sleep 1
cp -f ns2/redirect.db.2 ns2/redirect.db
-$RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n
+$RNDCCMD 10.53.0.2 reload -redirect >rndc.out.ns2.$n
retry_quiet 10 check_zonestatus 2 || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that retransfer of a added 'primary redirect' zone fails ($n)"
ret=0
-$RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 retransfer -redirect >rndc.out.ns2.$n 2>&1 && ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that deleting a 'primary redirect' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 delzone -redirect >rndc.out.ns2.$n 2>&1 || ret=1
_check_deleting_primary_redirect() (
- $RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || true
- grep 'not found' showzone.out.ns2.$n > /dev/null
+ $RNDCCMD 10.53.0.2 showzone -redirect >showzone.out.ns2.$n 2>&1 || true
+ grep 'not found' showzone.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_primary_redirect || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that adding a 'secondary redirect' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type redirect; primaries { 10.53.0.3;}; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 addzone '"." { type redirect; primaries { 10.53.0.3;}; file "redirect.bk"; };' >rndc.out.ns2.$n 2>&1 || ret=1
_check_adding_secondary_redirect() (
- $RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 &&
- grep "type redirect;" showzone.out.ns2.$n > /dev/null &&
- $RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 &&
- grep "type: redirect" zonestatus.out.ns2.$n > /dev/null &&
- grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
+ $RNDCCMD 10.53.0.2 showzone -redirect >showzone.out.ns2.$n 2>&1 \
+ && grep "type redirect;" showzone.out.ns2.$n >/dev/null \
+ && $RNDCCMD 10.53.0.2 zonestatus -redirect >zonestatus.out.ns2.$n 2>&1 \
+ && grep "type: redirect" zonestatus.out.ns2.$n >/dev/null \
+ && grep "serial: 0" zonestatus.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_adding_secondary_redirect || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that retransfering a added 'secondary redirect' zone works ($n)"
ret=0
cp -f ns3/redirect.db.2 ns3/redirect.db
-$RNDCCMD 10.53.0.3 reload . > showzone.out.ns3.$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 reload . >showzone.out.ns3.$n 2>&1 || ret=1
_check_retransfering_secondary_redirect() (
- $RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 &&
- $RNDCCMD 10.53.0.2 zonestatus -redirect > zonestatus.out.ns2.$n 2>&1 &&
- grep "type: redirect" zonestatus.out.ns2.$n > /dev/null &&
- grep "serial: 1" zonestatus.out.ns2.$n > /dev/null
+ $RNDCCMD 10.53.0.2 retransfer -redirect >rndc.out.ns2.$n 2>&1 \
+ && $RNDCCMD 10.53.0.2 zonestatus -redirect >zonestatus.out.ns2.$n 2>&1 \
+ && grep "type: redirect" zonestatus.out.ns2.$n >/dev/null \
+ && grep "serial: 1" zonestatus.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_retransfering_secondary_redirect || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that deleting a 'secondary redirect' zone works ($n)"
ret=0
-$RNDCCMD 10.53.0.2 delzone -redirect > rndc.out.ns2.$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.2 delzone -redirect >rndc.out.ns2.$n 2>&1 || ret=1
_check_deleting_secondary_redirect() (
- $RNDCCMD 10.53.0.2 showzone -redirect > showzone.out.ns2.$n 2>&1 || true
- grep 'not found' showzone.out.ns2.$n > /dev/null
+ $RNDCCMD 10.53.0.2 showzone -redirect >showzone.out.ns2.$n 2>&1 || true
+ grep 'not found' showzone.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_secondary_redirect || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that zone type 'hint' is properly rejected ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
-grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' >rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that zone type 'forward' is properly rejected ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
-grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' >rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that zone type 'delegation-only' is properly rejected ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
-grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' >rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check that 'in-view' zones are properly rejected ($n)"
ret=0
-$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
-grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' >rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "reconfiguring server with multiple views"
rm -f ns2/named.conf
@@ -499,118 +501,118 @@
# the zone does not exist because a) it has not yet been loaded, b)
# it failed to load, or c) it has been deleted.
ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.intpre.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.intpre.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.extpre.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.extpre.$n >/dev/null || ret=1
$RNDCCMD 10.53.0.2 addzone 'added.example in external { type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
-grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.int.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.int.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.ext.$n >/dev/null || ret=1
+grep '^a.added.example' dig.out.ns2.ext.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if ! $FEATURETEST --with-lmdb; then
- echo_i "checking new NZF file has comment ($n)"
- ret=0
- hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l`
- [ $hcount -eq 1 ] || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "checking new NZF file has comment ($n)"
+ ret=0
+ hcount=$(grep "^# New zone file for view: external" ns2/external.nzf | wc -l)
+ [ $hcount -eq 1 ] || ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
if $FEATURETEST --with-lmdb; then
- echo_i "verifying added.example in external view created an external.nzd DB ($n)"
- ret=0
- [ -e ns2/external.nzd ] || ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ echo_i "verifying added.example in external view created an external.nzd DB ($n)"
+ ret=0
+ [ -e ns2/external.nzd ] || ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)"
ret=0
$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i
_check_rndc_reload_external_view_config() (
- $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n &&
- grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null &&
- $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n &&
- grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null &&
- grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
+ $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.int.$n \
+ && grep 'status: NOERROR' dig.out.ns2.int.$n >/dev/null \
+ && $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n \
+ && grep 'status: NOERROR' dig.out.ns2.ext.$n >/dev/null \
+ && grep '^a.added.example' dig.out.ns2.ext.$n >/dev/null
)
retry_quiet 10 _check_rndc_reload_external_view_config || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking rndc showzone with newly added zone ($n)"
_check_rndc_showzone_newly_added() (
- if ! $FEATURETEST --with-lmdb; then
- expected='zone "added.example" in external { type primary; file "added.db"; };'
- else
- expected='zone "added.example" { type primary; file "added.db"; };'
- fi
- $RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null &&
- [ "`cat rndc.out.ns2.$n`" = "$expected" ]
+ if ! $FEATURETEST --with-lmdb; then
+ expected='zone "added.example" in external { type primary; file "added.db"; };'
+ else
+ expected='zone "added.example" { type primary; file "added.db"; };'
+ fi
+ $RNDCCMD 10.53.0.2 showzone added.example in external >rndc.out.ns2.$n 2>/dev/null \
+ && [ "$(cat rndc.out.ns2.$n)" = "$expected" ]
)
-retry_quiet 10 _check_rndc_showzone_newly_added || ret=1
-n=`expr $n + 1`
+retry_quiet 10 _check_rndc_showzone_newly_added || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "deleting newly added zone ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
_check_deleting_newly_added_zone() (
- $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n &&
- grep 'status: REFUSED' dig.out.ns2.$n > /dev/null &&
- ! grep '^a.added.example' dig.out.ns2.$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.$n \
+ && grep 'status: REFUSED' dig.out.ns2.$n >/dev/null \
+ && ! grep '^a.added.example' dig.out.ns2.$n >/dev/null
)
retry_quiet 10 _check_deleting_newly_added_zone || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to add zone to internal view ($n)"
ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
-$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n
-grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.pre.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.pre.$n >/dev/null || ret=1
+$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2>rndc.out.ns2.$n
+grep "permission denied" rndc.out.ns2.$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.int.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.int.$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.ext.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "attempting to delete a policy zone ($n)"
ret=0
-$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
-grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2>rndc.out.ns2.$n >&1
+grep 'cannot be deleted' rndc.out.ns2.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "adding new zone again to external view ($n)"
ret=0
$RNDCCMD 10.53.0.2 addzone 'added.example in external { type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
_check_adding_new_zone_again_external() (
- $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n &&
- grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null &&
- $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n &&
- grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null &&
- grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
+ $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.int.$n \
+ && grep 'status: NOERROR' dig.out.ns2.int.$n >/dev/null \
+ && $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n \
+ && grep 'status: NOERROR' dig.out.ns2.ext.$n >/dev/null \
+ && grep '^a.added.example' dig.out.ns2.ext.$n >/dev/null
)
retry_quiet 10 _check_adding_new_zone_again_external || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "reconfiguring server with multiple views and new-zones-directory"
rm -f ns2/named.conf
@@ -619,137 +621,136 @@
echo_i "checking new zone is still loaded after dir change ($n)"
ret=0
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
-grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.ext.$n >/dev/null || ret=1
+grep '^a.added.example' dig.out.ns2.ext.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "deleting newly added zone from external ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
-n=`expr $n + 1`
+$DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.added.example' dig.out.ns2.$n >/dev/null && ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "adding new zone to directory view ($n)"
ret=0
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.intpre.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.intpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.extpre.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.extpre.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dirpre.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.dirpre.$n > /dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.intpre.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.intpre.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.extpre.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.extpre.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a >dig.out.ns2.dirpre.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.dirpre.$n >/dev/null || ret=1
$RNDCCMD 10.53.0.2 addzone 'added.example in directory { type primary; file "added.db"; };' 2>&1 | sed 's/^/I:ns2 /'
-$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
-$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1
-grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a >dig.out.ns2.int.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.int.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a >dig.out.ns2.ext.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.ext.$n >/dev/null || ret=1
+$DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a >dig.out.ns2.dir.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.dir.$n >/dev/null || ret=1
+grep '^a.added.example' dig.out.ns2.dir.$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if $FEATURETEST --with-lmdb; then
- echo_i "checking NZD file was created in new-zones-directory ($n)"
- expect=ns2/new-zones/directory.nzd
+ echo_i "checking NZD file was created in new-zones-directory ($n)"
+ expect=ns2/new-zones/directory.nzd
else
- echo_i "checking NZF file was created in new-zones-directory ($n)"
- expect=ns2/new-zones/directory.nzf
+ echo_i "checking NZF file was created in new-zones-directory ($n)"
+ expect=ns2/new-zones/directory.nzf
fi
$RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
sleep 2
[ -e "$expect" ] || ret=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "deleting newly added zone from directory ($n)"
ret=0
$RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
-$DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
-n=`expr $n + 1`
+$DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.added.example' dig.out.ns2.$n >/dev/null && ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "ensure the configuration context is cleaned up correctly ($n)"
ret=0
rndc_reconfig ns2 10.53.0.2
-$RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.2 status >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "check delzone after reconfig failure ($n)"
ret=0
-$RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inlinesec.db"; masterfile-format text; primaries { test; }; };' > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inlinesec.db"; masterfile-format text; primaries { test; }; };' >/dev/null 2>&1 || ret=1
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reconfig ns3 10.53.0.3
-$RNDCCMD 10.53.0.3 delzone inlinesec.example > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$RNDCCMD 10.53.0.3 delzone inlinesec.example >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-if ! $FEATURETEST --with-lmdb
-then
- echo_i "check that addzone is fully reversed on failure (--with-lmdb=no) ($n)"
- ret=0
- $RNDCCMD 10.53.0.3 addzone "test1.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
- $RNDCCMD 10.53.0.3 addzone "test2.baz" '{ type primary; file "dne.db"; };' > /dev/null 2>&1 && ret=1
- $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
- $RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
- grep test2.baz ns3/_default.nzf > /dev/null && ret=1
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+if ! $FEATURETEST --with-lmdb; then
+ echo_i "check that addzone is fully reversed on failure (--with-lmdb=no) ($n)"
+ ret=0
+ $RNDCCMD 10.53.0.3 addzone "test1.baz" '{ type primary; file "e.db"; };' >/dev/null 2>&1 || ret=1
+ $RNDCCMD 10.53.0.3 addzone "test2.baz" '{ type primary; file "dne.db"; };' >/dev/null 2>&1 && ret=1
+ $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' >/dev/null 2>&1 || ret=1
+ $RNDCCMD 10.53.0.3 delzone "test3.baz" >/dev/null 2>&1 || ret=1
+ grep test2.baz ns3/_default.nzf >/dev/null && ret=1
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
fi
_check_version_bind() (
- $DIG $DIGOPTS @10.53.0.3 version.bind txt ch > dig.out.test$n &&
- grep "status: NOERROR" dig.out.test$n > /dev/null
+ $DIG $DIGOPTS @10.53.0.3 version.bind txt ch >dig.out.test$n \
+ && grep "status: NOERROR" dig.out.test$n >/dev/null
)
echo_i "check that named restarts with multiple added zones ($n)"
ret=0
-$RNDCCMD 10.53.0.3 addzone "test4.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone "test5.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone '"test/.baz"' '{ type primary; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone '"test\".baz"' '{ type primary; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone '"test\\.baz"' '{ type primary; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone '"test\032.baz"' '{ type primary; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
-$RNDCCMD 10.53.0.3 addzone '"test\010.baz"' '{ type primary; check-names ignore; file "e.db"; };' > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone "test4.baz" '{ type primary; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone "test5.baz" '{ type primary; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone '"test/.baz"' '{ type primary; check-names ignore; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone '"test\".baz"' '{ type primary; check-names ignore; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone '"test\\.baz"' '{ type primary; check-names ignore; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone '"test\032.baz"' '{ type primary; check-names ignore; file "e.db"; };' >/dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 addzone '"test\010.baz"' '{ type primary; check-names ignore; file "e.db"; };' >/dev/null 2>&1 || ret=1
stop_server ns3
start_server --noclean --restart --port ${PORT} ns3 || ret=1
retry_quiet 10 _check_version_bind || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA "test4.baz" > dig.out.1.test$n || ret=1
-grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.1.test$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA "test5.baz" > dig.out.2.test$n || ret=1
-grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.2.test$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA 'test/.baz' > dig.out.3.test$n || ret=1
-grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.3.test$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA 'test\\.baz' > dig.out.4.test$n || ret=1
-grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.4.test$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA 'test\032.baz' > dig.out.5.test$n || ret=1
-grep "status: NOERROR" dig.out.5.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.5.test$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' > dig.out.6.test$n || ret=1
-grep "status: NOERROR" dig.out.6.test$n > /dev/null || ret=1
-grep "ANSWER: 1," dig.out.6.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA "test4.baz" >dig.out.1.test$n || ret=1
+grep "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.1.test$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA "test5.baz" >dig.out.2.test$n || ret=1
+grep "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.2.test$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA 'test/.baz' >dig.out.3.test$n || ret=1
+grep "status: NOERROR" dig.out.3.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.3.test$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA 'test\\.baz' >dig.out.4.test$n || ret=1
+grep "status: NOERROR" dig.out.4.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.4.test$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA 'test\032.baz' >dig.out.5.test$n || ret=1
+grep "status: NOERROR" dig.out.5.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.5.test$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' >dig.out.6.test$n || ret=1
+grep "status: NOERROR" dig.out.6.test$n >/dev/null || ret=1
+grep "ANSWER: 1," dig.out.6.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/allow-query/setup.sh bind9-9.16.48/bin/tests/system/allow-query/setup.sh
--- bind9-9.16.44/bin/tests/system/allow-query/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/allow-query/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -15,6 +15,6 @@
. $SYSTEMTESTTOP/conf.sh
copy_setports ../common/controls.conf.in ns2/controls.conf
-copy_setports ns1/named.conf.in ns1/named.conf
-copy_setports ns2/named01.conf.in ns2/named.conf
-copy_setports ns3/named1.conf.in ns3/named.conf
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named01.conf.in ns2/named.conf
+copy_setports ns3/named1.conf.in ns3/named.conf
diff -Nru bind9-9.16.44/bin/tests/system/allow-query/tests.sh bind9-9.16.48/bin/tests/system/allow-query/tests.sh
--- bind9-9.16.44/bin/tests/system/allow-query/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/allow-query/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -60,629 +60,628 @@
status=0
n=0
-nextpart ns2/named.run > /dev/null
+nextpart ns2/named.run >/dev/null
# Test 1 - default, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 2 - explicit any, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named02.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 3 - none, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named03.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 4 - address allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named04.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 5 - address not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named05.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 6 - address disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named06.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 7 - acl allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named07.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 8 - acl not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named08.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
+status=$(expr $status + $ret)
# Test 9 - acl disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named09.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 10 - key allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named10.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 11 - key not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named11.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 12 - key disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named12.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# The next set of tests check if allow-query works in a view
n=20
# Test 21 - views default, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named21.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 22 - views explicit any, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named22.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 23 - views none, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named23.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 24 - views address allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named24.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 25 - views address not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named25.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 26 - views address disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named26.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 27 - views acl allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named27.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 28 - views acl not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named28.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 29 - views acl disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named29.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 30 - views key allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named30.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 31 - views key not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named31.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 32 - views key disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named32.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 33 - views over options, views allow, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named33.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views over options, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 34 - views over options, views disallow, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named34.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views over options, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Tests for allow-query in the zone statements
n=40
# Test 41 - zone default, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named40.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: zone default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 42 - zone explicit any, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.any.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 43 - zone none, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.none.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 44 - zone address allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.addrallow.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 45 - zone address not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.addrnotallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 46 - zone address disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.addrdisallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 47 - zone acl allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.aclallow.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 48 - zone acl not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.aclnotallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 49 - zone acl disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.acldisallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 50 - zone key allowed, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 51 - zone key not allowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.keyallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 52 - zone key disallowed, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: zone key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.keydisallow.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 53 - zones over options, zones allow, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named53.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views over options, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 54 - zones over options, zones disallow, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named54.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: views over options, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 55 - zones over views, zones allow, query allowed
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named55.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: zones over views, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 56 - zones over views, zones disallow, query refused
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named56.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: zones over views, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 57 - zones over views, zones disallow, query refused (allow-query-on)
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns2/named57.conf.in ns2/named.conf
rndc_reload ns2 10.53.0.2
echo_i "test $n: zones over views, allow-query-on"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.1.$n || ret=1
-grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
-grep '^a.normal.example' dig.out.ns2.1.$n > /dev/null || ret=1
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.2.$n || ret=1
-grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1
-grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a >dig.out.ns2.1.$n || ret=1
+grep 'status: NOERROR' dig.out.ns2.1.$n >/dev/null || ret=1
+grep '^a.normal.example' dig.out.ns2.1.$n >/dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a >dig.out.ns2.2.$n || ret=1
+grep 'status: REFUSED' dig.out.ns2.2.$n >/dev/null || ret=1
+grep '^a.aclnotallow.example' dig.out.ns2.2.$n >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 58 - allow-recursion default
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: default allow-recursion configuration"
ret=0
-$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a > dig.out.ns3.1.$n
-grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1
-$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a > dig.out.ns3.2.$n
-grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 a.normal.example a >dig.out.ns3.1.$n
+grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 a.normal.example a >dig.out.ns3.2.$n
+grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 59 - allow-query-cache default
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test $n: default allow-query-cache configuration"
ret=0
-$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n
-grep 'status: NOERROR' dig.out.ns3.1.$n > /dev/null || ret=1
-$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . > dig.out.ns3.2.$n
-grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . >dig.out.ns3.1.$n
+grep 'status: NOERROR' dig.out.ns3.1.$n >/dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 -b 10.53.0.1 ns . >dig.out.ns3.2.$n
+grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 60 - block recursion-on, allow query-cache-on
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns3/named2.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
echo_i "test $n: block recursion-on, allow query-cache-on"
ret=0
# this should query the cache, and an answer should already be there
-$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
-grep 'recursion requested but not available' dig.out.ns3.1.$n > /dev/null || ret=1
-grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
+grep 'recursion requested but not available' dig.out.ns3.1.$n >/dev/null || ret=1
+grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
# this should require recursion and therefore can't get an answer
-$DIG -p ${PORT} @10.53.0.3 b.normal.example a > dig.out.ns3.2.$n
-grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
-grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 b.normal.example a >dig.out.ns3.2.$n
+grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
+grep 'ANSWER: 0' dig.out.ns3.2.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 61 - inheritance of allow-query-cache-on from allow-recursion-on
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns3/named3.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
echo_i "test $n: inheritance of allow-query-cache-on"
ret=0
# this should query the cache, an answer should already be there
-$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
-grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
+grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
# this should be refused due to allow-recursion-on/allow-query-cache-on
-$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n
-grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
-grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n
+grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
+grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
# this should require recursion and should be allowed
-$DIG -p ${PORT} @10.53.0.3 c.normal.example a > dig.out.ns3.3.$n
-grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 c.normal.example a >dig.out.ns3.3.$n
+grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1
# this should require recursion and be refused
-$DIG -p ${PORT} @10.53.1.2 d.normal.example a > dig.out.ns3.4.$n
-grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1
-grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.1.2 d.normal.example a >dig.out.ns3.4.$n
+grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1
+grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Test 62 - inheritance of allow-recursion-on from allow-query-cache-on
-n=`expr $n + 1`
+n=$(expr $n + 1)
copy_setports ns3/named4.conf.in ns3/named.conf
rndc_reload ns3 10.53.0.3
echo_i "test $n: inheritance of allow-recursion-on"
ret=0
# this should query the cache, an answer should already be there
-$DIG -p ${PORT} @10.53.0.3 a.normal.example a > dig.out.ns3.1.$n
-grep 'ANSWER: 1' dig.out.ns3.1.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 a.normal.example a >dig.out.ns3.1.$n
+grep 'ANSWER: 1' dig.out.ns3.1.$n >/dev/null || ret=1
# this should be refused due to allow-recursion-on/allow-query-cache-on
-$DIG -p ${PORT} @10.53.1.2 a.normal.example a > dig.out.ns3.2.$n
-grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret=1
-grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.1.2 a.normal.example a >dig.out.ns3.2.$n
+grep 'recursion requested but not available' dig.out.ns3.2.$n >/dev/null || ret=1
+grep 'status: REFUSED' dig.out.ns3.2.$n >/dev/null || ret=1
# this should require recursion and should be allowed
-$DIG -p ${PORT} @10.53.0.3 e.normal.example a > dig.out.ns3.3.$n
-grep 'ANSWER: 1' dig.out.ns3.3.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.3 e.normal.example a >dig.out.ns3.3.$n
+grep 'ANSWER: 1' dig.out.ns3.3.$n >/dev/null || ret=1
# this should require recursion and be refused
-$DIG -p ${PORT} @10.53.1.2 f.normal.example a > dig.out.ns3.4.$n
-grep 'recursion requested but not available' dig.out.ns3.4.$n > /dev/null || ret=1
-grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1
+$DIG -p ${PORT} @10.53.1.2 f.normal.example a >dig.out.ns3.4.$n
+grep 'recursion requested but not available' dig.out.ns3.4.$n >/dev/null || ret=1
+grep 'status: REFUSED' dig.out.ns3.4.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/auth/tests.sh bind9-9.16.48/bin/tests/system/auth/tests.sh
--- bind9-9.16.44/bin/tests/system/auth/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/auth/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -19,173 +19,171 @@
status=0
n=0
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "wait for zones to finish transferring to ns2 ($n)"
-for i in 1 2 3 4 5 6 7 8 9 10
-do
+for i in 1 2 3 4 5 6 7 8 9 10; do
ret=0
- for zone in example.com example.net
- do
- $DIG $DIGOPTS @10.53.0.2 soa $zone > dig.out.test$n || ret=1
- grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1
+ for zone in example.com example.net; do
+ $DIG $DIGOPTS @10.53.0.2 soa $zone >dig.out.test$n || ret=1
+ grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
done
[ $ret -eq 0 ] && break
sleep 1
done
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
#
# If recursion is unrequested or unavailable, then cross-zone CNAME records
# should not be followed. If both requested and available, they should be.
#
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)"
ret=0
-$DIG $DIGOPTS +norec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
-grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
-grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +norec @10.53.0.1 www.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa;" dig.out.test$n >/dev/null || ret=1
+grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
+grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)"
ret=0
-$DIG $DIGOPTS +rec @10.53.0.1 www.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
-grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
-grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +rec @10.53.0.1 www.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa rd;" dig.out.test$n >/dev/null || ret=1
+grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
+grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS +norec @10.53.0.2 www.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 1," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
-grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
-grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +norec @10.53.0.2 www.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 1," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa ra;" dig.out.test$n >/dev/null || ret=1
+grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
+grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that cross-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 www.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
-grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1
-grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 www.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa rd ra;" dig.out.test$n >/dev/null || ret=1
+grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n >/dev/null || ret=1
+grep "server.example.net.*A.*10.53.0.100" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
#
# In-zone CNAME records should always be followed regardless of RD and RA.
#
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records return target data (rd=0/ra=0) ($n)"
ret=0
-$DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1
-grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
-grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa;" dig.out.test$n >/dev/null || ret=1
+grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
+grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)"
ret=0
-$DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1
-grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
-grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa rd;" dig.out.test$n >/dev/null || ret=1
+grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
+grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records return target data (rd=0/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1
-grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
-grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa ra;" dig.out.test$n >/dev/null || ret=1
+grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
+grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records return target data (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1
-grep "ANSWER: 2," dig.out.test$n > /dev/null || ret=1
-grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1
-grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1
-grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.2 inzone.example.com >dig.out.test$n || ret=1
+grep "ANSWER: 2," dig.out.test$n >/dev/null || ret=1
+grep "flags: qr aa rd ra;" dig.out.test$n >/dev/null || ret=1
+grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n >/dev/null || ret=1
+grep "a.example.com.*A.*10.53.0.1" dig.out.test$n >/dev/null || ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com > dig.out.test$n || ret=1
-grep 'ANSWER: 1,' dig.out.test$n > /dev/null || ret=1
-grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com >dig.out.test$n || ret=1
+grep 'ANSWER: 1,' dig.out.test$n >/dev/null || ret=1
+grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone CNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com > dig.out.test$n || ret=1
-grep 'ANSWER: 1,' dig.out.test$n > /dev/null || ret=1
-grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com >dig.out.test$n || ret=1
+grep 'ANSWER: 1,' dig.out.test$n >/dev/null || ret=1
+grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone DNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com > dig.out.test$n || ret=1
-grep 'ANSWER: 2,' dig.out.test$n > /dev/null || ret=1
-grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
-grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
-grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com >dig.out.test$n || ret=1
+grep 'ANSWER: 2,' dig.out.test$n >/dev/null || ret=1
+grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
+grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null && ret=1
+grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that in-zone DNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com > dig.out.test$n || ret=1
-grep 'ANSWER: 2,' dig.out.test$n > /dev/null || ret=1
-grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1
-grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n > /dev/null || ret=1
-grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1
-grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com >dig.out.test$n || ret=1
+grep 'ANSWER: 2,' dig.out.test$n >/dev/null || ret=1
+grep 'flags: qr aa rd ra;' dig.out.test$n >/dev/null || ret=1
+grep 'dname\.example\.com\..*DNAME.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$n >/dev/null || ret=1
+grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n >/dev/null && ret=1
+grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n >/dev/null && ret=1
[ $ret -eq 0 ] || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that CHAOS addresses are compared correctly ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos > dig.out.test$n
-lines=`wc -l < dig.out.test$n`
+$DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos >dig.out.test$n
+lines=$(wc -l $zonefile
+cat $infile ../ns2/dsset-example$TP ../ns2/dsset-bar$TP >$zonefile
zskact=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q $zone)
zskvanish=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q $zone)
@@ -35,20 +35,20 @@
ksksby=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q -P now -A now+15s -fk $zone)
kskrev=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q -R now+15s -fk $zone)
-keyfile_to_static_ds $ksksby > trusted.conf
+keyfile_to_static_ds $ksksby >trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
-keyfile_to_static_ds $kskrev > trusted.conf
+keyfile_to_static_ds $kskrev >trusted.conf
cp trusted.conf ../ns5/trusted.conf
-echo $zskact > ../active.key
-echo $zskvanish > ../vanishing.key
-echo $zskdel > ../del.key
-echo $zskinact > ../inact.key
-echo $zskunpub > ../unpub.key
-echo $zsknopriv > ../nopriv.key
-echo $zsksby > ../standby.key
-echo $zskactnowpub1d > ../activate-now-publish-1day.key
-$REVOKE -R $kskrev > ../rev.key
+echo $zskact >../active.key
+echo $zskvanish >../vanishing.key
+echo $zskdel >../del.key
+echo $zskinact >../inact.key
+echo $zskunpub >../unpub.key
+echo $zsknopriv >../nopriv.key
+echo $zsksby >../standby.key
+echo $zskactnowpub1d >../activate-now-publish-1day.key
+$REVOKE -R $kskrev >../rev.key
diff -Nru bind9-9.16.44/bin/tests/system/autosign/ns2/keygen.sh bind9-9.16.48/bin/tests/system/autosign/ns2/keygen.sh
--- bind9-9.16.44/bin/tests/system/autosign/ns2/keygen.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/autosign/ns2/keygen.sh 2024-02-11 11:31:39.000000000 +0000
@@ -15,52 +15,50 @@
. $SYSTEMTESTTOP/conf.sh
# Have the child generate subdomain keys and pass DS sets to us.
-( cd ../ns3 && $SHELL keygen.sh )
+(cd ../ns3 && $SHELL keygen.sh)
for subdomain in secure nsec3 autonsec3 optout rsasha256 rsasha512 \
- nsec3-to-nsec oldsigs sync dname-at-apex-nsec3 cds-delete \
- cdnskey-delete
-do
- cp ../ns3/dsset-$subdomain.example$TP .
+ nsec3-to-nsec oldsigs sync dname-at-apex-nsec3 cds-delete \
+ cdnskey-delete; do
+ cp ../ns3/dsset-$subdomain.example$TP .
done
# Create keys and pass the DS to the parent.
zone=example
zonefile="${zone}.db"
infile="${zonefile}.in"
-cat $infile dsset-*.example$TP > $zonefile
+cat $infile dsset-*.example$TP >$zonefile
kskname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q -fk $zone)
-$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone > /dev/null
-$DSFROMKEY $kskname.key > dsset-${zone}$TP
+$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone >/dev/null
+$DSFROMKEY $kskname.key >dsset-${zone}$TP
# Create keys for a private secure zone.
zone=private.secure.example
zonefile="${zone}.db"
infile="${zonefile}.in"
ksk=$($KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q -fk $zone)
-$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone > /dev/null
-keyfile_to_static_ds $ksk > private.conf
+$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone >/dev/null
+keyfile_to_static_ds $ksk >private.conf
cp private.conf ../ns4/private.conf
-$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile >/dev/null
# Extract saved keys for the revoke-to-duplicate-key test
zone=bar
zonefile="${zone}.db"
infile="${zonefile}.in"
-cat $infile > $zonefile
+cat $infile >$zonefile
for i in Xbar.+013+59973.key Xbar.+013+59973.private \
- Xbar.+013+60101.key Xbar.+013+60101.private
-do
- cp $i $(echo $i | sed s/X/K/)
+ Xbar.+013+60101.key Xbar.+013+60101.private; do
+ cp $i $(echo $i | sed s/X/K/)
done
-$KEYGEN -a ECDSAP256SHA256 -q $zone > /dev/null
-$DSFROMKEY Kbar.+013+60101.key > dsset-bar$TP
+$KEYGEN -a ECDSAP256SHA256 -q $zone >/dev/null
+$DSFROMKEY Kbar.+013+60101.key >dsset-bar$TP
# a zone with empty non-terminals.
zone=optout-with-ent
zonefile=optout-with-ent.db
infile=optout-with-ent.db.in
-cat $infile > $zonefile
+cat $infile >$zonefile
kskname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q -fk $zone)
-$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone > /dev/null
+$KEYGEN -a ${DEFAULT_ALGORITHM} -3 -q $zone >/dev/null
diff -Nru bind9-9.16.44/bin/tests/system/autosign/ns3/keygen.sh bind9-9.16.48/bin/tests/system/autosign/ns3/keygen.sh
--- bind9-9.16.44/bin/tests/system/autosign/ns3/keygen.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/autosign/ns3/keygen.sh 2024-02-11 11:31:39.000000000 +0000
@@ -16,43 +16,43 @@
SYSTESTDIR=autosign
-dumpit () {
- echo_d "${debug}: dumping ${1}"
- cat "${1}" | cat_d
+dumpit() {
+ echo_d "${debug}: dumping ${1}"
+ cat "${1}" | cat_d
}
-setup () {
- echo_i "setting up zone: $1"
- debug="$1"
- zone="$1"
- zonefile="${zone}.db"
- infile="${zonefile}.in"
- n=$((${n:-0} + 1))
+setup() {
+ echo_i "setting up zone: $1"
+ debug="$1"
+ zone="$1"
+ zonefile="${zone}.db"
+ infile="${zonefile}.in"
+ n=$((${n:-0} + 1))
}
setup secure.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# NSEC3/NSEC test zone
#
setup secure.nsec3.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# NSEC3/NSEC3 test zone
#
setup nsec3.nsec3.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# Jitter/NSEC3 test zone
@@ -60,10 +60,9 @@
setup jitter.nsec3.example
cp $infile $zonefile
count=1
-while [ $count -le 1000 ]
-do
- echo "label${count} IN TXT label${count}" >> $zonefile
- count=$((count + 1))
+while [ $count -le 1000 ]; do
+ echo "label${count} IN TXT label${count}" >>$zonefile
+ count=$((count + 1))
done
# Don't create keys just yet, because the scenario we want to test
# is an unsigned zone that has a NSEC3PARAM record added with
@@ -74,98 +73,100 @@
#
setup optout.nsec3.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A nsec3 zone (non-optout).
#
setup nsec3.example
-cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile dsset-*.${zone}$TP >$zonefile
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# An NSEC3 zone, with NSEC3 parameters set prior to signing
#
setup autonsec3.example
-cat $infile > $zonefile
-ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../autoksk.key
-zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../autozsk.key
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile >$zonefile
+ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../autoksk.key
+zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../autozsk.key
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# OPTOUT/NSEC test zone
#
setup secure.optout.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# OPTOUT/NSEC3 test zone
#
setup nsec3.optout.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# OPTOUT/OPTOUT test zone
#
setup optout.optout.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A optout nsec3 zone.
#
setup optout.example
-cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile dsset-*.${zone}$TP >$zonefile
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A RSASHA256 zone.
#
setup rsasha256.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA256 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a RSASHA256 -b 2048 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A RSASHA512 zone.
#
setup rsasha512.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA512 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 2048 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# NSEC-only zone. A zone using NSEC-only DNSSEC algorithms.
# None of these algorithms are supported for signing in FIPS mode
# as they are MD5 and SHA1 based.
#
-if (cd ..; SYSTEMTESTTOP=.. $SHELL ../testcrypto.sh -q RSASHA1)
-then
- setup nsec-only.example
- cp $infile $zonefile
- ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out) || dumpit kg.out
- $KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
- $DSFROMKEY $ksk.key > dsset-${zone}$TP
+if (
+ cd ..
+ SYSTEMTESTTOP=.. $SHELL ../testcrypto.sh -q RSASHA1
+); then
+ setup nsec-only.example
+ cp $infile $zonefile
+ ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2>kg.out) || dumpit kg.out
+ $KEYGEN -q -a RSASHA1 $zone >kg.out 2>&1 || dumpit kg.out
+ $DSFROMKEY $ksk.key >dsset-${zone}$TP
else
- echo_i "skip: nsec-only.example - signing with RSASHA1 not supported"
+ echo_i "skip: nsec-only.example - signing with RSASHA1 not supported"
fi
#
@@ -175,52 +176,51 @@
setup oldsigs.example
cp $infile $zonefile
count=1
-while [ $count -le 1000 ]
-do
- echo "label${count} IN TXT label${count}" >> $zonefile
- count=$((count + 1))
+while [ $count -le 1000 ]; do
+ echo "label${count} IN TXT label${count}" >>$zonefile
+ count=$((count + 1))
done
-$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile.signed $zonefile > s.out || dumpit s.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile.signed $zonefile >s.out || dumpit s.out
mv $zonefile.signed $zonefile
#
# NSEC3->NSEC transition test zone.
#
setup nsec3-to-nsec.example
-$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile >s.out || dumpit s.out
#
# secure-to-insecure transition test zone; used to test removal of
# keys via nsupdate
#
setup secure-to-insecure.example
-$KEYGEN -a $DEFAULT_ALGORITHM -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -a $DEFAULT_ALGORITHM -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -q $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -o $zone -f $zonefile $infile >s.out || dumpit s.out
#
# another secure-to-insecure transition test zone; used to test
# removal of keys on schedule.
#
setup secure-to-insecure2.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../del1.key
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../del2.key
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../del1.key
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../del2.key
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile >s.out || dumpit s.out
#
# Introducing a pre-published key test.
#
setup prepub.example
infile="secure-to-insecure2.example.db.in"
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile >s.out || dumpit s.out
#
# Key TTL tests.
@@ -228,46 +228,46 @@
# no default key TTL; DNSKEY should get SOA TTL
setup ttl1.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# default key TTL should be used
setup ttl2.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 60 $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone >kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# mismatched key TTLs, should use shortest
setup ttl3.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 30 $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone >kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# existing DNSKEY RRset, should retain TTL
setup ttl4.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
-cat ${infile} K${zone}.+*.key > $zonefile
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 180 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 30 -fk $zone >kg.out 2>&1 || dumpit kg.out
+cat ${infile} K${zone}.+*.key >$zonefile
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 180 $zone >kg.out 2>&1 || dumpit kg.out
#
# A zone with a DNSKEY RRset that is published before it's activated
#
setup delay.example
-ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../delayksk.key
-zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../delayzsk.key
+ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../delayksk.key
+zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../delayzsk.key
#
# A zone with signatures that are already expired, and the private KSK
# is missing.
#
setup noksk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../noksk-ksk.key
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../noksk-ksk.key
rm -f ${ksk}.private
#
@@ -275,11 +275,11 @@
# is missing.
#
setup nozsk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../nozsk-ksk.key
-echo $zsk > ../nozsk-zsk.key
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../nozsk-ksk.key
+echo $zsk >../nozsk-zsk.key
rm -f ${zsk}.private
#
@@ -287,77 +287,77 @@
# is inactive.
#
setup inaczsk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../inaczsk-ksk.key
-echo $zsk > ../inaczsk-zsk.key
-$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../inaczsk-ksk.key
+echo $zsk >../inaczsk-zsk.key
+$SETTIME -I now $zsk >st.out 2>&1 || dumpit st.out
#
# A zone that is set to 'auto-dnssec maintain' during a reconfig
#
setup reconf.example
cp secure.example.db.in $zonefile
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
#
# A zone which generates CDS and CDNSEY RRsets automatically
#
setup sync.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
-echo ns3/$ksk > ../sync.key
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
+echo ns3/$ksk >../sync.key
#
# A zone that generates CDS and CDNSKEY and uses dnssec-dnskey-kskonly
#
setup kskonly.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A zone that has a published inactive key that is autosigned.
#
setup inacksk2.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -Pnow -A now+3600 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -Pnow -A now+3600 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A zone that has a published inactive key that is autosigned.
#
setup inaczsk2.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A zone that starts with a active KSK + ZSK and a inactive ZSK.
#
setup inacksk3.example
cp $infile $zonefile
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 -fk $zone >kg.out 2>&1 || dumpit kg.out
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A zone that starts with a active KSK + ZSK and a inactive ZSK.
#
setup inaczsk3.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# A zone that starts with an active KSK + ZSK and an inactive ZSK, with the
@@ -365,28 +365,28 @@
#
setup delzsk.example
cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
zsk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -I now-1w $zone 2>kg.out) || dumpit kg.out
-echo $zsk > ../delzsk.key
+echo $zsk >../delzsk.key
#
# Check that NSEC3 are correctly signed and returned from below a DNAME
#
setup dname-at-apex-nsec3.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# Check that dynamically added CDS (DELETE) is kept in the zone after signing.
#
setup cds-delete.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
#
# Check that dynamically added CDNSKEY (DELETE) is kept in the zone after
@@ -394,6 +394,6 @@
#
setup cdnskey-delete.example
cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
diff -Nru bind9-9.16.44/bin/tests/system/autosign/ns3/named.conf.in bind9-9.16.48/bin/tests/system/autosign/ns3/named.conf.in
--- bind9-9.16.44/bin/tests/system/autosign/ns3/named.conf.in 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/autosign/ns3/named.conf.in 2024-02-11 11:31:39.000000000 +0000
@@ -167,6 +167,7 @@
type primary;
file "nsec3-to-nsec.example.db";
allow-update { any; };
+ max-journal-size 10M;
auto-dnssec maintain;
};
diff -Nru bind9-9.16.44/bin/tests/system/autosign/tests.sh bind9-9.16.48/bin/tests/system/autosign/tests.sh
--- bind9-9.16.44/bin/tests/system/autosign/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/autosign/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -21,11 +21,11 @@
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
# convert private-type records to readable form
-showprivate () {
- echo "-- $@ --"
- $DIG $DIGOPTS +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' |
- while read record; do
- $PERL -e 'my $rdata = pack("H*", @ARGV[0]);
+showprivate() {
+ echo "-- $@ --"
+ $DIG $DIGOPTS +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' \
+ | while read record; do
+ $PERL -e 'my $rdata = pack("H*", @ARGV[0]);
die "invalid record" unless length($rdata) == 5;
my ($alg, $key, $remove, $complete) = unpack("CnCC", $rdata);
my $action = "signing";
@@ -33,103 +33,99 @@
my $state = " (incomplete)";
$state = " (complete)" if $complete;
print ("$action: alg: $alg, key: $key$state\n");' $record
- done
+ done
}
# check that signing records are marked as complete
-checkprivate () {
- _ret=0
- expected="${3:-0}"
- x=$(showprivate "$@")
- echo $x | grep incomplete > /dev/null && _ret=1
-
- if [ $_ret = $expected ]; then
- return 0
- fi
-
- echo "$x"
- echo_i "failed"
- return 1
+checkprivate() {
+ _ret=0
+ expected="${3:-0}"
+ x=$(showprivate "$@")
+ echo $x | grep incomplete >/dev/null && _ret=1
+
+ if [ $_ret = $expected ]; then
+ return 0
+ fi
+
+ echo "$x"
+ echo_i "failed"
+ return 1
}
# wait until notifies for zone $1 are sent by server $2. This is an indication
# that the zone is signed with the active keys, and the changes have been
# committed.
-wait_for_notifies () {
- wait_for_log 10 "zone ${1}/IN: sending notifies" "${2}/named.run" || return 1
+wait_for_notifies() {
+ wait_for_log 10 "zone ${1}/IN: sending notifies" "${2}/named.run" || return 1
}
freq() {
- _file=$1
- # remove first and last line that has incomplete set and skews the distribution
- awk '$4 == "RRSIG" {print substr($9,1,8)}' < "$_file" | sort | uniq -c | sed '1d;$d'
+ _file=$1
+ # remove first and last line that has incomplete set and skews the distribution
+ awk '$4 == "RRSIG" {print substr($9,1,8)}' <"$_file" | sort | uniq -c | sed '1d;$d'
}
# Check the signatures expiration times. First check how many signatures
# there are in total ($rrsigs). Then see what the distribution of signature
# expiration times is ($expiretimes). Ignore the time part for a better
# modelled distribution.
-checkjitter () {
- _file=$1
- _ret=0
-
- if ! command -v bc >/dev/null 2>&1; then
- echo_i "skip: bc not available"
- return 0
- fi
-
- freq "$_file" | cat_i
- _expiretimes=$(freq "$_file" | awk '{print $1}')
-
- _count=0
- # Check if we have at least 4 days
- # This number has been tuned for `sig-validity-interval 10 2`, as
- # 1 signature expiration dates should be spread out across at most 8 (10-2) days
- # 2. we remove first and last day to remove frequency outlier, we are left with 6 (8-2) days
- # 3. we subtract two more days to allow test pass on day boundaries, etc. leaving us with 4 (6-2)
- for _num in $_expiretimes
- do
- _count=$((_count+1))
- done
- if [ "$_count" -lt 4 ]; then
- echo_i "error: not enough categories"
- return 1
- fi
-
- # Calculate mean
- _total=0
- for _num in $_expiretimes
- do
- _total=$((_total+_num))
- done
- _mean=$(($_total / $_count))
-
- # Calculate stddev
- _stddev=0
- for _num in $_expiretimes
- do
- _stddev=$(echo "$_stddev + (($_num - $_mean) * ($_num - $_mean))" | bc)
- done
- _stddev=$(echo "sqrt($_stddev/$_count)" | bc)
-
- # We expect the number of signatures not to exceed the mean +- 3 * stddev.
- _limit=$((_stddev*3))
- _low=$((_mean-_limit))
- _high=$((_mean+_limit))
- # Find outliers.
- echo_i "checking whether all frequencies fall into <$_low;$_high> range"
- for _num in $_expiretimes
- do
- if [ $_num -gt $_high ]; then
- echo_i "error: too many RRSIG records ($_num) in expiration bucket"
- _ret=1
- fi
- if [ $_num -lt $_low ]; then
- echo_i "error: too few RRSIG records ($_num) in expiration bucket"
- _ret=1
- fi
- done
+checkjitter() {
+ _file=$1
+ _ret=0
+
+ if ! command -v bc >/dev/null 2>&1; then
+ echo_i "skip: bc not available"
+ return 0
+ fi
+
+ freq "$_file" | cat_i
+ _expiretimes=$(freq "$_file" | awk '{print $1}')
+
+ _count=0
+ # Check if we have at least 4 days
+ # This number has been tuned for `sig-validity-interval 10 2`, as
+ # 1 signature expiration dates should be spread out across at most 8 (10-2) days
+ # 2. we remove first and last day to remove frequency outlier, we are left with 6 (8-2) days
+ # 3. we subtract two more days to allow test pass on day boundaries, etc. leaving us with 4 (6-2)
+ for _num in $_expiretimes; do
+ _count=$((_count + 1))
+ done
+ if [ "$_count" -lt 4 ]; then
+ echo_i "error: not enough categories"
+ return 1
+ fi
+
+ # Calculate mean
+ _total=0
+ for _num in $_expiretimes; do
+ _total=$((_total + _num))
+ done
+ _mean=$(($_total / $_count))
+
+ # Calculate stddev
+ _stddev=0
+ for _num in $_expiretimes; do
+ _stddev=$(echo "$_stddev + (($_num - $_mean) * ($_num - $_mean))" | bc)
+ done
+ _stddev=$(echo "sqrt($_stddev/$_count)" | bc)
+
+ # We expect the number of signatures not to exceed the mean +- 3 * stddev.
+ _limit=$((_stddev * 3))
+ _low=$((_mean - _limit))
+ _high=$((_mean + _limit))
+ # Find outliers.
+ echo_i "checking whether all frequencies fall into <$_low;$_high> range"
+ for _num in $_expiretimes; do
+ if [ $_num -gt $_high ]; then
+ echo_i "error: too many RRSIG records ($_num) in expiration bucket"
+ _ret=1
+ fi
+ if [ $_num -lt $_low ]; then
+ echo_i "error: too few RRSIG records ($_num) in expiration bucket"
+ _ret=1
+ fi
+ done
- return $_ret
+ return $_ret
}
#
@@ -140,34 +136,30 @@
#
echo_i "waiting for autosign changes to take effect"
i=0
-while [ $i -lt 30 ]
-do
- ret=0
- #
- # Wait for the root DNSKEY RRset to be fully signed.
- #
- $DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
- grep "ANSWER: 10," dig.out.ns1.test$n > /dev/null || ret=1
- for z in .
- do
- $DIG $DIGOPTS $z @10.53.0.1 nsec > dig.out.ns1.test$n || ret=1
- grep "NS SOA" dig.out.ns1.test$n > /dev/null || ret=1
- done
- for z in bar. example. private.secure.example. optout-with-ent.
- do
- $DIG $DIGOPTS $z @10.53.0.2 nsec > dig.out.ns2.test$n || ret=1
- grep "NS SOA" dig.out.ns2.test$n > /dev/null || ret=1
- done
- for z in bar. example. inacksk2.example. inacksk3.example \
- inaczsk2.example. inaczsk3.example noksk.example nozsk.example
- do
- $DIG $DIGOPTS $z @10.53.0.3 nsec > dig.out.ns3.test$n || ret=1
- grep "NS SOA" dig.out.ns3.test$n > /dev/null || ret=1
- done
- i=$((i + 1))
- if [ $ret = 0 ]; then break; fi
- echo_i "waiting ... ($i)"
- sleep 2
+while [ $i -lt 30 ]; do
+ ret=0
+ #
+ # Wait for the root DNSKEY RRset to be fully signed.
+ #
+ $DIG $DIGOPTS . @10.53.0.1 dnskey >dig.out.ns1.test$n || ret=1
+ grep "ANSWER: 10," dig.out.ns1.test$n >/dev/null || ret=1
+ for z in .; do
+ $DIG $DIGOPTS $z @10.53.0.1 nsec >dig.out.ns1.test$n || ret=1
+ grep "NS SOA" dig.out.ns1.test$n >/dev/null || ret=1
+ done
+ for z in bar. example. private.secure.example. optout-with-ent.; do
+ $DIG $DIGOPTS $z @10.53.0.2 nsec >dig.out.ns2.test$n || ret=1
+ grep "NS SOA" dig.out.ns2.test$n >/dev/null || ret=1
+ done
+ for z in bar. example. inacksk2.example. inacksk3.example \
+ inaczsk2.example. inaczsk3.example noksk.example nozsk.example; do
+ $DIG $DIGOPTS $z @10.53.0.3 nsec >dig.out.ns3.test$n || ret=1
+ grep "NS SOA" dig.out.ns3.test$n >/dev/null || ret=1
+ done
+ i=$((i + 1))
+ if [ $ret = 0 ]; then break; fi
+ echo_i "waiting ... ($i)"
+ sleep 2
done
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "done"; fi
@@ -177,20 +169,17 @@
($RNDCCMD 10.53.0.2 signing -nsec3param 1 1 1 - optout-with-ent 2>&1 | sed 's/^/ns2 /' | cat_i) || ret=1
echo_i "Initial counts of RRSIG expiry fields values for auto signed zones"
-for z in .
-do
- echo_i zone $z
- $DIG $DIGOPTS $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+for z in .; do
+ echo_i zone $z
+ $DIG $DIGOPTS $z @10.53.0.1 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
-for z in bar. example. private.secure.example.
-do
- echo_i zone $z
- $DIG $DIGOPTS $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+for z in bar. example. private.secure.example.; do
+ echo_i zone $z
+ $DIG $DIGOPTS $z @10.53.0.2 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
-for z in inacksk2.example. inacksk3.example inaczsk2.example. inaczsk3.example
-do
- echo_i zone $z
- $DIG $DIGOPTS $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
+for z in inacksk2.example. inacksk3.example inaczsk2.example. inaczsk3.example; do
+ echo_i zone $z
+ $DIG $DIGOPTS $z @10.53.0.3 axfr | awk '$4 == "RRSIG" {print $9}' | sort | uniq -c | cat_i
done
# Set logfile offset for wait_for_log usage.
@@ -204,14 +193,14 @@
echo_ic "is initially signed with a KSK and not a ZSK. ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n
-zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}')
-grep "DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 " dig.out.ns3.test$n > /dev/null || ret=1
+zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}')
+grep "DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 " dig.out.ns3.test$n >/dev/null || ret=1
pattern="DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 [0-9]* [0-9]* [0-9]* ${zskid} "
-grep "${pattern}" dig.out.ns3.test$n > /dev/null && ret=1
+grep "${pattern}" dig.out.ns3.test$n >/dev/null && ret=1
count=$(awk 'BEGIN { count = 0 }
$4 == "RRSIG" && $5 == "DNSKEY" { count++ }
@@ -227,7 +216,7 @@
id=$(awk "${awk}" dig.out.ns3.test$n)
keyfile=$(printf "ns3/Kinacksk3.example.+%03u+%s" "${DEFAULT_ALGORITHM_NUMBER}" "${id}")
-$SETTIME -D now+5 "${keyfile}" > settime.out.test$n || ret=1
+$SETTIME -D now+5 "${keyfile}" >settime.out.test$n || ret=1
($RNDCCMD 10.53.0.3 loadkeys inacksk3.example 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
n=$((n + 1))
@@ -241,11 +230,11 @@
echo_ic "resigned after the active ZSK is deleted - stage 1: Verify that zone"
echo_ic "is initially signed with a ZSK and not a KSK. ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
-kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}' )
-grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 " dig.out.ns3.test$n > /dev/null || ret=1
-grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n
+kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}')
+grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 " dig.out.ns3.test$n >/dev/null || ret=1
+grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n >/dev/null && ret=1
count=$(awk 'BEGIN { count = 0 }
$4 == "RRSIG" && $5 == "CNAME" { count++ }
END {print count}' dig.out.ns3.test$n)
@@ -257,7 +246,7 @@
id=$(awk '$4 == "RRSIG" && $5 == "CNAME" { printf "%05u\n", $11 }' dig.out.ns3.test$n)
keyfile=$(printf "ns3/Kinaczsk3.example.+%03u+%s" "${DEFAULT_ALGORITHM_NUMBER}" "${id}")
-$SETTIME -D now+5 "${keyfile}" > settime.out.test$n || ret=1
+$SETTIME -D now+5 "${keyfile}" >settime.out.test$n || ret=1
($RNDCCMD 10.53.0.3 loadkeys inaczsk3.example 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -266,24 +255,24 @@
echo_i "checking NSEC->NSEC3 conversion prerequisites ($n)"
ret=0
# these commands should result in an empty file:
-$DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
-grep "NSEC3PARAM" dig.out.ns3.1.test$n > /dev/null && ret=1
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
-grep "NSEC3PARAM" dig.out.ns3.2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.1.test$n || ret=1
+grep "NSEC3PARAM" dig.out.ns3.1.test$n >/dev/null && ret=1
+$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.2.test$n || ret=1
+grep "NSEC3PARAM" dig.out.ns3.2.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking NSEC3->NSEC conversion prerequisites ($n)"
ret=0
-$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1
-grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 >dig.out.ns3.test$n || ret=1
+grep "NSEC3PARAM" dig.out.ns3.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "converting zones from nsec to nsec3"
-$NSUPDATE > /dev/null 2>&1 </dev/null 2>&1 < nsupdate.out 2>&1 <nsupdate.out 2>&1 < dig.out.ns3.test$n || ret=1
-grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.test$n || ret=1
+grep "NSEC3PARAM" dig.out.ns3.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking for nsec3param signing record ($n)"
ret=0
-$RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
-grep "Pending NSEC3 chain 1 0 20 DEAF" signing.out.test$n > /dev/null || ret=1
+$RNDCCMD 10.53.0.3 signing -list autonsec3.example. >signing.out.test$n 2>&1
+grep "Pending NSEC3 chain 1 0 20 DEAF" signing.out.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "resetting nsec3param via rndc signing ($n)"
ret=0
-$RNDCCMD 10.53.0.3 signing -clear all autonsec3.example. > /dev/null 2>&1
-$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 beef autonsec3.example. > /dev/null 2>&1
+$RNDCCMD 10.53.0.3 signing -clear all autonsec3.example. >/dev/null 2>&1
+$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 beef autonsec3.example. >/dev/null 2>&1
for i in 0 1 2 3 4 5 6 7 8 9; do
- ret=0
- $RNDCCMD 10.53.0.3 signing -list autonsec3.example. > signing.out.test$n 2>&1
- grep "Pending NSEC3 chain 1 1 10 BEEF" signing.out.test$n > /dev/null || ret=1
- num=$(grep "Pending " signing.out.test$n | wc -l)
- [ $num -eq 1 ] || ret=1
- [ $ret -eq 0 ] && break
- echo_i "waiting ... ($i)"
- sleep 2
+ ret=0
+ $RNDCCMD 10.53.0.3 signing -list autonsec3.example. >signing.out.test$n 2>&1
+ grep "Pending NSEC3 chain 1 1 10 BEEF" signing.out.test$n >/dev/null || ret=1
+ num=$(grep "Pending " signing.out.test$n | wc -l)
+ [ $num -eq 1 ] || ret=1
+ [ $ret -eq 0 ] && break
+ echo_i "waiting ... ($i)"
+ sleep 2
done
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -358,15 +346,15 @@
echo_i "signing preset nsec3 zone"
zsk=$(cat autozsk.key)
ksk=$(cat autoksk.key)
-$SETTIME -K ns3 -P now -A now $zsk > settime.out.test$n.zsk || ret=1
-$SETTIME -K ns3 -P now -A now $ksk > settime.out.test$n.ksk || ret=1
+$SETTIME -K ns3 -P now -A now $zsk >settime.out.test$n.zsk || ret=1
+$SETTIME -K ns3 -P now -A now $ksk >settime.out.test$n.ksk || ret=1
($RNDCCMD 10.53.0.3 loadkeys autonsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
echo_i "waiting for changes to take effect"
sleep 3
echo_i "converting zone from nsec3 to nsec"
-$NSUPDATE > /dev/null 2>&1 << END || status=1
+$NSUPDATE >/dev/null 2>&1 < dig.out.test$n
- nearest_expiration="$(awk '$4 == "RRSIG" { print $9 }' < dig.out.test$n | sort -n | head -1)"
- if [ "$nearest_expiration" -le "$now" ]; then
- echo_i "failed: $nearest_expiration <= $now"
- return 1
- fi
+ $DIG $DIGOPTS AXFR oldsigs.example @10.53.0.3 >dig.out.test$n
+ nearest_expiration="$(awk '$4 == "RRSIG" { print $9 }' dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -455,7 +443,7 @@
# Check jitter distribution.
echo_i "checking expired signatures were jittered correctly ($n)"
ret=0
-$DIG $DIGOPTS axfr oldsigs.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS axfr oldsigs.example @10.53.0.3 >dig.out.ns3.test$n || ret=1
checkjitter dig.out.ns3.test$n || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -463,38 +451,37 @@
echo_i "checking NSEC->NSEC3 conversion succeeded ($n)"
ret=0
-$DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
-grep "status: NOERROR" dig.out.ns3.ok.test$n > /dev/null || ret=1
-$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.ok.test$n || ret=1
+grep "status: NOERROR" dig.out.ns3.ok.test$n >/dev/null || ret=1
+$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.nsec3.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking direct NSEC3 autosigning succeeded ($n)"
ret=0
-$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
-[ -s dig.out.ns3.ok.test$n ] || ret=1
-grep "NSEC3PARAM" dig.out.ns3.ok.test$n > /dev/null || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.ok.test$n || ret=1
+[ -s dig.out.ns3.ok.test$n ] || ret=1
+grep "NSEC3PARAM" dig.out.ns3.ok.test$n >/dev/null || ret=1
+$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking NSEC->NSEC3 conversion failed with NSEC-only key ($n)"
ret=0
-if $SHELL ../testcrypto.sh -q RSASHA1
-then
- grep "failed: REFUSED" nsupdate.out > /dev/null || ret=1
+if $SHELL ../testcrypto.sh -q RSASHA1; then
+ grep "failed: REFUSED" nsupdate.out >/dev/null || ret=1
else
- echo_i "skip: RSASHA1 not supported"
+ echo_i "skip: RSASHA1 not supported"
fi
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -503,39 +490,39 @@
echo_i "checking NSEC3->NSEC conversion succeeded ($n)"
ret=0
# this command should result in an empty file:
-$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || ret=1
-grep "NSEC3PARAM" dig.out.ns3.nx.test$n > /dev/null && ret=1
-$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noall +answer nsec3-to-nsec.example. nsec3param @10.53.0.3 >dig.out.ns3.nx.test$n || ret=1
+grep "NSEC3PARAM" dig.out.ns3.nx.test$n >/dev/null && ret=1
+$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.nsec3-to-nsec.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' ($n)"
ret=0
-$RNDCCMD 10.53.0.3 signing -nsec3param none autonsec3.example. > /dev/null 2>&1
+$RNDCCMD 10.53.0.3 signing -nsec3param none autonsec3.example. >/dev/null 2>&1
# this command should result in an empty file:
no_nsec3param() (
- $DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.nx.test$n || return 1
- grep "NSEC3PARAM" dig.out.ns3.nx.test$n > /dev/null && return 1
- return 0
+ $DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 >dig.out.ns3.nx.test$n || return 1
+ grep "NSEC3PARAM" dig.out.ns3.nx.test$n >/dev/null && return 1
+ return 0
)
retry_quiet 10 no_nsec3param || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking TTLs of imported DNSKEYs (no default) ($n)"
ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
[ -s dig.out.ns3.test$n ] || ret=1
(awk 'BEGIN {r=0} $2 != 300 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n | cat_i) || ret=1
n=$((n + 1))
@@ -544,7 +531,7 @@
echo_i "checking TTLs of imported DNSKEYs (with default) ($n)"
ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
[ -s dig.out.ns3.test$n ] || ret=1
(awk 'BEGIN {r=0} $2 != 60 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n | cat_i) || ret=1
n=$((n + 1))
@@ -553,7 +540,7 @@
echo_i "checking TTLs of imported DNSKEYs (mismatched) ($n)"
ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
[ -s dig.out.ns3.test$n ] || ret=1
(awk 'BEGIN {r=0} $2 != 30 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n | cat_i) || ret=1
n=$((n + 1))
@@ -562,7 +549,7 @@
echo_i "checking TTLs of imported DNSKEYs (existing RRset) ($n)"
ret=0
-$DIG $DIGOPTS +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
[ -s dig.out.ns3.test$n ] || ret=1
(awk 'BEGIN {r=0} $2 != 30 {r=1; print "found TTL " $2} END {exit r}' dig.out.ns3.test$n | cat_i) || ret=1
n=$((n + 1))
@@ -571,10 +558,10 @@
echo_i "checking positive validation NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -582,11 +569,11 @@
echo_i "checking positive validation NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -594,22 +581,22 @@
echo_i "checking positive validation OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking negative validation NXDOMAIN NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth q.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth q.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth q.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth q.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -617,12 +604,12 @@
echo_i "checking negative validation NXDOMAIN NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth q.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth q.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -630,25 +617,25 @@
echo_i "checking negative validation NXDOMAIN OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth q.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth q.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking negative validation NODATA NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
-$DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.2 txt >dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.example. @10.53.0.4 txt >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -656,13 +643,13 @@
echo_i "checking negative validation NODATA NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 txt >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 txt >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -670,13 +657,13 @@
echo_i "checking negative validation NODATA OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.3 txt > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 txt >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.4 txt > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 txt >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -685,12 +672,12 @@
echo_i "checking 1-server insecurity proof NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.insecure.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -698,13 +685,13 @@
echo_i "checking 1-server negative insecurity proof NSEC ($n)"
ret=0
$DIG $DIGOPTS q.insecure.example. a @10.53.0.3 \
- > dig.out.ns3.test$n || ret=1
+ >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS q.insecure.example. a @10.53.0.4 \
- > dig.out.ns4.test$n || ret=1
+ >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -714,12 +701,12 @@
echo_i "checking multi-stage positive validation NSEC/NSEC ($n)"
ret=0
$DIG $DIGOPTS +noauth a.secure.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.secure.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -727,12 +714,12 @@
echo_i "checking multi-stage positive validation NSEC/NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -740,12 +727,12 @@
echo_i "checking multi-stage positive validation NSEC/OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -753,12 +740,12 @@
echo_i "checking multi-stage positive validation NSEC3/NSEC ($n)"
ret=0
$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.secure.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -766,12 +753,12 @@
echo_i "checking multi-stage positive validation NSEC3/NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.nsec3.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -779,12 +766,12 @@
echo_i "checking multi-stage positive validation NSEC3/OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.optout.nsec3.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -792,12 +779,12 @@
echo_i "checking multi-stage positive validation OPTOUT/NSEC ($n)"
ret=0
$DIG $DIGOPTS +noauth a.secure.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.secure.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -805,12 +792,12 @@
echo_i "checking multi-stage positive validation OPTOUT/NSEC3 ($n)"
ret=0
$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.nsec3.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -818,12 +805,12 @@
echo_i "checking multi-stage positive validation OPTOUT/OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth a.optout.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.optout.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -831,11 +818,11 @@
echo_i "checking empty NODATA OPTOUT ($n)"
ret=0
$DIG $DIGOPTS +noauth empty.optout.example. \
- @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+ @10.53.0.3 a >dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth empty.optout.example. \
- @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+ @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
#grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -846,13 +833,13 @@
echo_i "checking 2-server insecurity proof ($n)"
ret=0
$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.2 a \
- > dig.out.ns2.test$n || ret=1
+ >dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth a.insecure.secure.example. @10.53.0.4 a \
- > dig.out.ns4.test$n || ret=1
+ >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -861,43 +848,43 @@
echo_i "checking 2-server insecurity proof with a negative answer ($n)"
ret=0
-$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
- || ret=1
-$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
- || ret=1
+$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a >dig.out.ns2.test$n \
+ || ret=1
+$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a >dig.out.ns4.test$n \
+ || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking security root query ($n)"
ret=0
-$DIG $DIGOPTS . @10.53.0.4 key > dig.out.ns4.test$n || ret=1
-grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS . @10.53.0.4 key >dig.out.ns4.test$n || ret=1
+grep "NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking positive validation RSASHA256 NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.rsasha256.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking positive validation RSASHA512 NSEC ($n)"
ret=0
-$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noauth a.rsasha512.example. @10.53.0.4 a >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -905,12 +892,12 @@
echo_i "checking that positive validation in a privately secure zone works ($n)"
ret=0
$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.2 \
- > dig.out.ns2.test$n || ret=1
+ >dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth a.private.secure.example. a @10.53.0.4 \
- > dig.out.ns4.test$n || ret=1
+ >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+grep "NOERROR" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -918,22 +905,22 @@
echo_i "checking that negative validation in a privately secure zone works ($n)"
ret=0
$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.2 \
- > dig.out.ns2.test$n || ret=1
+ >dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth q.private.secure.example. a @10.53.0.4 \
- > dig.out.ns4.test$n || ret=1
+ >dig.out.ns4.test$n || ret=1
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
-grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+grep "NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
# Note - this is looking for failure, hence the &&
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking privately secure to nxdomain works ($n)"
ret=0
-$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 > dig.out.ns4.test$n || ret=1
-grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 >dig.out.ns4.test$n || ret=1
+grep "NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -943,9 +930,9 @@
echo_i "checking that validation returns insecure due to revoked trusted key ($n)"
ret=0
-$DIG $DIGOPTS example. soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
-grep "flags:.*; QUERY" dig.out.ns5.test$n > /dev/null || ret=1
-grep "flags:.* ad.*; QUERY" dig.out.ns5.test$n > /dev/null && ret=1
+$DIG $DIGOPTS example. soa @10.53.0.5 >dig.out.ns5.test$n || ret=1
+grep "flags:.*; QUERY" dig.out.ns5.test$n >/dev/null || ret=1
+grep "flags:.* ad.*; QUERY" dig.out.ns5.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -953,8 +940,8 @@
echo_i "checking that revoked key is present ($n)"
ret=0
id=$(cat rev.key)
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +multi dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -962,8 +949,8 @@
echo_i "checking that revoked key self-signs ($n)"
ret=0
id=$(cat rev.key)
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -971,8 +958,8 @@
echo_i "checking for unpublished key ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat unpub.key)")
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +multi dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -980,8 +967,8 @@
echo_i "checking for activated but unpublished key ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat activate-now-publish-1day.key)")
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +multi dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -989,8 +976,8 @@
echo_i "checking that standby key does not sign records ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat standby.key)")
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -998,8 +985,8 @@
echo_i "checking that deactivated key does not sign records ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat inact.key)")
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1009,7 +996,7 @@
id=$(keyfile_to_key_id "$(cat nopriv.key)")
file="ns1/$(cat nopriv.key).key"
keydata=$(grep DNSKEY $file)
-$NSUPDATE > /dev/null 2>&1 </dev/null 2>&1 < dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1026,27 +1013,27 @@
echo_i "checking key deletion ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat del.key)")
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +multi dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking secure-to-insecure transition, nsupdate ($n)"
ret=0
-$NSUPDATE > /dev/null 2>&1 </dev/null 2>&1 < dig.out.ns3.test$n || ret=1
- grep -E '(RRSIG|DNSKEY|NSEC)' dig.out.ns3.test$n > /dev/null && ret=1
- [ $ret -eq 0 ] && break
- echo_i "waiting ... ($i)"
- sleep 2
+ ret=0
+ $DIG $DIGOPTS axfr secure-to-insecure.example @10.53.0.3 >dig.out.ns3.test$n || ret=1
+ grep -E '(RRSIG|DNSKEY|NSEC)' dig.out.ns3.test$n >/dev/null && ret=1
+ [ $ret -eq 0 ] && break
+ echo_i "waiting ... ($i)"
+ sleep 2
done
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1055,17 +1042,17 @@
echo_i "checking secure-to-insecure transition, scheduled ($n)"
ret=0
file="ns3/$(cat del1.key).key"
-$SETTIME -I now -D now $file > settime.out.test$n.1 || ret=1
+$SETTIME -I now -D now $file >settime.out.test$n.1 || ret=1
file="ns3/$(cat del2.key).key"
-$SETTIME -I now -D now $file > settime.out.test$n.2 || ret=1
+$SETTIME -I now -D now $file >settime.out.test$n.2 || ret=1
($RNDCCMD 10.53.0.3 sign secure-to-insecure2.example. 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
for i in 0 1 2 3 4 5 6 7 8 9; do
- ret=0
- $DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
- grep -E '(RRSIG|DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1
- [ $ret -eq 0 ] && break
- echo_i "waiting ... ($i)"
- sleep 2
+ ret=0
+ $DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 >dig.out.ns3.test$n || ret=1
+ grep -E '(RRSIG|DNSKEY|NSEC3)' dig.out.ns3.test$n >/dev/null && ret=1
+ [ $ret -eq 0 ] && break
+ echo_i "waiting ... ($i)"
+ sleep 2
done
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1074,7 +1061,7 @@
echo_i "checking jitter in a newly signed NSEC3 zone ($n)"
ret=0
# Use DNS UPDATE to add an NSEC3PARAM record into the zone.
-$NSUPDATE > nsupdate.out.test$n 2>&1 <nsupdate.out.test$n 2>&1 < /dev/null
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -K ns3 jitter.nsec3.example >/dev/null
# Trigger zone signing.
($RNDCCMD 10.53.0.3 sign jitter.nsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
# Wait until zone has been signed.
check_if_nsec3param_exists() {
- $DIG $DIGOPTS NSEC3PARAM jitter.nsec3.example @10.53.0.3 > dig.out.ns3.1.test$n || return 1
- grep -q "^jitter\.nsec3\.example\..*NSEC3PARAM" dig.out.ns3.1.test$n || return 1
+ $DIG $DIGOPTS NSEC3PARAM jitter.nsec3.example @10.53.0.3 >dig.out.ns3.1.test$n || return 1
+ grep -q "^jitter\.nsec3\.example\..*NSEC3PARAM" dig.out.ns3.1.test$n || return 1
}
retry_quiet 40 check_if_nsec3param_exists || {
- echo_i "error: NSEC3PARAM not present yet"
- ret=1
+ echo_i "error: NSEC3PARAM not present yet"
+ ret=1
}
-$DIG $DIGOPTS AXFR jitter.nsec3.example @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
+$DIG $DIGOPTS AXFR jitter.nsec3.example @10.53.0.3 >dig.out.ns3.2.test$n || ret=1
# Check jitter distribution.
checkjitter dig.out.ns3.2.test$n || ret=1
n=$((n + 1))
@@ -1106,17 +1093,16 @@
oldserial=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}')
oldinception=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u)
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example >/dev/null
($RNDCCMD 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/ns1 /' | cat_i) || ret=1
newserial=$oldserial
try=0
-while [ $oldserial -eq $newserial -a $try -lt 42 ]
-do
- newserial=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 |
- awk '$0 !~ /SOA/ {print $3}')
- sleep 1
- try=$((try + 1))
+while [ $oldserial -eq $newserial -a $try -lt 42 ]; do
+ newserial=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 \
+ | awk '$0 !~ /SOA/ {print $3}')
+ sleep 1
+ try=$((try + 1))
done
newinception=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u)
#echo "$oldserial : $newserial"
@@ -1139,8 +1125,8 @@
oldid=$(keyfile_to_key_id "$(cat active.key)")
newfile=$(cat standby.key)
newid=$(keyfile_to_key_id "$(cat standby.key)")
-$SETTIME -K ns1 -I now+2s -D now+25 $oldfile > settime.out.test$n.1 || ret=1
-$SETTIME -K ns1 -i 0 -S $oldfile $newfile > settime.out.test$n.2 || ret=1
+$SETTIME -K ns1 -I now+2s -D now+25 $oldfile >settime.out.test$n.1 || ret=1
+$SETTIME -K ns1 -i 0 -S $oldfile $newfile >settime.out.test$n.2 || ret=1
# note previous zone serial number
oldserial=$($DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}')
@@ -1149,7 +1135,7 @@
sleep 4
echo_i "revoking key to duplicated key ID"
-$SETTIME -R now -K ns2 Kbar.+013+59973.key > settime.out.test$n.3 || ret=1
+$SETTIME -R now -K ns2 Kbar.+013+59973.key >settime.out.test$n.3 || ret=1
($RNDCCMD 10.53.0.2 loadkeys bar. 2>&1 | sed 's/^/ns2 /' | cat_i) || ret=1
@@ -1158,17 +1144,17 @@
echo_i "checking former standby key $newid is now active ($n)"
ret=0
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking former standby key has only signed incrementally ($n)"
ret=0
-$DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
-grep 'RRSIG.*'" $oldid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS txt . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n >/dev/null && ret=1
+grep 'RRSIG.*'" $oldid "'\. ' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1183,9 +1169,8 @@
checkprivate nsec3.nsec3.example 10.53.0.3 || ret=1
checkprivate nsec3.optout.example 10.53.0.3 || ret=1
checkprivate nsec3-to-nsec.example 10.53.0.3 || ret=1
-if $SHELL ../testcrypto.sh -q RSASHA1
-then
- checkprivate nsec-only.example 10.53.0.3 || ret=1
+if $SHELL ../testcrypto.sh -q RSASHA1; then
+ checkprivate nsec-only.example 10.53.0.3 || ret=1
fi
checkprivate oldsigs.example 10.53.0.3 || ret=1
checkprivate optout.example 10.53.0.3 || ret=1
@@ -1214,8 +1199,8 @@
echo_i "checking former standby key has now signed fully ($n)"
ret=0
-$DIG $DIGOPTS txt . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS txt . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $newid "'\. ' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1233,11 +1218,11 @@
zsk=$(cat delayzsk.key)
ksk=$(cat delayksk.key)
# publication and activation times should be unset
-$SETTIME -K ns3 -pA -pP $zsk > settime.out.test$n.zsk || ret=1
+$SETTIME -K ns3 -pA -pP $zsk >settime.out.test$n.zsk || ret=1
grep -v UNSET settime.out.test$n.zsk >/dev/null && ret=1
-$SETTIME -K ns3 -pA -pP $ksk > settime.out.test$n.ksk || ret=1
+$SETTIME -K ns3 -pA -pP $ksk >settime.out.test$n.ksk || ret=1
grep -v UNSET settime.out.test$n.ksk >/dev/null && ret=1
-$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
# DNSKEY not expected:
awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n && ret=1
n=$((n + 1))
@@ -1248,14 +1233,14 @@
ret=0
# Ensure initial zone is loaded.
wait_for_notifies "delay.example" "ns3" || ret=1
-$SETTIME -K ns3 -P now+3s -A none $zsk > settime.out.test$n.zsk || ret=1
-$SETTIME -K ns3 -P now+3s -A none $ksk > settime.out.test$n.ksk || ret=1
+$SETTIME -K ns3 -P now+3s -A none $zsk >settime.out.test$n.zsk || ret=1
+$SETTIME -K ns3 -P now+3s -A none $ksk >settime.out.test$n.ksk || ret=1
($RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i) || ret=1
echo_i "waiting for changes to take effect"
sleep 3
wait_for_notifies "delay.example" "ns3" || ret=1
-$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 >dig.out.ns3.test$n || ret=1
# DNSKEY expected:
awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.test$n || ret=1
# RRSIG not expected:
@@ -1266,19 +1251,19 @@
echo_i "checking scheduled key activation ($n)"
ret=0
-$SETTIME -K ns3 -A now+3s $zsk > settime.out.test$n.zsk || ret=1
-$SETTIME -K ns3 -A now+3s $ksk > settime.out.test$n.ksk || ret=1
+$SETTIME -K ns3 -A now+3s $zsk >settime.out.test$n.zsk || ret=1
+$SETTIME -K ns3 -A now+3s $ksk >settime.out.test$n.ksk || ret=1
($RNDCCMD 10.53.0.3 loadkeys delay.example. 2>&1 | sed 's/^/ns2 /' | cat_i) || ret=1
echo_i "waiting for changes to take effect"
sleep 3
wait_for_log 10 "add delay\.example\..*NSEC.a\.delay\.example\. NS SOA RRSIG NSEC DNSKEY" ns3/named.run
check_is_signed() {
- $DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 > dig.out.ns3.1.test$n || return 1
+ $DIG $DIGOPTS +noall +answer dnskey delay.example. @10.53.0.3 >dig.out.ns3.1.test$n || return 1
# DNSKEY expected:
awk 'BEGIN {r=1} $4=="DNSKEY" {r=0} END {exit r}' dig.out.ns3.1.test$n || return 1
# RRSIG expected:
awk 'BEGIN {r=1} $4=="RRSIG" {r=0} END {exit r}' dig.out.ns3.1.test$n || return 1
- $DIG $DIGOPTS +noall +answer a a.delay.example. @10.53.0.3 > dig.out.ns3.2.test$n || return 1
+ $DIG $DIGOPTS +noall +answer a a.delay.example. @10.53.0.3 >dig.out.ns3.2.test$n || return 1
# A expected:
awk 'BEGIN {r=1} $4=="A" {r=0} END {exit r}' dig.out.ns3.2.test$n || return 1
# RRSIG expected:
@@ -1298,12 +1283,15 @@
now=$($PERL -e 'print time(), "\n";')
sleep=$((starttime + 29 - now))
case $sleep in
--*|0);;
-*) echo_i "waiting for timer to have activated"; sleep $sleep;;
+ -* | 0) ;;
+ *)
+ echo_i "waiting for timer to have activated"
+ sleep $sleep
+ ;;
esac
ret=0
-$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep '; key id = '"$oldid"'$' dig.out.ns1.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +multi dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep '; key id = '"$oldid"'$' dig.out.ns1.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1311,8 +1299,8 @@
echo_i "checking private key file removal caused no immediate harm ($n)"
ret=0
id=$(keyfile_to_key_id "$(cat vanishing.key)")
-$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS dnskey . @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1321,12 +1309,12 @@
ret=0
id=59973
rid=60101
-$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || ret=1
-grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null && ret=1
+$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 >dig.out.ns2.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns2.test$n >/dev/null && ret=1
keys=$(grep '; key id = '"$rid"'$' dig.out.ns2.test$n | wc -l)
test $keys -eq 2 || ret=1
-$DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || ret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS dnskey bar @10.53.0.4 >dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1344,10 +1332,10 @@
# this confirms that key events are never scheduled more than
# 'dnssec-loadkeys-interval' minutes in the future, and that the
# event scheduled is within 10 seconds of expected interval.
-check_interval () {
- awk '/next key event/ {print $2 ":" $9}' $1/named.run |
- sed -e 's/\.//g' -e 's/:0\{1,4\}/:/g' |
- awk -F: '
+check_interval() {
+ awk '/next key event/ {print $2 ":" $9}' $1/named.run \
+ | sed -e 's/\.//g' -e 's/:0\{1,4\}/:/g' \
+ | awk -F: '
{
x = ($6+ $5*60000 + $4*3600000) - ($3+ $2*60000 + $1*3600000);
# abs(x) < 1000 ms treat as 'now'
@@ -1365,7 +1353,7 @@
exit (1);
}
END { if (int(x) > int(interval) || int(x) < int(interval-10)) exit(1) }' interval=$2
- return $?
+ return $?
}
echo_i "checking automatic key reloading interval ($n)"
@@ -1391,8 +1379,8 @@
ret=0
chmod 0 ns1/K.+*+*.key ns1/K.+*+*.private || ret=1
($RNDCCMD 10.53.0.1 sign . 2>&1 | sed 's/^/ns1 /' | cat_i) || ret=1
-$DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
-grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS . @10.53.0.1 dnskey >dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1407,12 +1395,12 @@
($RNDCCMD 10.53.0.3 modzone reconf.example '{ type primary; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
rndc_reconfig ns3 10.53.0.3
for i in 0 1 2 3 4 5 6 7 8 9; do
- lret=0
- rekey_calls=$(grep "zone reconf.example.*next key event" ns3/named.run | wc -l)
- [ "$rekey_calls" -gt 0 ] || lret=1
- if [ "$lret" -eq 0 ]; then break; fi
- echo_i "waiting ... ($i)"
- sleep 1
+ lret=0
+ rekey_calls=$(grep "zone reconf.example.*next key event" ns3/named.run | wc -l)
+ [ "$rekey_calls" -gt 0 ] || lret=1
+ if [ "$lret" -eq 0 ]; then break; fi
+ echo_i "waiting ... ($i)"
+ sleep 1
done
n=$((n + 1))
if [ "$lret" != 0 ]; then ret=$lret; fi
@@ -1421,19 +1409,19 @@
echo_i "test CDS and CDNSKEY auto generation ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
-grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n > /dev/null || ret=1
-grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n
+grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n >/dev/null || ret=1
+grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example dnskey > dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey > dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cds > dig.out.ns3.cdstest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example dnskey >dig.out.ns3.dnskeytest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n
lines=$(awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l)
test ${lines:-0} -eq 2 || ret=1
lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l)
@@ -1446,9 +1434,9 @@
echo_i "test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey > dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey > dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cds > dig.out.ns3.cdstest$n
+$DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey >dig.out.ns3.dnskeytest$n
+$DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey >dig.out.ns3.cdnskeytest$n
+$DIG $DIGOPTS @10.53.0.3 kskonly.example cds >dig.out.ns3.cdstest$n
lines=$(awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l)
test ${lines:-0} -eq 1 || ret=1
lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l)
@@ -1460,16 +1448,16 @@
status=$((status + ret))
echo_i "setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'"
-$SETTIME -D sync now $(cat sync.key) > settime.out.test$n || ret=1
+$SETTIME -D sync now $(cat sync.key) >settime.out.test$n || ret=1
($RNDCCMD 10.53.0.3 loadkeys sync.example | sed 's/^/ns3 /' | cat_i) || ret=1
echo_i "checking that the CDS and CDNSKEY are deleted ($n)"
ret=0
ensure_cds_and_cdnskey_are_deleted() {
- $DIG $DIGOPTS @10.53.0.3 sync.example. CDS > dig.out.ns3.cdstest$n || return 1
- awk '$1 == "sync.example." && $4 == "CDS" { exit 1; }' dig.out.ns3.cdstest$n || return 1
- $DIG $DIGOPTS @10.53.0.3 sync.example. CDNSKEY > dig.out.ns3.cdnskeytest$n || return 1
- awk '$1 == "sync.example." && $4 == "CDNSKEY" { exit 1; }' dig.out.ns3.cdnskeytest$n || return 1
+ $DIG $DIGOPTS @10.53.0.3 sync.example. CDS >dig.out.ns3.cdstest$n || return 1
+ awk '$1 == "sync.example." && $4 == "CDS" { exit 1; }' dig.out.ns3.cdstest$n || return 1
+ $DIG $DIGOPTS @10.53.0.3 sync.example. CDNSKEY >dig.out.ns3.cdnskeytest$n || return 1
+ awk '$1 == "sync.example." && $4 == "CDNSKEY" { exit 1; }' dig.out.ns3.cdnskeytest$n || return 1
}
retry 10 ensure_cds_and_cdnskey_are_deleted || ret=1
n=$((n + 1))
@@ -1478,7 +1466,7 @@
echo_i "check that dnssec-settime -p Dsync works ($n)"
ret=0
-$SETTIME -p Dsync $(cat sync.key) > settime.out.test$n || ret=1
+$SETTIME -p Dsync $(cat sync.key) >settime.out.test$n || ret=1
grep "SYNC Delete:" settime.out.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1486,7 +1474,7 @@
echo_i "check that dnssec-settime -p Psync works ($n)"
ret=0
-$SETTIME -p Psync $(cat sync.key) > settime.out.test$n || ret=1
+$SETTIME -p Psync $(cat sync.key) >settime.out.test$n || ret=1
grep "SYNC Publish:" settime.out.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1494,17 +1482,17 @@
echo_i "check that zone with inactive KSK and active ZSK is properly autosigned ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example > dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example >dig.out.ns3.test$n
-zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -A -2 -f - inacksk2.example | awk '{ print $4}' )
+zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -A -2 -f - inacksk2.example | awk '{ print $4}')
pattern="DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 [0-9]* [0-9]* [0-9]* ${zskid} "
-grep "${pattern}" dig.out.ns3.test$n > /dev/null || ret=1
+grep "${pattern}" dig.out.ns3.test$n >/dev/null || ret=1
-kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -2 -f - inacksk2.example | awk '{ print $4}' )
+kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -2 -f - inacksk2.example | awk '{ print $4}')
pattern="DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 [0-9]* [0-9]* [0-9]* ${kskid} "
-grep "${pattern}" dig.out.ns3.test$n > /dev/null && ret=1
+grep "${pattern}" dig.out.ns3.test$n >/dev/null && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1512,8 +1500,8 @@
echo_i "check that zone with inactive ZSK and active KSK is properly autosigned ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example > dig.out.ns3.test$n
-grep "SOA ${DEFAULT_ALGORITHM_NUMBER} 2" dig.out.ns3.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example >dig.out.ns3.test$n
+grep "SOA ${DEFAULT_ALGORITHM_NUMBER} 2" dig.out.ns3.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1526,12 +1514,12 @@
echo_ic "is now signed with the ZSK. ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example > dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n
-zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}' )
+zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}')
pattern="DNSKEY ${DEFAULT_ALGORITHM_NUMBER} 2 [0-9]* [0-9]* [0-9]* ${zskid} "
-grep "${pattern}" dig.out.ns3.test$n > /dev/null || ret=1
+grep "${pattern}" dig.out.ns3.test$n >/dev/null || ret=1
count=$(awk 'BEGIN { count = 0 }
$4 == "RRSIG" && $5 == "DNSKEY" { count++ }
@@ -1554,10 +1542,10 @@
echo_ic "resigned after the active ZSK is deleted - stage 2: Verify that zone"
echo_ic "is now signed with the KSK. ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example > dig.out.ns3.test$n
-kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n |
- $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}' )
-grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n
+kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n \
+ | $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}')
+grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n >/dev/null || ret=1
count=$(awk 'BEGIN { count = 0 }
$4 == "RRSIG" && $5 == "CNAME" { count++ }
END {print count}' dig.out.ns3.test$n)
@@ -1573,45 +1561,45 @@
echo_i "checking for out-of-zone NSEC3 records after ZSK removal ($n)"
ret=0
# Switch the zone over to NSEC3 and wait until the transition is complete.
-$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. > signing.out.1.test$n 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. >signing.out.1.test$n 2>&1 || ret=1
for i in 0 1 2 3 4 5 6 7 8 9; do
- _ret=1
- $DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
- grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1
- if [ $? -eq 0 ]; then
- $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
- grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- _ret=0
- break
- fi
- fi
- sleep 1
+ _ret=1
+ $DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 >dig.out.ns3.1.test$n 2>&1 || ret=1
+ grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ $RNDCCMD 10.53.0.3 signing -list delzsk.example >signing.out.2.test$n 2>&1
+ grep "Creating NSEC3 chain " signing.out.2.test$n >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ _ret=0
+ break
+ fi
+ fi
+ sleep 1
done
if [ $_ret -ne 0 ]; then
- echo_i "timed out waiting for NSEC3 chain creation"
- ret=1
+ echo_i "timed out waiting for NSEC3 chain creation"
+ ret=1
fi
# Mark the inactive ZSK as pending removal.
file="ns3/$(cat delzsk.key).key"
-$SETTIME -D now-1h $file > settime.out.test$n || ret=1
+$SETTIME -D now-1h $file >settime.out.test$n || ret=1
# Trigger removal of the inactive ZSK and wait until its completion.
($RNDCCMD 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i) || ret=1
for i in 0 1 2 3 4 5 6 7 8 9; do
- _ret=1
- $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1
- grep "Signing " signing.out.3.test$n > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- if [ $(grep "Done signing " signing.out.3.test$n | wc -l) -eq 2 ]; then
- _ret=0
- break
- fi
- fi
- sleep 1
+ _ret=1
+ $RNDCCMD 10.53.0.3 signing -list delzsk.example >signing.out.3.test$n 2>&1
+ grep "Signing " signing.out.3.test$n >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ if [ $(grep "Done signing " signing.out.3.test$n | wc -l) -eq 2 ]; then
+ _ret=0
+ break
+ fi
+ fi
+ sleep 1
done
if [ $_ret -ne 0 ]; then
- echo_i "timed out waiting for key removal"
- ret=1
+ echo_i "timed out waiting for key removal"
+ ret=1
fi
# Check whether key removal caused NSEC3 records to be erroneously created for
# glue records due to a secure delegation already being signed by the active key
@@ -1622,26 +1610,26 @@
# $ nsec3hash 12345678 1 10 ns.sub.delzsk.example.
# 589R358VSPJUFVAJU949JPVF74D9PTGH (salt=12345678, hash=1, iterations=10)
#
-$DIG $DIGOPTS delzsk.example AXFR @10.53.0.3 > dig.out.ns3.3.test$n || ret=1
-grep "589R358VSPJUFVAJU949JPVF74D9PTGH" dig.out.ns3.3.test$n > /dev/null 2>&1 && ret=1
+$DIG $DIGOPTS delzsk.example AXFR @10.53.0.3 >dig.out.ns3.3.test$n || ret=1
+grep "589R358VSPJUFVAJU949JPVF74D9PTGH" dig.out.ns3.3.test$n >/dev/null 2>&1 && ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "check that DNAME at apex with NSEC3 is correctly signed (auto-dnssec maintain) ($n)"
ret=0
-$DIG $DIGOPTS txt dname-at-apex-nsec3.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
-grep "RRSIG NSEC3 ${DEFAULT_ALGORITHM_NUMBER} 3 600" dig.out.ns3.test$n > /dev/null || ret=1
+$DIG $DIGOPTS txt dname-at-apex-nsec3.example @10.53.0.3 >dig.out.ns3.test$n || ret=1
+grep "RRSIG NSEC3 ${DEFAULT_ALGORITHM_NUMBER} 3 600" dig.out.ns3.test$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking that DNAME is not treated as a delegation when signing ($n)"
ret=0
-$DIG $DIGOPTS dname-and-txt.secure.example. DNAME @10.53.0.3 > dig.out.ns3.1.test$n || ret=1
-grep "dname-and-txt.secure.example.*RRSIG.*DNAME" dig.out.ns3.1.test$n > /dev/null 2>&1 || ret=1
-$DIG $DIGOPTS dname-and-txt.secure.example. TXT @10.53.0.3 > dig.out.ns3.2.test$n || ret=1
-grep "dname-and-txt.secure.example.*RRSIG.*TXT" dig.out.ns3.2.test$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS dname-and-txt.secure.example. DNAME @10.53.0.3 >dig.out.ns3.1.test$n || ret=1
+grep "dname-and-txt.secure.example.*RRSIG.*DNAME" dig.out.ns3.1.test$n >/dev/null 2>&1 || ret=1
+$DIG $DIGOPTS dname-and-txt.secure.example. TXT @10.53.0.3 >dig.out.ns3.2.test$n || ret=1
+grep "dname-and-txt.secure.example.*RRSIG.*TXT" dig.out.ns3.2.test$n >/dev/null 2>&1 || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
@@ -1665,7 +1653,7 @@
echo_i "checking that CDS (DELETE) persists after zone sign ($n)"
echo_i "update add cds-delete.example. CDS 0 0 00"
ret=0
-$NSUPDATE > nsupdate.out 2>&1 <nsupdate.out 2>&1 < dig.out.ns3.test$n || return 1
- grep "CDS.*0.*0.*0.*00" dig.out.ns3.test$n > /dev/null 2>&1 || return 1
- return 0
+ $DIG $DIGOPTS +noall +answer $1 cds @10.53.0.3 >dig.out.ns3.test$n || return 1
+ grep "CDS.*0.*0.*0.*00" dig.out.ns3.test$n >/dev/null 2>&1 || return 1
+ return 0
)
_cdnskey_delete_nx() {
- $DIG $DIGOPTS +noall +answer $1 cdnskey @10.53.0.3 > dig.out.ns3.test$n || return 1
- grep "CDNSKEY.*0.*3.*0.*AA==" dig.out.ns3.test$n > /dev/null 2>&1 && return 1
- return 0
+ $DIG $DIGOPTS +noall +answer $1 cdnskey @10.53.0.3 >dig.out.ns3.test$n || return 1
+ grep "CDNSKEY.*0.*3.*0.*AA==" dig.out.ns3.test$n >/dev/null 2>&1 && return 1
+ return 0
}
echo_i "query cds-delete.example. CDS"
@@ -1690,7 +1678,7 @@
echo_i "sign cds-delete.example."
nextpart ns3/named.run >/dev/null
-$RNDCCMD 10.53.0.3 sign cds-delete.example > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 sign cds-delete.example >/dev/null 2>&1 || ret=1
wait_for_log 10 "zone cds-delete.example/IN: next key event" ns3/named.run
# The CDS (DELETE) record should still be here.
echo_i "query cds-delete.example. CDS"
@@ -1706,7 +1694,7 @@
echo_i "checking that CDNSKEY (DELETE) persists after zone sign ($n)"
echo_i "update add cdnskey-delete.example. CDNSKEY 0 3 0 AA=="
ret=0
-$NSUPDATE > nsupdate.out 2>&1 <nsupdate.out 2>&1 < dig.out.ns3.test$n || return 1
- grep "CDS.*0.*0.*0.*00" dig.out.ns3.test$n > /dev/null 2>&1 && return 1
- return 0
+ $DIG $DIGOPTS +noall +answer $1 cds @10.53.0.3 >dig.out.ns3.test$n || return 1
+ grep "CDS.*0.*0.*0.*00" dig.out.ns3.test$n >/dev/null 2>&1 && return 1
+ return 0
)
_cdnskey_delete() {
- $DIG $DIGOPTS +noall +answer $1 cdnskey @10.53.0.3 > dig.out.ns3.test$n || return 1
- grep "CDNSKEY.*0.*3.*0.*AA==" dig.out.ns3.test$n > /dev/null 2>&1 || return 1
- return 0
+ $DIG $DIGOPTS +noall +answer $1 cdnskey @10.53.0.3 >dig.out.ns3.test$n || return 1
+ grep "CDNSKEY.*0.*3.*0.*AA==" dig.out.ns3.test$n >/dev/null 2>&1 || return 1
+ return 0
}
echo_i "query cdnskey-delete.example. CDNSKEY"
@@ -1731,7 +1719,7 @@
echo_i "sign cdsnskey-delete.example."
nextpart ns3/named.run >/dev/null
-$RNDCCMD 10.53.0.3 sign cdnskey-delete.example > /dev/null 2>&1 || ret=1
+$RNDCCMD 10.53.0.3 sign cdnskey-delete.example >/dev/null 2>&1 || ret=1
wait_for_log 10 "zone cdnskey-delete.example/IN: next key event" ns3/named.run
# The CDNSKEY (DELETE) record should still be here.
echo_i "query cdnskey-delete.example. CDNSKEY"
@@ -1749,40 +1737,53 @@
zone=optout-with-ent
hash=JTR8R6AVFULU0DQH9I6HNN2KUK5956EL
# check that NSEC3 for ENT is present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" > dig.out.pre.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n
grep "status: NOERROR" dig.out.pre.ns2.test$n >/dev/null || ret=1
-grep "ANSWER: 0, AUTHORITY: 4, " dig.out.pre.ns2.test$n > /dev/null || ret=1
-grep "^${hash}.${zone}." dig.out.pre.ns2.test$n > /dev/null || ret=1
+grep "ANSWER: 0, AUTHORITY: 4, " dig.out.pre.ns2.test$n >/dev/null || ret=1
+grep "^${hash}.${zone}." dig.out.pre.ns2.test$n >/dev/null || ret=1
# remove first delegation of two delegations, NSEC3 for ENT should remain.
(
-echo zone $zone
-echo server 10.53.0.2 "$PORT"
-echo update del sub1.ent.$zone NS
-echo send
+ echo zone $zone
+ echo server 10.53.0.2 "$PORT"
+ echo update del sub1.ent.$zone NS
+ echo send
) | $NSUPDATE
# check that NSEC3 for ENT is still present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" > dig.out.pre.ns2.test$n
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" > dig.out.mid.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.mid.ns2.test$n
grep "status: NOERROR" dig.out.mid.ns2.test$n >/dev/null || ret=1
-grep "ANSWER: 0, AUTHORITY: 4, " dig.out.mid.ns2.test$n > /dev/null || ret=1
-grep "^${hash}.${zone}." dig.out.mid.ns2.test$n > /dev/null || ret=1
+grep "ANSWER: 0, AUTHORITY: 4, " dig.out.mid.ns2.test$n >/dev/null || ret=1
+grep "^${hash}.${zone}." dig.out.mid.ns2.test$n >/dev/null || ret=1
# remove second delegation of two delegations, NSEC3 for ENT should be deleted.
(
-echo zone $zone
-echo server 10.53.0.2 "$PORT"
-echo update del sub2.ent.$zone NS
-echo send
+ echo zone $zone
+ echo server 10.53.0.2 "$PORT"
+ echo update del sub2.ent.$zone NS
+ echo send
) | $NSUPDATE
# check that NSEC3 for ENT is gone present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" > dig.out.post.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.post.ns2.test$n
grep "status: NXDOMAIN" dig.out.post.ns2.test$n >/dev/null || ret=1
-grep "ANSWER: 0, AUTHORITY: 4, " dig.out.post.ns2.test$n > /dev/null || ret=1
-grep "^${hash}.${zone}." dig.out.post.ns2.test$n > /dev/null && ret=1
-$DIG $DIGOPTS @10.53.0.2 axfr "${zone}" > dig.out.axfr.ns2.test$n
-grep "^${hash}.${zone}." dig.out.axfr.ns2.test$n > /dev/null && ret=1
-n=$((n+1))
+grep "ANSWER: 0, AUTHORITY: 4, " dig.out.post.ns2.test$n >/dev/null || ret=1
+grep "^${hash}.${zone}." dig.out.post.ns2.test$n >/dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.2 axfr "${zone}" >dig.out.axfr.ns2.test$n
+grep "^${hash}.${zone}." dig.out.axfr.ns2.test$n >/dev/null && ret=1
+n=$((n + 1))
if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
+
+echo_i "check that the startup change from NSEC3 to NSEC is properly signed ($n)"
+ret=0
+$JOURNALPRINT ns3/nsec3-to-nsec.example.db.jnl \
+ | awk 'BEGIN { private=0; rrsig=0; ok=0 }
+$1 == "del" && $5 == "SOA" { if (private || rrsig) { if (private == rrsig) { exit(0); } else { exit(1); } } }
+$1 == "add" && $5 == "TYPE65534" { private=1 }
+$1 == "add" && $5 == "RRSIG" && $6 == "TYPE65534" { rrsig=1 }
+END { if (private || rrsig) { if (private == rrsig) { exit(0); } else { exit(1); } } else { exit (1); } }
+' || ret=1
+n=$((n + 1))
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/builtin/tests.sh bind9-9.16.48/bin/tests/system/builtin/tests.sh
--- bind9-9.16.44/bin/tests/system/builtin/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/builtin/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -121,127 +121,166 @@
EMPTY.AS112.ARPA
HOME.ARPA"
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
count=0
echo_i "Checking expected empty zones were configured ($n)"
-for zone in ${emptyzones}
-do
- grep "automatic empty zone: $zone" ns1/named.run > /dev/null || {
- echo_i "failed (empty zone $zone missing)"
- ret=1
- }
- count=`expr $count + 1`
+for zone in ${emptyzones}; do
+ grep "automatic empty zone: $zone" ns1/named.run >/dev/null || {
+ echo_i "failed (empty zone $zone missing)"
+ ret=1
+ }
+ count=$(expr $count + 1)
done
-lines=`grep "automatic empty zone: " ns1/named.run | wc -l`
+lines=$(grep "automatic empty zone: " ns1/named.run | wc -l)
test $count -eq $lines -a $count -eq 99 || {
- ret=1; echo_i "failed (count mismatch)";
+ ret=1
+ echo_i "failed (count mismatch)"
}
-if [ $ret != 0 ] ; then status=`expr $status + $ret`; fi
+if [ $ret != 0 ]; then status=$(expr $status + $ret); fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "Checking that reconfiguring empty zones is silent ($n)"
$RNDCCMD 10.53.0.1 reconfig
ret=0
-grep "automatic empty zone" ns1/named.run > /dev/null || ret=1
-grep "received control channel command 'reconfig'" ns1/named.run > /dev/null || ret=1
-grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
+grep "automatic empty zone" ns1/named.run >/dev/null || ret=1
+grep "received control channel command 'reconfig'" ns1/named.run >/dev/null || ret=1
+grep "reloading configuration succeeded" ns1/named.run >/dev/null || ret=1
sleep 1
-grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+grep "zone serial (0) unchanged." ns1/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "Checking that reloading empty zones is silent ($n)"
rndc_reload ns1 10.53.0.1
ret=0
-grep "automatic empty zone" ns1/named.run > /dev/null || ret=1
-grep "received control channel command 'reload'" ns1/named.run > /dev/null || ret=1
-grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1
+grep "automatic empty zone" ns1/named.run >/dev/null || ret=1
+grep "received control channel command 'reload'" ns1/named.run >/dev/null || ret=1
+grep "reloading configuration succeeded" ns1/named.run >/dev/null || ret=1
sleep 1
-grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+grep "zone serial (0) unchanged." ns1/named.run >/dev/null && ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-HOST_NAME=`$FEATURETEST --gethostname`
+HOST_NAME=$($FEATURETEST --gethostname)
BIND_VERSION_STRING=$($NAMED -V | head -1)
BIND_VERSION=$($NAMED -V | sed -ne 's/^BIND \([^ ]*\).*/\1/p')
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that default version works for rndc ($n)"
-$RNDCCMD 10.53.0.1 status > rndc.status.ns1.$n 2>&1
-grep -F "version: $BIND_VERSION_STRING" rndc.status.ns1.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$RNDCCMD 10.53.0.1 status >rndc.status.ns1.$n 2>&1
+grep -F "version: $BIND_VERSION_STRING" rndc.status.ns1.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that custom version works for rndc ($n)"
-$RNDCCMD 10.53.0.3 status > rndc.status.ns3.$n 2>&1
-grep -F "version: $BIND_VERSION_STRING (this is a test of version)" rndc.status.ns3.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$RNDCCMD 10.53.0.3 status >rndc.status.ns3.$n 2>&1
+grep -F "version: $BIND_VERSION_STRING (this is a test of version)" rndc.status.ns3.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that default version works for query ($n)"
-$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n
-grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 >dig.out.ns1.$n
+grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that custom version works for query ($n)"
-$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n
-grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 >dig.out.ns3.$n
+grep "^\"this is a test of version\"$" dig.out.ns3.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that default hostname works for query ($n)"
-$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n
-grep "^\"$HOST_NAME\"$" dig.out.ns1.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 >dig.out.ns1.$n
+grep "^\"$HOST_NAME\"$" dig.out.ns1.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that custom hostname works for query ($n)"
-$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n
-grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 >dig.out.ns3.$n
+grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that default server-id is none for query ($n)"
-$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n
-grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
-grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS id.server txt ch @10.53.0.1 >dig.out.ns1.$n
+grep "status: NOERROR" dig.out.ns1.$n >/dev/null || ret=1
+grep "ANSWER: 0" dig.out.ns1.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that server-id hostname works for query ($n)"
-$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n
-grep "^\"$HOST_NAME\"$" dig.out.ns2.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 >dig.out.ns2.$n
+grep "^\"$HOST_NAME\"$" dig.out.ns2.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)"
-$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n
-grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 >dig.out.ns2.$n
+grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that custom server-id works for query ($n)"
-$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n
-grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 >dig.out.ns3.$n
+grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "Checking that custom server-id works for EDNS name server ID request ($n)"
-$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n
-grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1
-if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 >dig.out.ns3.$n
+grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ status=$(expr $status + $ret)
+fi
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/cacheclean/tests.sh bind9-9.16.48/bin/tests/system/cacheclean/tests.sh
--- bind9-9.16.44/bin/tests/system/cacheclean/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cacheclean/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -22,12 +22,12 @@
+nostat @10.53.0.2 -p ${PORT}"
# fill the cache with nodes from flushtest.example zone
-load_cache () {
- # empty all existing cache data
- $RNDC $RNDCOPTS flush
+load_cache() {
+ # empty all existing cache data
+ $RNDC $RNDCOPTS flush
- # load the positive cache entries
- $DIG $DIGOPTS -f - << EOF > /dev/null 2>&1
+ # load the positive cache entries
+ $DIG $DIGOPTS -f - </dev/null 2>&1
txt top1.flushtest.example
txt second1.top1.flushtest.example
txt third1.second1.top1.flushtest.example
@@ -46,42 +46,42 @@
txt second3.top3.flushtest.example
EOF
- # load the negative cache entries
- # nxrrset:
- $DIG $DIGOPTS a third1.second1.top1.flushtest.example > /dev/null
- # nxdomain:
- $DIG $DIGOPTS txt top4.flushtest.example > /dev/null
- # empty nonterminal:
- $DIG $DIGOPTS txt second2.top3.flushtest.example > /dev/null
-
- # sleep 2 seconds ensure the TTLs will be lower on cached data
- sleep 2
-}
-
-dump_cache () {
- rndc_dumpdb ns2 -cache _default
-}
-
-clear_cache () {
- $RNDC $RNDCOPTS flush
-}
-
-in_cache () {
- ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'`
- [ -z "$ttl" ] && {
- ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'`
- [ "$ttl" -ge 3599 ] && return 1
- return 0
- }
- [ "$ttl" -ge 3599 ] && return 1
- return 0
+ # load the negative cache entries
+ # nxrrset:
+ $DIG $DIGOPTS a third1.second1.top1.flushtest.example >/dev/null
+ # nxdomain:
+ $DIG $DIGOPTS txt top4.flushtest.example >/dev/null
+ # empty nonterminal:
+ $DIG $DIGOPTS txt second2.top3.flushtest.example >/dev/null
+
+ # sleep 2 seconds ensure the TTLs will be lower on cached data
+ sleep 2
+}
+
+dump_cache() {
+ rndc_dumpdb ns2 -cache _default
+}
+
+clear_cache() {
+ $RNDC $RNDCOPTS flush
+}
+
+in_cache() {
+ ttl=$($DIG $DIGOPTS "$@" | awk '{print $2}')
+ [ -z "$ttl" ] && {
+ ttl=$($DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}')
+ [ "$ttl" -ge 3599 ] && return 1
+ return 0
+ }
+ [ "$ttl" -ge 3599 ] && return 1
+ return 0
}
# Extract records at and below name "$1" from the cache dump in file "$2".
-filter_tree () {
- tree="$1"
- file="$2"
- perl -n -e '
+filter_tree() {
+ tree="$1"
+ file="$2"
+ perl -n -e '
next if /^;/;
if (/'"$tree"'/ || (/^\t/ && $print)) {
$print = 1;
@@ -92,39 +92,45 @@
' "$file"
}
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check correctness of routine cache cleaning ($n)"
-$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1
+$DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch >dig.out.ns2 || status=1
digcomp --lc dig.out.ns2 knowngood.dig.out || status=1
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "only one tcp socket was used ($n)"
-tcpclients=`awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l`
+tcpclients=$(awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l)
-test $tcpclients -eq 1 || { status=1; echo_i "failed"; }
+test $tcpclients -eq 1 || {
+ status=1
+ echo_i "failed"
+}
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "reset and check that records are correctly cached initially ($n)"
ret=0
load_cache
dump_cache
-nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
-[ $nrecords -eq 18 ] || { ret=1; echo_i "found $nrecords records expected 18"; }
+nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l)
+[ $nrecords -eq 18 ] || {
+ ret=1
+ echo_i "found $nrecords records expected 18"
+}
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing of the full cache ($n)"
ret=0
clear_cache
dump_cache
-nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l`
+nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l)
[ $nrecords -eq 0 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing of individual nodes (interior node) ($n)"
ret=0
clear_cache
@@ -134,9 +140,9 @@
$RNDC $RNDCOPTS flushname top1.flushtest.example
in_cache txt top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing of individual nodes (leaf node, under the interior node) ($n)"
ret=0
# leaf node, under the interior node (should still exist)
@@ -144,9 +150,9 @@
$RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example
in_cache txt third2.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)"
ret=0
# another leaf node, with both positive and negative cache entries
@@ -156,16 +162,16 @@
in_cache a third1.second1.top1.flushtest.example && ret=1
in_cache txt third1.second1.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing a nonexistent name ($n)"
ret=0
$RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing of namespaces ($n)"
ret=0
clear_cache
@@ -190,79 +196,85 @@
in_cache txt second2.top2.flushtest.example && ret=1
in_cache txt second3.top2.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushing a nonexistent namespace ($n)"
ret=0
$RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
-nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l`
-[ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; }
+nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l)
+[ $nrecords -eq 17 ] || {
+ ret=1
+ echo_i "found $nrecords records expected 17"
+}
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check the check that flushname of a partial match works ($n)"
ret=0
in_cache txt second2.top1.flushtest.example || ret=1
$RNDC $RNDCOPTS flushtree example
in_cache txt second2.top1.flushtest.example && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check the number of cached records remaining ($n)"
ret=0
dump_cache
-nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l`
-[ $nrecords -eq 1 ] || { ret=1; echo_i "found $nrecords records expected 1"; }
+nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l)
+[ $nrecords -eq 1 ] || {
+ ret=1
+ echo_i "found $nrecords records expected 1"
+}
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check flushtree clears adb correctly ($n)"
ret=0
load_cache
dump_cache
mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.a
sed -n '/plain success\/timeout/,/Unassociated entries/p' \
- ns2/named_dump.db.test$n.a > sed.out.$n.a
-grep 'plain success/timeout' sed.out.$n.a > /dev/null 2>&1 || ret=1
-grep 'Unassociated entries' sed.out.$n.a > /dev/null 2>&1 || ret=1
-grep 'ns.flushtest.example' sed.out.$n.a > /dev/null 2>&1 || ret=1
+ ns2/named_dump.db.test$n.a >sed.out.$n.a
+grep 'plain success/timeout' sed.out.$n.a >/dev/null 2>&1 || ret=1
+grep 'Unassociated entries' sed.out.$n.a >/dev/null 2>&1 || ret=1
+grep 'ns.flushtest.example' sed.out.$n.a >/dev/null 2>&1 || ret=1
$RNDC $RNDCOPTS flushtree flushtest.example || ret=1
dump_cache
mv ns2/named_dump.db.test$n ns2/named_dump.db.test$n.b
sed -n '/plain success\/timeout/,/Unassociated entries/p' \
- ns2/named_dump.db.test$n.b > sed.out.$n.b
-grep 'plain success/timeout' sed.out.$n.b > /dev/null 2>&1 || ret=1
-grep 'Unassociated entries' sed.out.$n.b > /dev/null 2>&1 || ret=1
-grep 'ns.flushtest.example' sed.out.$n.b > /dev/null 2>&1 && ret=1
+ ns2/named_dump.db.test$n.b >sed.out.$n.b
+grep 'plain success/timeout' sed.out.$n.b >/dev/null 2>&1 || ret=1
+grep 'Unassociated entries' sed.out.$n.b >/dev/null 2>&1 || ret=1
+grep 'ns.flushtest.example' sed.out.$n.b >/dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check expire option returned from primary zone ($n)"
ret=0
-$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
-grep EXPIRE: dig.out.expire > /dev/null || ret=1
+$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test >dig.out.expire
+grep EXPIRE: dig.out.expire >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check expire option returned from secondary zone ($n)"
ret=0
-$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
-grep EXPIRE: dig.out.expire > /dev/null || ret=1
+$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test >dig.out.expire
+grep EXPIRE: dig.out.expire >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/case/tests.sh bind9-9.16.48/bin/tests/system/case/tests.sh
--- bind9-9.16.44/bin/tests/system/case/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/case/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -17,134 +17,132 @@
DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
wait_for_serial() (
- $DIG $DIGOPTS "@$1" "$2" SOA > "$4"
- serial=$(awk '$4 == "SOA" { print $7 }' "$4")
- [ "$3" -eq "${serial:--1}" ]
+ $DIG $DIGOPTS "@$1" "$2" SOA >"$4"
+ serial=$(awk '$4 == "SOA" { print $7 }' "$4")
+ [ "$3" -eq "${serial:--1}" ]
)
status=0
n=0
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "waiting for zone transfer to complete ($n)"
ret=0
-for i in 1 2 3 4 5 6 7 8 9
-do
- $DIG $DIGOPTS soa example. @10.53.0.2 > dig.ns2.test$n
- grep SOA dig.ns2.test$n > /dev/null && break
- sleep 1
+for i in 1 2 3 4 5 6 7 8 9; do
+ $DIG $DIGOPTS soa example. @10.53.0.2 >dig.ns2.test$n
+ grep SOA dig.ns2.test$n >/dev/null && break
+ sleep 1
done
-for i in 1 2 3 4 5 6 7 8 9
-do
- $DIG $DIGOPTS soa dynamic. @10.53.0.2 > dig.ns2.test$n
- grep SOA dig.ns2.test$n > /dev/null && break
- sleep 1
+for i in 1 2 3 4 5 6 7 8 9; do
+ $DIG $DIGOPTS soa dynamic. @10.53.0.2 >dig.ns2.test$n
+ grep SOA dig.ns2.test$n >/dev/null && break
+ sleep 1
done
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing case preserving responses - no acl ($n)"
ret=0
-$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n
-grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
-grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS mx example. @10.53.0.1 >dig.ns1.test$n
+grep "0.mail.eXaMpLe" dig.ns1.test$n >/dev/null || ret=1
+grep "mAiL.example" dig.ns1.test$n >/dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)"
ret=0
# check that we preserve zone case for non-matching query (10.53.0.1)
-$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 > dig.ns1.test$n
-grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
-grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 >dig.ns1.test$n
+grep "0.mail.eXaMpLe" dig.ns1.test$n >/dev/null || ret=1
+grep "mAiL.example" dig.ns1.test$n >/dev/null || ret=1
# check that we don't preserve zone case for match (10.53.0.2)
-$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 > dig.ns2.test$n
-grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1
-grep "mail.example" dig.ns2.test$n > /dev/null || ret=1
+$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 >dig.ns2.test$n
+grep "0.mail.example" dig.ns2.test$n >/dev/null || ret=1
+grep "mail.example" dig.ns2.test$n >/dev/null || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)"
ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 >dig.ns1.test$n
digcomp dig.ns1.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)"
ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 >dig.ns2.test$n
digcomp dig.ns2.test$n dynamic.good || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "change SOA owner case via update ($n)"
-$NSUPDATE << EOF
+$NSUPDATE < dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 >dig.ns1.test$n
digcomp dig.ns1.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042408 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check SOA owner case is transferred to secondary ($n)"
ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 >dig.ns2.test$n
digcomp dig.ns2.test$n postupdate.good || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
#update delete Ns1.DyNaMIC. 300 IN A 10.53.0.1
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "change A record owner case via update ($n)"
-$NSUPDATE << EOF
+$NSUPDATE < dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 >dig.ns1.test$n
digcomp dig.ns1.test$n postns1.good || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
ret=0
echo_i "wait for zone to transfer ($n)"
retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042409 dig.ns2.test$n || ret=1
test $ret -eq 0 || echo_i "failed"
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check A owner case is transferred to secondary ($n)"
ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 >dig.ns2.test$n
digcomp dig.ns2.test$n postns1.good || ret=1
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/catz/tests.sh bind9-9.16.48/bin/tests/system/catz/tests.sh
--- bind9-9.16.44/bin/tests/system/catz/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/catz/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -18,272 +18,272 @@
. "$SYSTEMTESTTOP/conf.sh"
dig_with_opts() {
- "$DIG" -p "${PORT}" "$@"
+ "$DIG" -p "${PORT}" "$@"
}
rndccmd() (
- "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@"
+ "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "${CONTROLPORT}" -s "$@"
)
_wait_for_message() (
- nextpartpeek "$1" > wait_for_message.$n
- grep -F "$2" wait_for_message.$n >/dev/null
+ nextpartpeek "$1" >wait_for_message.$n
+ grep -F "$2" wait_for_message.$n >/dev/null
)
wait_for_message() (
- retry_quiet 20 _wait_for_message "$@"
+ retry_quiet 20 _wait_for_message "$@"
)
_wait_for_rcode() (
- rcode="$1"
- qtype="$2"
- ns="$3"
- qname="$4"
- file="$5"
- shift 5
- dig_with_opts "$ns" "$qtype" "$qname" "$@" >"$file" || return 1
- grep "status: $rcode" "$file" >/dev/null
+ rcode="$1"
+ qtype="$2"
+ ns="$3"
+ qname="$4"
+ file="$5"
+ shift 5
+ dig_with_opts "$ns" "$qtype" "$qname" "$@" >"$file" || return 1
+ grep "status: $rcode" "$file" >/dev/null
)
wait_for_rcode() (
- retry_quiet 10 _wait_for_rcode "$@"
+ retry_quiet 10 _wait_for_rcode "$@"
)
wait_for_soa() (
- wait_for_rcode NOERROR SOA "$@"
+ wait_for_rcode NOERROR SOA "$@"
)
wait_for_a() (
- wait_for_rcode NOERROR A "$@"
+ wait_for_rcode NOERROR A "$@"
)
wait_for_no_soa() {
- wait_for_rcode REFUSED SOA "$@"
+ wait_for_rcode REFUSED SOA "$@"
}
_wait_for_zonefile() (
- # shellcheck disable=SC2234
- [ -f "$1" ]
+ # shellcheck disable=SC2234
+ [ -f "$1" ]
)
wait_for_zonefile() (
- retry_quiet 10 _wait_for_zonefile "$@"
+ retry_quiet 10 _wait_for_zonefile "$@"
)
_wait_for_no_zonefile() (
- # shellcheck disable=SC2234
- [ ! -f "$1" ]
+ # shellcheck disable=SC2234
+ [ ! -f "$1" ]
)
wait_for_no_zonefile() (
- retry_quiet 10 _wait_for_no_zonefile "$@"
+ retry_quiet 10 _wait_for_no_zonefile "$@"
)
status=0
n=0
##########################################################################
echo_i "Testing adding/removing of domain in catalog zone"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom1.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom1.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom1.example. to primary via RNDC ($n)"
ret=0
# enough initial content for IXFR response when TXT record is added below
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom1.example.db
-echo "@ 3600 IN NS invalid." >> ns1/dom1.example.db
-echo "foo 3600 IN TXT some content here" >> ns1/dom1.example.db
-echo "bar 3600 IN TXT some content here" >> ns1/dom1.example.db
-echo "xxx 3600 IN TXT some content here" >> ns1/dom1.example.db
-echo "yyy 3600 IN TXT some content here" >> ns1/dom1.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom1.example.db
+echo "@ 3600 IN NS invalid." >>ns1/dom1.example.db
+echo "foo 3600 IN TXT some content here" >>ns1/dom1.example.db
+echo "bar 3600 IN TXT some content here" >>ns1/dom1.example.db
+echo "xxx 3600 IN TXT some content here" >>ns1/dom1.example.db
+echo "yyy 3600 IN TXT some content here" >>ns1/dom1.example.db
rndccmd 10.53.0.1 addzone dom1.example. '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom1.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 dom1.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom1.example. to catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN PTR dom1.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom1.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom1.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that zone-directory is populated ($n)"
ret=0
wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "update dom1.example. ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add dom1.example 0 IN TXT added record
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "wait for secondary to be updated ($n)"
ret=0
wait_for_txt() {
- dig_with_opts @10.53.0.2 TXT dom1.example. > dig.out.test$n || return 1
- grep "ANSWER: 1," dig.out.test$n > /dev/null || return 1
- grep "status: NOERROR" dig.out.test$n > /dev/null || return 1
- grep "IN.TXT." dig.out.test$n > /dev/null || return 1
+ dig_with_opts @10.53.0.2 TXT dom1.example. >dig.out.test$n || return 1
+ grep "ANSWER: 1," dig.out.test$n >/dev/null || return 1
+ grep "status: NOERROR" dig.out.test$n >/dev/null || return 1
+ grep "IN.TXT." dig.out.test$n >/dev/null || return 1
}
retry_quiet 10 wait_for_txt || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that journal was created for cleanup test ($n)"
ret=0
test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "update catalog zone serial ($n)"
ret=0
# default minimum update rate is once / 5 seconds
sleep 5
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add catalog1.example 3600 SOA . . 20 86400 3600 86400 3600
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "wait for catalog zone to transfer ($n)"
ret=0
wait_for_soa_equal_20() {
- dig_with_opts @10.53.0.2 SOA catalog1.example. > dig.out.test$n || return 1
- grep "ANSWER: 1," dig.out.test$n > /dev/null || return 1
- grep "status: NOERROR" dig.out.test$n > /dev/null || return 1
- grep 'IN.SOA.\. \. 20 ' dig.out.test$n > /dev/null || return 1
+ dig_with_opts @10.53.0.2 SOA catalog1.example. >dig.out.test$n || return 1
+ grep "ANSWER: 1," dig.out.test$n >/dev/null || return 1
+ grep "status: NOERROR" dig.out.test$n >/dev/null || return 1
+ grep 'IN.SOA.\. \. 20 ' dig.out.test$n >/dev/null || return 1
}
retry_quiet 10 wait_for_soa_equal_20 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "update dom1.example. again ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add foo.dom1.example 0 IN TXT added record
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "wait for secondary to be updated again ($n)"
ret=0
wait_for_txt() {
- dig_with_opts @10.53.0.2 TXT foo.dom1.example. > dig.out.test$n || return 1
- grep "ANSWER: 2," dig.out.test$n > /dev/null || return 1
- grep "status: NOERROR" dig.out.test$n > /dev/null || return 1
- grep "IN.TXT." dig.out.test$n > /dev/null || return 1
+ dig_with_opts @10.53.0.2 TXT foo.dom1.example. >dig.out.test$n || return 1
+ grep "ANSWER: 2," dig.out.test$n >/dev/null || return 1
+ grep "status: NOERROR" dig.out.test$n >/dev/null || return 1
+ grep "IN.TXT." dig.out.test$n >/dev/null || return 1
}
retry_quiet 10 wait_for_txt || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing domain dom1.example. from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom1.example. is not served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom1.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that zone-directory is emptied ($n)"
ret=0
wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1
wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing various simple operations on domains, including using multiple catalog zones and garbage in zone"
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom2.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom2.example.db
-echo "@ IN NS invalid." >> ns1/dom2.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom2.example.db
+echo "@ IN NS invalid." >>ns1/dom2.example.db
rndccmd 10.53.0.1 addzone dom2.example. '{type primary; file "dom2.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom4.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom4.example.db
-echo "@ IN NS invalid." >> ns1/dom4.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom4.example.db
+echo "@ IN NS invalid." >>ns1/dom4.example.db
rndccmd 10.53.0.1 addzone dom4.example. '{type primary; file "dom4.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domains dom2.example, dom3.example. and some garbage to catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example.
update add b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example.
@@ -300,142 +300,140 @@
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom4.example. to catalog2 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update add de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: updating catalog zone 'catalog2.example' with serial 2670950425" &&
-wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: updating catalog zone 'catalog2.example' with serial 2670950425" \
+ && wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom4.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom4.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom3.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom3.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "adding a domain dom3.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom3.example.db
-echo "@ IN NS invalid." >> ns1/dom3.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom3.example.db
+echo "@ IN NS invalid." >>ns1/dom3.example.db
rndccmd 10.53.0.1 addzone dom3.example. '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom3.example. is served by primary ($n)"
ret=0
-wait_for_soa @10.53.0.1 dom3.example. dig.out.test$n || ret=1
+wait_for_soa @10.53.0.1 dom3.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" &&
-wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" \
+ && wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom3.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
# GL #3060
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - checking if catz survives a certain class of failed reconfiguration attempts ($n)"
ret=0
-sed -e "s/^#T3//" < ns2/named1.conf.in > ns2/named.conf.tmp
+sed -e "s/^#T3//" ns2/named.conf.tmp
copy_setports ns2/named.conf.tmp ns2/named.conf
-$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking again that dom3.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - reverting the bad configuration ($n)"
ret=0
copy_setports ns2/named1.conf.in ns2/named.conf
rndccmd 10.53.0.2 reconfig || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
# GL #3911
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - checking if catz survives another type of failed reconfiguration attempts ($n)"
ret=0
-sed -e "s/^#T4//" < ns2/named1.conf.in > ns2/named.conf.tmp
+sed -e "s/^#T4//" ns2/named.conf.tmp
copy_setports ns2/named.conf.tmp ns2/named.conf
-$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
# catalog zone update can be deferred
sleep 2
-n=$((n+1))
+n=$((n + 1))
echo_i "checking again that dom3.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom3.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - reverting the bad configuration ($n)"
ret=0
copy_setports ns2/named1.conf.in ns2/named.conf
rndccmd 10.53.0.2 reconfig || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "removing all records from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example.
update delete b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example.
@@ -452,81 +450,80 @@
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing all records from catalog2 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update delete de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing masters suboption and random labels"
-n=$((n+1))
+n=$((n + 1))
echo_i "adding dom5.example. with a valid masters suboption (IP without TSIG) and a random label ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add somerandomlabel.zones.catalog1.example. 3600 IN PTR dom5.example.
update add masters.somerandomlabel.zones.catalog1.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom5.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom5.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing dom5.example. ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete somerandomlabel.zones.catalog1.example. 3600 IN PTR dom5.example.
update delete masters.somerandomlabel.zones.catalog1.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1
+wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom5.example. is no longer served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom5.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
##########################################################################
echo_i "Testing masters global option"
-n=$((n+1))
+n=$((n + 1))
echo_i "adding dom6.example. and a valid global masters option (IP without TSIG) ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add masters.catalog1.example. 3600 IN A 10.53.0.3
update add masters.catalog1.example. 3600 IN AAAA fd92:7065:b8e:ffff::3
@@ -534,27 +531,27 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " > /dev/null || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom6.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom6.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing dom6.example. ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete masters.catalog1.example. 3600 IN A 10.53.0.3
update delete masters.catalog1.example. 3600 IN AAAA fd92:7065:b8e:ffff::3
@@ -562,142 +559,142 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1
+wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom6.example. is no longer served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom6.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "adding dom6.example. and an invalid global masters option (TSIG without IP) ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add label1.masters.catalog1.example. 3600 IN TXT "tsig_key"
update add 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom6.example\"" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom6.example\"" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing dom6.example. ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete label1.masters.catalog1.example. 3600 IN TXT "tsig_key"
update delete 4346f565b4d63ddb99e5d2497ff22d04e878e8f8.zones.catalog1.example. 3600 IN PTR dom6.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: deleting zone 'dom6.example' from catalog 'catalog1.example' - success" > /dev/null || ret=1
+wait_for_message ns2/named.run "catz: deleting zone 'dom6.example' from catalog 'catalog1.example' - success" >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
-n=$((n+1))
+n=$((n + 1))
echo_i "Checking that a missing zone directory forces in-memory ($n)"
ret=0
-grep "'nonexistent' not found; zone files will not be saved" ns2/named.run > /dev/null || ret=1
+grep "'nonexistent' not found; zone files will not be saved" ns2/named.run >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing allow-query and allow-transfer ACLs"
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domains dom7.example. and dom8.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom7.example.db
-echo "@ IN NS invalid." >> ns1/dom7.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom7.example.db
+echo "@ IN NS invalid." >>ns1/dom7.example.db
rndccmd 10.53.0.1 addzone dom7.example. '{type primary; file "dom7.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom8.example.db
-echo "@ IN NS invalid." >> ns1/dom8.example.db
+status=$((status + ret))
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom8.example.db
+echo "@ IN NS invalid." >>ns1/dom8.example.db
rndccmd 10.53.0.1 addzone dom8.example. '{type primary; file "dom8.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom7.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 dom7.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom7.example. to catalog1 zone with an allow-query statement ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 78833ec3c0059fd4540fee81c7eaddce088e7cd7.zones.catalog1.example. 3600 IN PTR dom7.example.
update add allow-query.78833ec3c0059fd4540fee81c7eaddce088e7cd7.zones.catalog1.example. 3600 IN APL 1:10.53.0.1/32 !1:10.53.0.0/30 1:0.0.0.0/0
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" > /dev/null &&
-wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" >/dev/null \
+ && wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom7.example. is accessible from 10.53.0.1 ($n)"
ret=0
wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom7.example. is not accessible from 10.53.0.2 ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.2 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom7.example. is accessible from 10.53.0.5 ($n)"
ret=0
wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.5 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "adding dom8.example. domain and global allow-query and allow-transfer ACLs ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add cba95222e308baba42417be6021026fdf20827b6.zones.catalog1.example. 3600 IN PTR dom8.example
update add allow-query.catalog1.example. 3600 IN APL 1:10.53.0.1/32
@@ -705,118 +702,117 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" &&
-wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" \
+ && wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is accessible from 10.53.0.1 ($n)"
ret=0
wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is not accessible from 10.53.0.2 ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.2 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is not AXFR accessible from 10.53.0.1 ($n)"
ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n
-grep "Transfer failed." dig.out.test$n > /dev/null || ret=1
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 >dig.out.test$n
+grep "Transfer failed." dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)"
ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n
-grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 >dig.out.test$n
+grep -v "Transfer failed." dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "deleting global allow-query and allow-domain ACLs ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete allow-query.catalog1.example. 3600 IN APL 1:10.53.0.1/32
update delete allow-transfer.catalog1.example. 3600 IN APL 1:10.53.0.2/32
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is accessible from 10.53.0.1 ($n)"
ret=0
wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is accessible from 10.53.0.2 ($n)"
ret=0
wait_for_soa @10.53.0.2 dom8.example. dig.out.test$n -b 10.53.0.2 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.1 ($n)"
ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n
-grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 >dig.out.test$n
+grep -v "Transfer failed." dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)"
ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n
-grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 >dig.out.test$n
+grep -v "Transfer failed." dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
##########################################################################
echo_i "Testing TSIG keys for masters set per-domain"
-n=$((n+1))
+n=$((n + 1))
echo_i "adding a domain dom9.example. to primary via RNDC, with transfers allowed only with TSIG key ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom9.example.db
-echo "@ IN NS invalid." >> ns1/dom9.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom9.example.db
+echo "@ IN NS invalid." >>ns1/dom9.example.db
rndccmd 10.53.0.1 addzone dom9.example. '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom9.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 dom9.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom9.example. to catalog1 zone with a valid masters suboption (IP with TSIG) ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example.
update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1
@@ -824,77 +820,77 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom9.example. is accessible on secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom9.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "change TSIG key name on primary ($n)"
ret=0
rndccmd 10.53.0.1 modzone dom9.example. '{type primary; notify yes; file "dom9.example.db"; allow-transfer { key next_key; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "update TSIG key name in catalog zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update del label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key"
update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "next_key"
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: modifying zone 'dom9.example' from catalog 'catalog1.example'" || ret=1
+wait_for_message ns2/named.run "catz: modifying zone 'dom9.example' from catalog 'catalog1.example'" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "update zone contents and reload ($n)"
ret=0
-echo "@ 3600 IN SOA . . 2 3600 3600 3600 3600" > ns1/dom9.example.db
-echo "@ IN NS ns2" >> ns1/dom9.example.db
-echo "ns2 IN A 10.53.0.2" >> ns1/dom9.example.db
+echo "@ 3600 IN SOA . . 2 3600 3600 3600 3600" >ns1/dom9.example.db
+echo "@ IN NS ns2" >>ns1/dom9.example.db
+echo "ns2 IN A 10.53.0.2" >>ns1/dom9.example.db
rndccmd 10.53.0.1 reload dom9.example. || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "wait for primary to update zone ($n)"
ret=0
wait_for_a @10.53.0.1 ns2.dom9.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "wait for secondary to update zone ($n)"
ret=0
wait_for_a @10.53.0.2 ns2.dom9.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "deleting domain dom9.example. from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example.
update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN A 10.53.0.1
@@ -902,881 +898,878 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example' - success" || ret=1
+wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example' - success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom9.example. is no longer accessible on secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom9.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "adding domain dom9.example. to catalog1 zone with an invalid masters suboption (TSIG without IP) ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example.
update add label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key"
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom9.example\"" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "error \"failure\" while trying to generate config for zone \"dom9.example\"" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "deleting domain dom9.example. from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN PTR dom9.example.
update delete label1.masters.f0f989bc71c5c8ca3a1eb9c9ab5246521907e3af.zones.catalog1.example. 3600 IN TXT "tsig_key"
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example'" || ret=1
+wait_for_message ns2/named.run "catz: deleting zone 'dom9.example' from catalog 'catalog1.example'" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing catalog entries that can't be represented as filenames"
# note: we need 4 backslashes in the shell to get 2 backslashes in DNS
# presentation format, which is 1 backslash on the wire.
for special in \
- this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example \
- this.zone/domain.has.a.slash.dom10.example \
- this.zone\\\\domain.has.backslash.dom10.example \
- this.zone:domain.has.a.colon.dom.10.example
-do
- # hashes below are generated by:
- # python ${TOP}/contrib/scripts/catzhash.py "${special}"
+ this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example \
+ this.zone/domain.has.a.slash.dom10.example \
+ this.zone\\\\domain.has.backslash.dom10.example \
+ this.zone:domain.has.a.colon.dom.10.example; do
+ # hashes below are generated by:
+ # python ${TOP}/contrib/scripts/catzhash.py "${special}"
- case "$special" in
+ case "$special" in
this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example)
- hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858
- db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db
- ;;
+ hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858
+ db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db
+ ;;
this.zone/domain.has.a.slash.dom10.example)
- hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa
- db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db
- ;;
+ hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa
+ db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db
+ ;;
this.zone\\\\domain.has.backslash.dom10.example)
- hash=91e27e02153d38cf656a9b376d7747fbcd19f985
- db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db
- ;;
+ hash=91e27e02153d38cf656a9b376d7747fbcd19f985
+ db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db
+ ;;
this.zone:domain.has.a.colon.dom.10.example)
- hash=8b7238bf4c34045834c573ba4116557ebb24d33c
- db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db
- ;;
- esac
-
- n=$((n+1))
- echo_i "checking that ${special}. is not served by primary ($n)"
- ret=0
- wait_for_no_soa @10.53.0.1 "${special}" dig.out.test$n || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "Adding a domain ${special}. to primary via RNDC ($n)"
- ret=0
- echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom10.example.db
- echo "@ IN NS invalid." >> ns1/dom10.example.db
- rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "checking that ${special}. is now served by primary ($n)"
- ret=0
- wait_for_soa @10.53.0.1 "${special}." dig.out.test$n || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- nextpart ns2/named.run >/dev/null
-
- n=$((n+1))
- echo_i "Adding domain ${special}. to catalog1 zone ($n)"
- ret=0
- $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+ hash=8b7238bf4c34045834c573ba4116557ebb24d33c
+ db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db
+ ;;
+ esac
+
+ n=$((n + 1))
+ echo_i "checking that ${special}. is not served by primary ($n)"
+ ret=0
+ wait_for_no_soa @10.53.0.1 "${special}" dig.out.test$n || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "Adding a domain ${special}. to primary via RNDC ($n)"
+ ret=0
+ echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom10.example.db
+ echo "@ IN NS invalid." >>ns1/dom10.example.db
+ rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that ${special}. is now served by primary ($n)"
+ ret=0
+ wait_for_soa @10.53.0.1 "${special}." dig.out.test$n || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ nextpart ns2/named.run >/dev/null
+
+ n=$((n + 1))
+ echo_i "Adding domain ${special}. to catalog1 zone ($n)"
+ ret=0
+ $NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add ${hash}.zones.catalog1.example 3600 IN PTR ${special}.
send
END
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
- n=$((n+1))
- echo_i "waiting for secondary to sync up ($n)"
- ret=0
- wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" &&
- wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "checking that ${special}. is served by secondary ($n)"
- ret=0
- wait_for_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "checking that zone-directory is populated with a hashed filename ($n)"
- ret=0
- wait_for_zonefile "ns2/zonedir/$db" || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "removing domain ${special}. from catalog1 zone ($n)"
- ret=0
- $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+ n=$((n + 1))
+ echo_i "waiting for secondary to sync up ($n)"
+ ret=0
+ wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that ${special}. is served by secondary ($n)"
+ ret=0
+ wait_for_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that zone-directory is populated with a hashed filename ($n)"
+ ret=0
+ wait_for_zonefile "ns2/zonedir/$db" || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "removing domain ${special}. from catalog1 zone ($n)"
+ ret=0
+ $NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete ${hash}.zones.catalog1.example
send
END
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
- n=$((n+1))
- echo_i "waiting for secondary to sync up ($n)"
- ret=0
- wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "checking that ${special}. is not served by secondary ($n)"
- ret=0
- wait_for_no_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
-
- n=$((n+1))
- echo_i "checking that zone-directory is emptied ($n)"
- ret=0
- wait_for_no_zonefile "ns2/zonedir/$db" || ret=1
- wait_for_no_zonefile "ns2/zonedir/$db.jnl" || ret=1
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ n=$((n + 1))
+ echo_i "waiting for secondary to sync up ($n)"
+ ret=0
+ wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that ${special}. is not served by secondary ($n)"
+ ret=0
+ wait_for_no_soa @10.53.0.2 "${special}." dig.out.test$n || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
+
+ n=$((n + 1))
+ echo_i "checking that zone-directory is emptied ($n)"
+ ret=0
+ wait_for_no_zonefile "ns2/zonedir/$db" || ret=1
+ wait_for_no_zonefile "ns2/zonedir/$db.jnl" || ret=1
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
done
##########################################################################
echo_i "Testing adding a domain and a subdomain of it"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom11.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom11.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom11.example.db
-echo "@ IN NS invalid." >> ns1/dom11.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom11.example.db
+echo "@ IN NS invalid." >>ns1/dom11.example.db
rndccmd 10.53.0.1 addzone dom11.example. '{type primary; file "dom11.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom11.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom11.example. to catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 0580d70e769c86c8b951a488d8b776627f427d7a.zones.catalog1.example. 3600 IN PTR dom11.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom11.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that subdomain.of.dom11.example. is not served by primary ($n)"
ret=0
wait_for_rcode NXDOMAIN SOA @10.53.0.1 subdomain.of.dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain subdomain.of.dom11.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/subdomain.of.dom11.example.db
-echo "@ IN NS invalid." >> ns1/subdomain.of.dom11.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/subdomain.of.dom11.example.db
+echo "@ IN NS invalid." >>ns1/subdomain.of.dom11.example.db
rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that subdomain.of.dom11.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 subdomain.of.dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain subdomain.of.dom11.example. to catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 25557e0bdd10cb3710199bb421b776df160f241e.zones.catalog1.example. 3600 IN PTR subdomain.of.dom11.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that subdomain.of.dom11.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 subdomain.of.dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing domain dom11.example. from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 0580d70e769c86c8b951a488d8b776627f427d7a.zones.catalog1.example
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1
+wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom11.example. is not served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that subdomain.of.dom11.example. is still served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 subdomain.of.dom11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing domain subdomain.of.dom11.example. from catalog1 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 25557e0bdd10cb3710199bb421b776df160f241e.zones.catalog1.example
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1
+wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that subdomain.of.dom11.example. is not served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 subdomain.of.d11.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing adding a catalog zone at runtime with rndc reconfig"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom12.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom12.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom12.example. to primary via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom12.example.db
-echo "@ IN NS invalid." >> ns1/dom12.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom12.example.db
+echo "@ IN NS invalid." >>ns1/dom12.example.db
rndccmd 10.53.0.1 addzone dom12.example. '{type primary; file "dom12.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom12.example. is now served by primary ($n)"
ret=0
wait_for_soa @10.53.0.1 dom12.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom12.example. to catalog4 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 871d51e5433543c0f6fb263c40f359fbc152c8ae.zones.catalog4.example. 3600 IN PTR dom12.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom12.example. is not served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - adding catalog4 catalog zone ($n)"
ret=0
-sed -e "s/^#T1//g" < ns2/named1.conf.in > ns2/named.conf.tmp
+sed -e "s/^#T1//g" ns2/named.conf.tmp
copy_setports ns2/named.conf.tmp ns2/named.conf
rndccmd 10.53.0.2 reconfig || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom7.example. is still served by secondary after reconfiguration ($n)"
ret=0
wait_for_soa @10.53.0.2 dom7.example. dig.out.test$n -b 10.53.0.1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-n=$((n+1))
+status=$((status + ret))
+n=$((n + 1))
echo_i "checking that dom12.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - removing catalog4 catalog zone, adding non-existent catalog5 catalog zone ($n)"
ret=0
-sed -e "s/^#T2//" < ns2/named1.conf.in > ns2/named.conf.tmp
+sed -e "s/^#T2//" ns2/named.conf.tmp
copy_setports ns2/named.conf.tmp ns2/named.conf
-$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p "${CONTROLPORT}" reconfig >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "reconfiguring secondary - removing non-existent catalog5 catalog zone ($n)"
ret=0
copy_setports ns2/named1.conf.in ns2/named.conf
rndccmd 10.53.0.2 reconfig || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom12.example. is not served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom12.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "removing domain dom12.example. from catalog4 zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 871d51e5433543c0f6fb263c40f359fbc152c8ae.zones.catalog4.example. 3600 IN PTR dom12.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing having a zone in two different catalogs"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom13.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom13.example. to primary ns1 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom13.example.db
-echo "@ IN NS invalid." >> ns1/dom13.example.db
-echo "@ IN A 192.0.2.1" >> ns1/dom13.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom13.example.db
+echo "@ IN NS invalid." >>ns1/dom13.example.db
+echo "@ IN A 192.0.2.1" >>ns1/dom13.example.db
rndccmd 10.53.0.1 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is now served by primary ns1 ($n)"
ret=0
wait_for_soa @10.53.0.1 dom13.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom13.example. to primary ns3 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns3/dom13.example.db
-echo "@ IN NS invalid." >> ns3/dom13.example.db
-echo "@ IN A 192.0.2.2" >> ns3/dom13.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns3/dom13.example.db
+echo "@ IN NS invalid." >>ns3/dom13.example.db
+echo "@ IN A 192.0.2.2" >>ns3/dom13.example.db
rndccmd 10.53.0.3 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is now served by primary ns3 ($n)"
ret=0
wait_for_soa @10.53.0.3 dom13.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom13.example. to catalog1 zone with ns1 as primary ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN PTR dom13.example.
update add masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN A 10.53.0.1
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is served by secondary and that it's the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom13.example. to catalog2 zone with ns3 as primary ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update add 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN PTR dom13.example.
update add masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is served by secondary and that it's still the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Deleting domain dom13.example. from catalog2 ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update delete 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN PTR dom13.example.
update delete masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog2.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is served by secondary and that it's still the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom13.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Deleting domain dom13.example. from catalog1 ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN PTR dom13.example.
update delete masters.8d7989c746b3f92b3bba2479e72afd977198363f.zones.catalog1.example. 3600 IN A 10.53.0.2
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom13.example. is no longer served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom13.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing having a regular zone and a zone in catalog zone of the same name"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom14.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom14.example. to primary ns1 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom14.example.db
-echo "@ IN NS invalid." >> ns1/dom14.example.db
-echo "@ IN A 192.0.2.1" >> ns1/dom14.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom14.example.db
+echo "@ IN NS invalid." >>ns1/dom14.example.db
+echo "@ IN A 192.0.2.1" >>ns1/dom14.example.db
rndccmd 10.53.0.1 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is now served by primary ns1 ($n)"
ret=0
wait_for_soa @10.53.0.1 dom14.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom14.example. to primary ns3 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns3/dom14.example.db
-echo "@ IN NS invalid." >> ns3/dom14.example.db
-echo "@ IN A 192.0.2.2" >> ns3/dom14.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns3/dom14.example.db
+echo "@ IN NS invalid." >>ns3/dom14.example.db
+echo "@ IN A 192.0.2.2" >>ns3/dom14.example.db
rndccmd 10.53.0.3 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is now served by primary ns3 ($n)"
ret=0
wait_for_soa @10.53.0.3 dom14.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom14.example. with rndc with ns1 as primary ($n)"
ret=0
rndccmd 10.53.0.2 addzone dom14.example. '{type secondary; primaries {10.53.0.1;};};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is served by secondary and that it's the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom14.example. to catalog2 zone with ns3 as primary ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update add 45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN PTR dom14.example.
update add masters.45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is served by secondary and that it's still the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Deleting domain dom14.example. from catalog2 ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update delete 45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN PTR dom14.example.
update delete masters.45e3d45ea5f7bd01c395ccbde6ae2e750a3ee8ab.zones.catalog2.example. 3600 IN A 10.53.0.3
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom14.example. is served by secondary and that it's still the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom14.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing changing label for a member zone"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom15.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom15.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom15.example. to primary ns1 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom15.example.db
-echo "@ IN NS invalid." >> ns1/dom15.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom15.example.db
+echo "@ IN NS invalid." >>ns1/dom15.example.db
rndccmd 10.53.0.1 addzone dom15.example. '{type primary; file "dom15.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom15.example. is now served by primary ns1 ($n)"
ret=0
wait_for_soa @10.53.0.1 dom15.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
echo_i "Adding domain dom15.example. to catalog1 zone with 'dom15label1' label ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add dom15label1.zones.catalog1.example. 3600 IN PTR dom15.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
sleep 3
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom15.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom15.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Changing label of domain dom15.example. from 'dom15label1' to 'dom15label2' ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete dom15label1.zones.catalog1.example. 3600 IN PTR dom15.example.
update add dom15label2.zones.catalog1.example. 3600 IN PTR dom15.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom15.example. is served by secondary ($n)"
ret=0
wait_for_soa @10.53.0.2 dom15.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "Testing recreation of a manually deleted zone after a reload"
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is not served by primary ($n)"
ret=0
wait_for_no_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a domain dom16.example. to primary ns1 via RNDC ($n)"
ret=0
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db
-echo "@ IN NS invalid." >> ns1/dom16.example.db
-echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom16.example.db
+echo "@ IN NS invalid." >>ns1/dom16.example.db
+echo "@ IN A 192.0.2.1" >>ns1/dom16.example.db
rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is now served by primary ns1 ($n)"
ret=0
wait_for_soa @10.53.0.1 dom16.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain dom16.example. to catalog1 zone with ns1 as primary ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example.
update add masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
@@ -1784,14 +1777,14 @@
ret=0
rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is no longer served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
@@ -1799,52 +1792,52 @@
ret=0
rndccmd 10.53.0.2 reload >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is served by secondary and that it's the one from ns1 ($n)"
ret=0
wait_for_a @10.53.0.2 dom16.example. dig.out.test$n || ret=1
-grep "192.0.2.1" dig.out.test$n > /dev/null || ret=1
+grep "192.0.2.1" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Deleting domain dom16.example. from catalog1 ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN PTR dom16.example.
update delete masters.efe725d0cf430ffb113b9bcf59266f066a21216b.zones.catalog1.example. 3600 IN A 10.53.0.1
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
+wait_for_message ns2/named.run "catz: update_from_db: new zone merged" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that dom16.example. is no longer served by secondary ($n)"
ret=0
wait_for_no_soa @10.53.0.2 dom16.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "checking that reconfig can delete and restore catalog zone configuration ($n)"
ret=0
copy_setports ns2/named2.conf.in ns2/named.conf
@@ -1852,30 +1845,30 @@
copy_setports ns2/named1.conf.in ns2/named.conf
rndccmd 10.53.0.2 reconfig || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
#########################################################################
nextpart ns2/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding a dom19.example. to primary via RNDC ($n)"
ret=0
# enough initial content for IXFR response when TXT record is added below
-echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom19.example.db
-echo "@ 3600 IN NS invalid." >> ns1/dom19.example.db
-echo "foo 3600 IN TXT some content here" >> ns1/dom19.example.db
-echo "bar 3600 IN TXT some content here" >> ns1/dom19.example.db
-echo "xxx 3600 IN TXT some content here" >> ns1/dom19.example.db
-echo "yyy 3600 IN TXT some content here" >> ns1/dom19.example.db
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/dom19.example.db
+echo "@ 3600 IN NS invalid." >>ns1/dom19.example.db
+echo "foo 3600 IN TXT some content here" >>ns1/dom19.example.db
+echo "bar 3600 IN TXT some content here" >>ns1/dom19.example.db
+echo "xxx 3600 IN TXT some content here" >>ns1/dom19.example.db
+echo "yyy 3600 IN TXT some content here" >>ns1/dom19.example.db
rndccmd 10.53.0.1 addzone dom19.example. '{ type primary; file "dom19.example.db"; allow-transfer { key tsig_key; }; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "add an entry to the restored catalog zone ($n)"
ret=0
-$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <>nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 09da0a318e5333a9a7f6c14c385d69f6933e8b72.zones.catalog1.example. 3600 IN PTR dom19.example.
update add label1.masters.09da0a318e5333a9a7f6c14c385d69f6933e8b72.zones.catalog1.example. 3600 IN A 10.53.0.1
@@ -1883,32 +1876,32 @@
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
-wait_for_message ns2/named.run "catz: adding zone 'dom19.example' from catalog 'catalog1.example'" &&
-wait_for_message ns2/named.run "transfer of 'dom19.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+wait_for_message ns2/named.run "catz: adding zone 'dom19.example' from catalog 'catalog1.example'" \
+ && wait_for_message ns2/named.run "transfer of 'dom19.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
# GL #3777
nextpart ns4/named.run >/dev/null
-n=$((n+1))
+n=$((n + 1))
echo_i "Adding domain self.example. to catalog-self zone without updating the serial ($n)"
ret=0
-echo "self.zones.catalog-self.example. 3600 IN PTR self.example." >> ns4/catalog-self.example.db
+echo "self.zones.catalog-self.example. 3600 IN PTR self.example." >>ns4/catalog-self.example.db
rndccmd 10.53.0.4 reload || ret=1
-n=$((n+1))
+n=$((n + 1))
echo_i "Issuing another rndc reload command after 1 second ($n)"
sleep 1
rndccmd 10.53.0.4 reload || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
##########################################################################
echo_i "exit status: $status"
diff -Nru bind9-9.16.44/bin/tests/system/cds/setup.sh bind9-9.16.48/bin/tests/system/cds/setup.sh
--- bind9-9.16.44/bin/tests/system/cds/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cds/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -40,20 +40,20 @@
EOF
tac() {
- $PERL -e 'print reverse <>'
+ $PERL -e 'print reverse <>'
}
convert() {
- key=$1
- n=$2
- $DSFROMKEY -12 $key >DS.$n
- grep " ${DEFAULT_ALGORITHM_NUMBER} 1 " DS.$n >DS.$n-1
- grep " ${DEFAULT_ALGORITHM_NUMBER} 2 " DS.$n >DS.$n-2
- sed 's/ IN DS / IN CDS /' >CDS.$n
- sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n
- sed 's/ IN DS / 3600 IN DS /' DS.ttl$n
- sed 's/ IN DS / 7200 IN DS /' DS.ttlong$n
- tac DS.rev$n
+ key=$1
+ n=$2
+ $DSFROMKEY -12 $key >DS.$n
+ grep " ${DEFAULT_ALGORITHM_NUMBER} 1 " DS.$n >DS.$n-1
+ grep " ${DEFAULT_ALGORITHM_NUMBER} 2 " DS.$n >DS.$n-2
+ sed 's/ IN DS / IN CDS /' >CDS.$n
+ sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n
+ sed 's/ IN DS / 3600 IN DS /' DS.ttl$n
+ sed 's/ IN DS / 7200 IN DS /' DS.ttlong$n
+ tac DS.rev$n
}
convert $key1 1
convert $key2 2
@@ -85,9 +85,9 @@
sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' UP.swapttl
sign() {
- cat >db.$1
- $SIGNER >/dev/null \
- -S -O full -o $Z -f sig.$1 db.$1
+ cat >db.$1
+ $SIGNER >/dev/null \
+ -S -O full -o $Z -f sig.$1 db.$1
}
sign null <brk.rrsig.cds.zsk
+ brk.rrsig.cds.zsk
$mangle '\s+IN\s+RRSIG\s+CDS .* '$id1' '$Z'\. ' \
- brk.rrsig.cds.ksk
+ brk.rrsig.cds.ksk
-$mangle " IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " out.$n 2> err.$n
- echo $?
+ "$@" 1>out.$n 2>err.$n
+ echo $?
}
testcase() {
- n=$((n + 1))
- echo_i "$name ($n)"
- expect=$1
- shift
- result=$(runcmd "$@")
- check_stdout
- check_stderr
- if [ "$expect" -ne "$result" ]; then
- echo_d "exit status does not match $expect"
- fail
- fi
- unset name err out
+ n=$((n + 1))
+ echo_i "$name ($n)"
+ expect=$1
+ shift
+ result=$(runcmd "$@")
+ check_stdout
+ check_stderr
+ if [ "$expect" -ne "$result" ]; then
+ echo_d "exit status does not match $expect"
+ fail
+ fi
+ unset name err out
}
check_stderr() {
- if [ -n "${err:=}" ]; then
- grep -E "$err" err.$n >/dev/null && return 0
- echo_d "stderr did not match '$err'"
- else
- [ -s err.$n ] || return 0
- fi
- cat err.$n | cat_d
- fail
+ if [ -n "${err:=}" ]; then
+ grep -E "$err" err.$n >/dev/null && return 0
+ echo_d "stderr did not match '$err'"
+ else
+ [ -s err.$n ] || return 0
+ fi
+ cat err.$n | cat_d
+ fail
}
check_stdout() {
- $DIFF out.$n "${out:-empty}" >/dev/null && return
- echo_d "stdout did not match '$out'"
- ( echo "wanted"
- cat "$out"
- echo "got"
- cat out.$n
- ) | cat_d
- fail
+ $DIFF out.$n "${out:-empty}" >/dev/null && return
+ echo_d "stdout did not match '$out'"
+ (
+ echo "wanted"
+ cat "$out"
+ echo "got"
+ cat out.$n
+ ) | cat_d
+ fail
}
Z=cds.test
diff -Nru bind9-9.16.44/bin/tests/system/chain/ans3/ans.pl bind9-9.16.48/bin/tests/system/chain/ans3/ans.pl
--- bind9-9.16.44/bin/tests/system/chain/ans3/ans.pl 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/chain/ans3/ans.pl 2024-02-11 11:31:39.000000000 +0000
@@ -22,9 +22,14 @@
print $pidf "$$\n" or die "cannot write pid file: $!";
$pidf->close or die "cannot close pid file: $!";
sub rmpid { unlink "ans.pid"; exit 1; };
+sub term { };
$SIG{INT} = \&rmpid;
-$SIG{TERM} = \&rmpid;
+if ($Net::DNS::VERSION > 1.41) {
+ $SIG{TERM} = \&term;
+} else {
+ $SIG{TERM} = \&rmpid;
+}
my $localaddr = "10.53.0.3";
@@ -128,4 +133,11 @@
Verbose => $verbose,
);
-$ns->main_loop;
+if ($Net::DNS::VERSION >= 1.42) {
+ $ns->start_server();
+ select(undef, undef, undef, undef);
+ $ns->stop_server();
+ unlink "ans.pid";
+} else {
+ $ns->main_loop;
+}
diff -Nru bind9-9.16.44/bin/tests/system/chain/ns2/sign.sh bind9-9.16.48/bin/tests/system/chain/ns2/sign.sh
--- bind9-9.16.44/bin/tests/system/chain/ns2/sign.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/chain/ns2/sign.sh 2024-02-11 11:31:39.000000000 +0000
@@ -20,7 +20,7 @@
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
-$SIGNER -S -o $zone -f $signedfile $zonefile > /dev/null
+$SIGNER -S -o $zone -f $signedfile $zonefile >/dev/null
zone=wildcard-secure.example.
zonefile=wildcard-secure.db
@@ -28,7 +28,7 @@
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
-$SIGNER -S -o $zone -f $signedfile $zonefile > /dev/null
+$SIGNER -S -o $zone -f $signedfile $zonefile >/dev/null
zone=wildcard-nsec.example.
zonefile=wildcard.db
@@ -36,7 +36,7 @@
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
-$SIGNER -S -o $zone -f $signedfile $zonefile > /dev/null
+$SIGNER -S -o $zone -f $signedfile $zonefile >/dev/null
zone=wildcard-nsec3.example.
zonefile=wildcard.db
@@ -44,7 +44,7 @@
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
-$SIGNER -S -3 - -H 0 -o $zone -f $signedfile $zonefile > /dev/null
+$SIGNER -S -3 - -H 0 -o $zone -f $signedfile $zonefile >/dev/null
zone=wildcard-nsec3-optout.example.
zonefile=wildcard.db
@@ -52,4 +52,4 @@
ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -fk $zone)
zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
-$SIGNER -S -3 - -H 0 -A -o $zone -f $signedfile $zonefile > /dev/null
+$SIGNER -S -3 - -H 0 -A -o $zone -f $signedfile $zonefile >/dev/null
diff -Nru bind9-9.16.44/bin/tests/system/chain/prereq.sh bind9-9.16.48/bin/tests/system/chain/prereq.sh
--- bind9-9.16.44/bin/tests/system/chain/prereq.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/chain/prereq.sh 2024-02-11 11:31:39.000000000 +0000
@@ -14,37 +14,32 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
-if test -n "$PYTHON"
-then
- if $PYTHON -c "import dns" 2> /dev/null
- then
- :
- else
- echo_i "This test requires the dnspython module." >&2
- exit 1
- fi
-else
- echo_i "This test requires Python and the dnspython module." >&2
+if test -n "$PYTHON"; then
+ if $PYTHON -c "import dns" 2>/dev/null; then
+ :
+ else
+ echo_i "This test requires the dnspython module." >&2
exit 1
+ fi
+else
+ echo_i "This test requires Python and the dnspython module." >&2
+ exit 1
fi
-if $PERL -e 'use Net::DNS;' 2>/dev/null
-then
- if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.74);' 2>/dev/null
- then
- :
- else
- echo_i "Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2
- exit 1
- fi
-else
- echo_i "This test requires the perl Net::DNS library." >&2
+if $PERL -e 'use Net::DNS;' 2>/dev/null; then
+ if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.74);' 2>/dev/null; then
+ :
+ else
+ echo_i "Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2
exit 1
+ fi
+else
+ echo_i "This test requires the perl Net::DNS library." >&2
+ exit 1
fi
-if $PERL -e 'use Net::DNS::Nameserver;' 2>/dev/null
-then
- :
+if $PERL -e 'use Net::DNS::Nameserver;' 2>/dev/null; then
+ :
else
- echo_i "This test requires the Net::DNS::Nameserver library." >&2
- exit 1
+ echo_i "This test requires the Net::DNS::Nameserver library." >&2
+ exit 1
fi
diff -Nru bind9-9.16.44/bin/tests/system/chain/tests.sh bind9-9.16.48/bin/tests/system/chain/tests.sh
--- bind9-9.16.44/bin/tests/system/chain/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/chain/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -20,126 +20,126 @@
status=0
n=0
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking short DNAME from authoritative ($n)"
ret=0
-$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1
-grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1
+$DIG $DIGOPTS a.short-dname.example @10.53.0.2 a >dig.out.ns2.short || ret=1
+grep "status: NOERROR" dig.out.ns2.short >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking short DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1
-grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1
+$DIG $DIGOPTS a.short-dname.example @10.53.0.7 a >dig.out.ns4.short || ret=1
+grep "status: NOERROR" dig.out.ns4.short >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking long DNAME from authoritative ($n)"
ret=0
-$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1
-grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1
+$DIG $DIGOPTS a.long-dname.example @10.53.0.2 a >dig.out.ns2.long || ret=1
+grep "status: NOERROR" dig.out.ns2.long >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking long DNAME from recursive ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1
-grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1
+$DIG $DIGOPTS a.long-dname.example @10.53.0.7 a >dig.out.ns4.long || ret=1
+grep "status: NOERROR" dig.out.ns4.long >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking (too) long DNAME from authoritative ($n)"
ret=0
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1
+$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a >dig.out.ns2.toolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns2.toolong >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a > dig.out.ns4.cachedtoolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1
-grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1
+$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.7 a >dig.out.ns4.cachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong >/dev/null || ret=1
+grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a > dig.out.ns4.uncachedtoolong || ret=1
-grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1
-grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1
+$DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglong.toolong-dname.example @10.53.0.7 a >dig.out.ns4.uncachedtoolong || ret=1
+grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong >/dev/null || ret=1
+grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
find_records() {
- owner_name="$1"
- rr_type="$2"
- file="$3"
- awk '$1 == "'"$owner_name"'" && $4 == "'"$rr_type"'" { print }' < "$file"
+ owner_name="$1"
+ rr_type="$2"
+ file="$3"
+ awk '$1 == "'"$owner_name"'" && $4 == "'"$rr_type"'" { print }' <"$file"
}
count_records() {
- owner_name="$1"
- rr_type="$2"
- file="$3"
- find_records "$owner_name" "$rr_type" "$file" | wc -l
+ owner_name="$1"
+ rr_type="$2"
+ file="$3"
+ find_records "$owner_name" "$rr_type" "$file" | wc -l
}
exactly_one_record_exists_for() {
- owner_name="$1"
- rr_type="$2"
- file="$3"
- test "$(count_records "$owner_name" "$rr_type" "$file")" -eq 1
+ owner_name="$1"
+ rr_type="$2"
+ file="$3"
+ test "$(count_records "$owner_name" "$rr_type" "$file")" -eq 1
}
no_records_exist_for() {
- owner_name="$1"
- rr_type="$2"
- file="$3"
- test "$(count_records "$owner_name" "$rr_type" "$file")" -eq 0
+ owner_name="$1"
+ rr_type="$2"
+ file="$3"
+ test "$(count_records "$owner_name" "$rr_type" "$file")" -eq 0
}
ensure_no_ds_in_bitmap() {
- owner_name="$1"
- rr_type="$2"
- file="$3"
- case "$rr_type" in
- NSEC) start_index=6 ;;
- NSEC3) start_index=10 ;;
- *) exit 1 ;;
- esac
- find_records "$owner_name" "$rr_type" "$file" | awk '{ for (i='"$start_index"'; i<=NF; i++) if ($i == "DS") exit 1 }'
+ owner_name="$1"
+ rr_type="$2"
+ file="$3"
+ case "$rr_type" in
+ NSEC) start_index=6 ;;
+ NSEC3) start_index=10 ;;
+ *) exit 1 ;;
+ esac
+ find_records "$owner_name" "$rr_type" "$file" | awk '{ for (i='"$start_index"'; i<=NF; i++) if ($i == "DS") exit 1 }'
}
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking secure delegation prepared using CNAME chaining ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
# DS RRset.
-$DIG $DIGOPTS @10.53.0.2 cname.wildcard-secure.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 cname.wildcard-secure.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains the expected NS and DS RRsets.
exactly_one_record_exists_for "delegation.wildcard-secure.example." NS dig.out.2.$n || ret=1
exactly_one_record_exists_for "delegation.wildcard-secure.example." DS dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking secure delegation prepared using wildcard expansion + CNAME chaining ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset, an
# NSEC record proving nonexistence of QNAME, and a DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-secure.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-secure.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains the expected NS and DS RRsets.
exactly_one_record_exists_for "delegation.wildcard-secure.example." NS dig.out.2.$n || ret=1
exactly_one_record_exists_for "delegation.wildcard-secure.example." DS dig.out.2.$n || ret=1
@@ -149,14 +149,14 @@
no_records_exist_for "cname.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
no_records_exist_for "delegation.wildcard-secure.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
# single NSEC record proving nonexistence of a DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec.example." NS dig.out.2.$n || ret=1
@@ -170,15 +170,15 @@
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, these two NSEC records are different.
-$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-nsec.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-nsec.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec.example." NS dig.out.2.$n || ret=1
@@ -192,16 +192,16 @@
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, the same NSEC record proves nonexistence of both the
# QNAME and the DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec.example." NS dig.out.2.$n || ret=1
@@ -215,7 +215,7 @@
# type bit map.
ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Relevant NSEC3 hashes:
#
@@ -237,12 +237,12 @@
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3.example.
# SG2DEHEAOGCKP7FTNQAUVC3I3TIPJH0J (salt=-, hash=1, iterations=0)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
# single NSEC3 record proving nonexistence of a DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec3.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec3.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3.example." NS dig.out.2.$n || ret=1
@@ -256,15 +256,15 @@
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC3 records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, these two NSEC3 records are different.
-$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec3.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec3.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3.example." NS dig.out.2.$n || ret=1
@@ -278,16 +278,16 @@
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC3 records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, the same NSEC3 record proves nonexistence of both the
# QNAME and the DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-nsec3.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 a-nonexistent-name.wildcard-nsec3.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3.example." NS dig.out.2.$n || ret=1
@@ -301,7 +301,7 @@
# the type bit map.
ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Relevant NSEC3 hashes:
#
@@ -326,12 +326,12 @@
# $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3-optout.example.
# V7OTS4791T9SU0HKVL93EVNAJ9JH2CH3 (salt=-, hash=1, iterations=0)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 with opt-out ($n)"
ret=0
# QNAME exists, so the AUTHORITY section should only contain an NS RRset and a
# single NSEC3 record proving nonexistence of a DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec3-optout.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 cname.wildcard-nsec3-optout.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3-optout.example." NS dig.out.2.$n || ret=1
@@ -344,15 +344,15 @@
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #1 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC3 records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, these two NSEC3 records are different.
-$DIG $DIGOPTS @10.53.0.2 b-nonexistent-name.wildcard-nsec3-optout.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 b-nonexistent-name.wildcard-nsec3-optout.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3-optout.example." NS dig.out.2.$n || ret=1
@@ -365,16 +365,16 @@
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #2 ($n)"
ret=0
# QNAME does not exist, so the AUTHORITY section should contain an NS RRset and
# NSEC3 records proving nonexistence of both QNAME and a DS RRset at the zone
# cut. In this test case, the same NSEC3 record proves nonexistence of both the
# QNAME and the DS RRset at the zone cut.
-$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec3-optout.example A +norec +dnssec > dig.out.2.$n 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 z-nonexistent-name.wildcard-nsec3-optout.example A +norec +dnssec >dig.out.2.$n 2>&1 || ret=1
# Ensure that the AUTHORITY section contains an NS RRset without an associated
# DS RRset.
exactly_one_record_exists_for "delegation.wildcard-nsec3-optout.example." NS dig.out.2.$n || ret=1
@@ -387,239 +387,239 @@
# the type bit map.
ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to DNAME from authoritative ($n)"
ret=0
-$DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname
-grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1
+$DIG $DIGOPTS cname.example @10.53.0.2 a >dig.out.ns2.cname
+grep "status: NOERROR" dig.out.ns2.cname >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to DNAME from recursive"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS cname.example @10.53.0.7 a > dig.out.ns4.cname
-grep "status: NOERROR" dig.out.ns4.cname > /dev/null || ret=1
-grep '^cname.example.' dig.out.ns4.cname > /dev/null || ret=1
-grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
-grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1
-grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1
+$DIG $DIGOPTS cname.example @10.53.0.7 a >dig.out.ns4.cname
+grep "status: NOERROR" dig.out.ns4.cname >/dev/null || ret=1
+grep '^cname.example.' dig.out.ns4.cname >/dev/null || ret=1
+grep '^cnamedname.example.' dig.out.ns4.cname >/dev/null || ret=1
+grep '^a.cnamedname.example.' dig.out.ns4.cname >/dev/null || ret=1
+grep '^a.target.example.' dig.out.ns4.cname >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 name.synth-then-dname.example.broken A > dig.out.test$n
-grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
-grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
-grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 name.synth-then-dname.example.broken A >dig.out.test$n
+grep "status: NXDOMAIN" dig.out.test$n >/dev/null || ret=1
+grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n >/dev/null || ret=1
+grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 cname-to-synth2-then-dname.example.broken A > dig.out.test$n
-grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
-grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-dname\.example\.broken.$' dig.out.test$n > /dev/null || ret=1
-grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1
-grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 cname-to-synth2-then-dname.example.broken A >dig.out.test$n
+grep "status: NXDOMAIN" dig.out.test$n >/dev/null || ret=1
+grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-dname\.example\.broken.$' dig.out.test$n >/dev/null || ret=1
+grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n >/dev/null || ret=1
+grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME loops are detected ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
-grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 loop.example >dig.out.test$n
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
+grep "ANSWER: 17" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to external delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
-grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 a.example >dig.out.test$n
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
+grep "ANSWER: 2" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to internal delegated zones is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
-grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 b.example >dig.out.test$n
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
+grep "ANSWER: 2" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to signed external delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n
-grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 c.example >dig.out.$n
+grep "status: NOERROR" dig.out.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME to signed internal delegation is handled ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n
-grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.7 d.example >dig.out.$n
+grep "status: NOERROR" dig.out.$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking CNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
-grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.1.$n 2>&1
+grep 'status: NOERROR' dig.out.1.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.1.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|1,1,2,2,3,4,s4,s3,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
-grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.2.$n 2>&1
+grep 'status: NOERROR' dig.out.2.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.2.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|2,1,3,4,s3,s1,s2,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
-grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.3.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.3.$n 2>&1
+grep 'status: NOERROR' dig.out.3.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.3.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 4 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.4.$n 2>&1
-grep 'status: NOERROR' dig.out.4.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.4.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.4.$n 2>&1
+grep 'status: NOERROR' dig.out.4.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.4.$n >/dev/null 2>&1 || ret=1
echo "cname,cname,cname|4,3,2,1,s4,s3,s2,s1" | $SEND
$RNDCCMD 10.53.0.7 null --- start test$n - step 5 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.5.$n 2>&1
-grep 'status: NOERROR' dig.out.5.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.5.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.5.$n 2>&1
+grep 'status: NOERROR' dig.out.5.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.5.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 6 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|4,3,3,3,s1,s1,1,3,4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1
-grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.6.$n 2>&1
+grep 'status: NOERROR' dig.out.6.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.6.$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that only the initial CNAME is cached ($n)"
ret=0
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "cname,cname,cname|1,2,3,4,s1,s2,s3,s4" | $SEND
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.1.$n 2>&1
sleep 1
-$DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1
-ttl=`awk '{print $2}' dig.out.2.$n`
+$DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil >dig.out.2.$n 2>&1
+ttl=$(awk '{print $2}' dig.out.2.$n)
[ "$ttl" -eq 86400 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
-grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 3' dig.out.1.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.1.$n 2>&1
+grep 'status: NOERROR' dig.out.1.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 3' dig.out.1.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "dname,dname|5,4,3,2,1,s5,s4,s3,s2,s1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
-grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 3' dig.out.2.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.2.$n 2>&1
+grep 'status: NOERROR' dig.out.2.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 3' dig.out.2.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "dname,dname|2,3,s1,s2,s3,s4,1" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
-grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.3.$n 2>&1
+grep 'status: NOERROR' dig.out.3.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 3' dig.out.3.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking external CNAME/DNAME chains in various orders ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i
echo "xname,dname|1,2,3,4,s1,s2,s3,s4" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1
-grep 'status: NOERROR' dig.out.1.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.1.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.1.$n 2>&1
+grep 'status: NOERROR' dig.out.1.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.1.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 2 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "xname,dname|s2,2,s1,1,4,s4,3" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.2.$n 2>&1
-grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
-grep 'ANSWER: 2' dig.out.2.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.2.$n 2>&1
+grep 'status: NOERROR' dig.out.2.$n >/dev/null 2>&1 || ret=1
+grep 'ANSWER: 2' dig.out.2.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 null --- start test$n - step 3 --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
echo "xname,dname|s2,2,2,2" | $SEND
-$DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1
-grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 test.domain.nil >dig.out.3.$n 2>&1
+grep 'status: SERVFAIL' dig.out.3.$n >/dev/null 2>&1 || ret=1
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking explicit DNAME query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1
-grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 dname short-dname.example >dig.out.7.$n 2>&1
+grep 'status: NOERROR' dig.out.7.$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME via ANY query ($n)"
ret=0
$RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i
$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i
-$DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1
-grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 any short-dname.example >dig.out.7.$n 2>&1
+grep 'status: NOERROR' dig.out.7.$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Regression test for CVE-2021-25215 (authoritative server).
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME resolution via itself (authoritative) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1
-grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. >dig.out.2.$n 2>&1
+grep 'status: NOERROR' dig.out.2.$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# Regression test for CVE-2021-25215 (recursive resolver).
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking DNAME resolution via itself (recursive) ($n)"
ret=0
-$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1
-grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. >dig.out.7.$n 2>&1
+grep 'status: NOERROR' dig.out.7.$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/checkconf/tests.sh bind9-9.16.48/bin/tests/system/checkconf/tests.sh
--- bind9-9.16.44/bin/tests/system/checkconf/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkconf/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -19,623 +19,747 @@
mkdir keys
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf handles a known good config ($n)"
ret=0
-$CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1
+$CHECKCONF good.conf >checkconf.out$n 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf prints a known good config ($n)"
ret=0
-awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
+awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf >good.conf.in
[ -s good.conf.in ] || ret=1
-$CHECKCONF -p good.conf.in > checkconf.out$n || ret=1
-grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
+$CHECKCONF -p good.conf.in >checkconf.out$n || ret=1
+grep -v '^good.conf.in:' good.conf.out 2>&1 || ret=1
cmp good.conf.in good.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -x removes secrets ($n)"
ret=0
# ensure there is a secret and that it is not the check string.
-grep 'secret "' good.conf.in > /dev/null || ret=1
-grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
-$CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1
-grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
-grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-for bad in bad-*.conf
-do
- n=`expr $n + 1`
- echo_i "checking that named-checkconf detects error in $bad ($n)"
- ret=0
- $CHECKCONF $bad > checkconf.out$n 2>&1
- if [ $? -ne 1 ]; then ret=1; fi
- grep "^$bad:[0-9]*: " < checkconf.out$n > /dev/null || ret=1
- case $bad in
+grep 'secret "' good.conf.in >/dev/null || ret=1
+grep 'secret "????????????????"' good.conf.in >/dev/null 2>&1 && ret=1
+$CHECKCONF -p -x good.conf.in >checkconf.out$n || ret=1
+grep -v '^good.conf.in:' good.conf.out 2>&1 || ret=1
+grep 'secret "????????????????"' good.conf.out >/dev/null 2>&1 || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$(expr $status + $ret)
+
+for bad in bad-*.conf; do
+ n=$(expr $n + 1)
+ echo_i "checking that named-checkconf detects error in $bad ($n)"
+ ret=0
+ $CHECKCONF $bad >checkconf.out$n 2>&1
+ if [ $? -ne 1 ]; then ret=1; fi
+ grep "^$bad:[0-9]*: " /dev/null || ret=1
+ case $bad in
bad-update-policy[123].conf)
- pat="identity and name fields are not the same"
- grep "$pat" < checkconf.out$n > /dev/null || ret=1
- ;;
- bad-update-policy[4589].conf|bad-update-policy1[01].conf)
- pat="name field not set to placeholder value"
- grep "$pat" < checkconf.out$n > /dev/null || ret=1
- ;;
- bad-update-policy[67].conf|bad-update-policy1[2345].conf)
- pat="missing name field type '.*' found"
- grep "$pat" < checkconf.out$n > /dev/null || ret=1
- ;;
- esac
- if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ pat="identity and name fields are not the same"
+ grep "$pat" /dev/null || ret=1
+ ;;
+ bad-update-policy[4589].conf | bad-update-policy1[01].conf)
+ pat="name field not set to placeholder value"
+ grep "$pat" /dev/null || ret=1
+ ;;
+ bad-update-policy[67].conf | bad-update-policy1[2345].conf)
+ pat="missing name field type '.*' found"
+ grep "$pat" /dev/null || ret=1
+ ;;
+ esac
+ if [ $ret -ne 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
done
-for good in good-*.conf
-do
- n=`expr $n + 1`
- echo_i "checking that named-checkconf detects no error in $good ($n)"
- ret=0
- $CHECKCONF $good > checkconf.out$n 2>&1
- if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi
- status=`expr $status + $ret`
+for good in good-*.conf; do
+ n=$(expr $n + 1)
+ echo_i "checking that named-checkconf detects no error in $good ($n)"
+ ret=0
+ $CHECKCONF $good >checkconf.out$n 2>&1
+ if [ $? -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+ fi
+ status=$(expr $status + $ret)
done
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that ancient options report a fatal error ($n)"
ret=0
-$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1
-grep "no longer exists" ancient.out > /dev/null || ret=1
+$CHECKCONF ancient.conf >ancient.out 2>&1 && ret=1
+grep "no longer exists" ancient.out >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z catches missing hint file ($n)"
ret=0
-$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
-grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
+$CHECKCONF -z hint-nofile.conf >hint-nofile.out 2>&1 && ret=1
+grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf catches range errors ($n)"
ret=0
-$CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1
+$CHECKCONF range.conf >checkconf.out$n 2>&1 && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf warns of notify inconsistencies ($n)"
ret=0
-$CHECKCONF notify.conf > checkconf.out$n 2>&1
-warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l`
+$CHECKCONF notify.conf >checkconf.out$n 2>&1
+warnings=$(grep "'notify' is disabled" checkconf.out$n.1 2>&1
-grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1
+$CHECKCONF dnssec.1 >checkconf.out$n.1 2>&1
+grep "'dnssec-enable' is obsolete and should be removed" /dev/null || ret=1
# dnssec.2: auto-dnssec warning
-$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1
-grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1
+$CHECKCONF dnssec.2 >checkconf.out$n.2 2>&1
+grep 'auto-dnssec may only be ' /dev/null || ret=1
# dnssec.3: should have no warnings (other than deprecation warning)
-$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1
-grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.3 > /dev/null || ret=1
-lines=$(wc -l < "checkconf.out$n.3")
+$CHECKCONF dnssec.3 >checkconf.out$n.3 2>&1
+grep "option 'auto-dnssec' is deprecated" /dev/null || ret=1
+lines=$(wc -l <"checkconf.out$n.3")
if [ $lines != 1 ]; then ret=1; fi
# dnssec.4: should have specific deprecation warning
-$CHECKCONF dnssec.4 > checkconf.out$n.4 2>&1
-grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.4 > /dev/null || ret=1
+$CHECKCONF dnssec.4 >checkconf.out$n.4 2>&1
+grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf deprecate warnings ($n)"
ret=0
-$CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1
-grep "option 'managed-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
-grep "option 'trusted-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
-grep "option 'dscp' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
-grep "token 'dscp' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
+$CHECKCONF deprecated.conf >checkconf.out$n.1 2>&1
+grep "option 'managed-keys' is deprecated" /dev/null || ret=1
+grep "option 'trusted-keys' is deprecated" /dev/null || ret=1
+grep "option 'dscp' is deprecated" /dev/null || ret=1
+grep "token 'dscp' is deprecated" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
# set -i to ignore deprecate warnings
-$CHECKCONF -i deprecated.conf > checkconf.out$n.2 2>&1
-grep '.*' < checkconf.out$n.2 > /dev/null && ret=1
+$CHECKCONF -i deprecated.conf >checkconf.out$n.2 2>&1
+grep '.*' /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf servestale warnings ($n)"
ret=0
-$CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1
-grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1
+$CHECKCONF servestale.stale-refresh-time.0.conf >checkconf.out$n.1 2>&1
+grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
ret=0
-$CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1
-grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1
+$CHECKCONF servestale.stale-refresh-time.29.conf >checkconf.out$n.1 2>&1
+grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "range checking fields that do not allow zero ($n)"
ret=0
for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
- cat > badzero.conf << EOF
+ cat >badzero.conf < checkconf.out$n.1 2>&1
- [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; }
- cat > badzero.conf << EOF
+ $CHECKCONF badzero.conf >checkconf.out$n.1 2>&1
+ [ $? -eq 1 ] || {
+ echo_i "options $field failed"
+ ret=1
+ }
+ cat >badzero.conf < checkconf.out$n.2 2>&1
- [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; }
- cat > badzero.conf << EOF
+ $CHECKCONF badzero.conf >checkconf.out$n.2 2>&1
+ [ $? -eq 1 ] || {
+ echo_i "view $field failed"
+ ret=1
+ }
+ cat >badzero.conf < checkconf.out$n.3 2>&1
- [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; }
- cat > badzero.conf << EOF
+ $CHECKCONF badzero.conf >checkconf.out$n.3 2>&1
+ [ $? -eq 1 ] || {
+ echo_i "options + view $field failed"
+ ret=1
+ }
+ cat >badzero.conf < checkconf.out$n.4 2>&1
- [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; }
+ $CHECKCONF badzero.conf >checkconf.out$n.4 2>&1
+ [ $? -eq 1 ] || {
+ echo_i "zone $field failed"
+ ret=1
+ }
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking options allowed in inline-signing secondaries ($n)"
ret=0
-$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1
-l=`grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l`
+$CHECKCONF bad-dnssec.conf >checkconf.out$n.1 2>&1
+l=$(grep "dnssec-dnskey-kskonly.*requires inline" checkconf.out$n.2 2>&1
-l=`grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l`
+$CHECKCONF bad-dnssec.conf >checkconf.out$n.2 2>&1
+l=$(grep "dnssec-loadkeys-interval.*requires inline" checkconf.out$n.3 2>&1
-l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l`
+$CHECKCONF bad-dnssec.conf >checkconf.out$n.3 2>&1
+l=$(grep "update-check-ksk.*requires inline" checkconf.out$n.1 2>&1
-l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l`
+$CHECKCONF inline-no.conf >checkconf.out$n.1 2>&1
+l=$(grep "missing 'file' entry" checkconf.out$n.2 2>&1
-l=`grep "missing 'file' entry" < checkconf.out$n.2 | wc -l`
+$CHECKCONF inline-good.conf >checkconf.out$n.2 2>&1
+l=$(grep "missing 'file' entry" checkconf.out$n.3 2>&1
-l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l`
+$CHECKCONF inline-bad.conf >checkconf.out$n.3 2>&1
+l=$(grep "missing 'file' entry" checkconf.out$n 2>&1
-grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1
+$CHECKCONF dlz-bad.conf >checkconf.out$n 2>&1
+grep "'dlz' and 'database'" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking for missing key directory warning ($n)"
ret=0
rm -rf test.keydir
-$CHECKCONF warn-keydir.conf > checkconf.out$n.1 2>&1
-l=`grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l`
+$CHECKCONF warn-keydir.conf >checkconf.out$n.1 2>&1
+l=$(grep "'test.keydir' does not exist" checkconf.out$n.2 2>&1
-l=`grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l`
+$CHECKCONF warn-keydir.conf >checkconf.out$n.2 2>&1
+l=$(grep "'test.keydir' is not a directory" checkconf.out$n.3 2>&1
-l=`grep "key-directory" < checkconf.out$n.3 | wc -l`
+$CHECKCONF warn-keydir.conf >checkconf.out$n.3 2>&1
+l=$(grep "key-directory" check.out 2>&1
-grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
-grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
-grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z max-ttl.conf >check.out 2>&1
+grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out >/dev/null 2>&1 || ret=1
+grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out >/dev/null 2>&1 || ret=1
+grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out >/dev/null 2>&1 || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)"
ret=0
-$CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z max-ttl-bad.conf >checkconf.out$n 2>&1 && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)"
ret=0
-$CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z altdb.conf >checkconf.out$n 2>&1 || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)"
ret=0
-$CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z altdlz.conf >checkconf.out$n 2>&1 || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z fails on view with ANY class ($n)"
ret=0
-$CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z view-class-any1.conf >checkconf.out$n 2>&1 && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)"
ret=0
-$CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z view-class-any2.conf >checkconf.out$n 2>&1 && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z passes on view with IN class ($n)"
ret=0
-$CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z view-class-in1.conf >checkconf.out$n 2>&1 || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)"
ret=0
-$CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z view-class-in2.conf >checkconf.out$n 2>&1 || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-names fails as configured ($n)"
ret=0
-$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-names-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "near '_underscore': bad name (check-names)" /dev/null || ret=1
+grep "zone check-names/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-mx fails as configured ($n)"
ret=0
-$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-mx-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "near '10.0.0.1': MX is an address" /dev/null || ret=1
+grep "zone check-mx/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-dup-records fails as configured ($n)"
ret=0
-$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-dup-records-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "has semantically identical records" /dev/null || ret=1
+grep "zone check-dup-records/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-mx fails as configured ($n)"
ret=0
-$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-mx-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "failed: MX is an address" /dev/null || ret=1
+grep "zone check-mx/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-mx-cname fails as configured ($n)"
ret=0
-$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-mx-cname-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "MX.* is a CNAME (illegal)" /dev/null || ret=1
+grep "zone check-mx-cname/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that check-srv-cname fails as configured ($n)"
ret=0
-$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
-grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1
-grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-srv-cname-fail.conf >checkconf.out$n 2>&1 && ret=1
+grep "SRV.* is a CNAME (illegal)" /dev/null || ret=1
+grep "zone check-mx-cname/IN: loaded serial" /dev/null && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that named-checkconf -p properly print a port range ($n)"
ret=0
-$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
-grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -p portrange-good.conf >checkconf.out$n 2>&1 || ret=1
+grep "range 8610 8614;" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that named-checkconf -z handles in-view ($n)"
ret=0
-$CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1
-grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z in-view-good.conf >checkconf.out$n 2>&1 || ret=1
+grep "zone shared.example/IN: loaded serial" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that named-checkconf -z returns error when a later view is okay ($n)"
ret=0
-$CHECKCONF -z check-missing-zone.conf > checkconf.out$n 2>&1 && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-missing-zone.conf >checkconf.out$n 2>&1 && ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that named-checkconf prints max-cache-size correctly ($n)"
ret=0
-$CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1
-grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -p max-cache-size-good.conf >checkconf.out$n 2>&1 || ret=1
+grep "max-cache-size 60%;" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that named-checkconf -l prints out the zone list ($n)"
ret=0
-$CHECKCONF -l good.conf |
-grep -v "is deprecated" |
-grep -v "is not implemented" |
-grep -v "is not recommended" |
-grep -v "no longer exists" |
-grep -v "is obsolete" > checkconf.out$n || ret=1
-diff good.zonelist checkconf.out$n > diff.out$n || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -l good.conf \
+ | grep -v "is deprecated" \
+ | grep -v "is not implemented" \
+ | grep -v "is not recommended" \
+ | grep -v "no longer exists" \
+ | grep -v "is obsolete" >checkconf.out$n || ret=1
+diff good.zonelist checkconf.out$n >diff.out$n || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)"
ret=0
-$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-dlv-auto.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
ret=0
-$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-dlv-dlv.isc.org.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)"
ret=0
-$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-dlv-dlv.example.com.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "option 'dnssec-lookaside' is obsolete and should be removed" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
ret=0
-$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF check-root-ksk-2010.conf >checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
-grep "key without the updated" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+grep "key without the updated" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not generate a warning ($n)"
ret=0
-$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF check-root-ksk-both.conf >checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)"
ret=0
-$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF check-root-ksk-2017.conf >checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] && ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that a static root key generates a warning ($n)"
ret=0
-$CHECKCONF check-root-static-key.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF check-root-static-key.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "static entry for the root zone WILL FAIL" checkconf.out$n >/dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that a static root DS trust anchor generates a warning ($n)"
ret=0
-$CHECKCONF check-root-static-ds.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF check-root-static-ds.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "static entry for the root zone WILL FAIL" checkconf.out$n >/dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that a trusted-keys entry for root generates a warning ($n)"
ret=0
-$CHECKCONF check-root-trusted-key.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF check-root-trusted-key.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n >/dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that using trust-anchors and managed-keys generates an error ($n)"
ret=0
-$CHECKCONF check-mixed-keys.conf > checkconf.out$n 2>/dev/null && ret=1
-grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF check-mixed-keys.conf >checkconf.out$n 2>/dev/null && ret=1
+grep "use of managed-keys is not allowed" checkconf.out$n >/dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that 'geoip-use-ecs no' generates a warning ($n)"
ret=0
-$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF warn-geoip-use-ecs.conf >checkconf.out$n 2>/dev/null || ret=1
[ -s checkconf.out$n ] || ret=1
-grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+grep "'geoip-use-ecs' is obsolete" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf kasp errors ($n)"
ret=0
-$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
-grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" < checkconf.out$n > /dev/null || ret=1
-grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "dnssec-secure-to-insecure: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
-grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
+$CHECKCONF kasp-and-other-dnssec-options.conf >checkconf.out$n 2>&1 && ret=1
+grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" /dev/null || ret=1
+grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "dnssec-secure-to-insecure: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
+grep "update-check-ksk: cannot be configured if dnssec-policy is also set" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf kasp nsec3 iterations errors ($n)"
ret=0
-$CHECKCONF kasp-bad-nsec3-iter.conf > checkconf.out$n 2>&1 && ret=1
-grep "dnssec-policy: nsec3 iterations value 151 out of range" < checkconf.out$n > /dev/null || ret=1
-lines=$(wc -l < "checkconf.out$n")
+$CHECKCONF kasp-bad-nsec3-iter.conf >checkconf.out$n 2>&1 && ret=1
+grep "dnssec-policy: nsec3 iterations value 151 out of range" /dev/null || ret=1
+lines=$(wc -l <"checkconf.out$n")
if [ $lines -ne 3 ]; then ret=1; fi
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf kasp nsec3 algorithm errors ($n)"
ret=0
-$CHECKCONF kasp-bad-nsec3-alg.conf > checkconf.out$n 2>&1 && ret=1
-grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" < checkconf.out$n > /dev/null || ret=1
+$CHECKCONF kasp-bad-nsec3-alg.conf >checkconf.out$n 2>&1 && ret=1
+grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf kasp key errors ($n)"
ret=0
-$CHECKCONF kasp-bad-keylen.conf > checkconf.out$n 2>&1 && ret=1
-grep "dnssec-policy: key with algorithm rsasha1 has invalid key length 511" < checkconf.out$n > /dev/null || ret=1
+$CHECKCONF kasp-bad-keylen.conf >checkconf.out$n 2>&1 && ret=1
+grep "dnssec-policy: key with algorithm rsasha1 has invalid key length 511" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking named-checkconf kasp predefined key length ($n)"
ret=0
-$CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1 || ret=1
-grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1
+$CHECKCONF kasp-ignore-keylen.conf >checkconf.out$n 2>&1 || ret=1
+grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that a good 'kasp' configuration is accepted ($n)"
ret=0
-$CHECKCONF good-kasp.conf > checkconf.out$n 2>/dev/null || ret=1
+$CHECKCONF good-kasp.conf >checkconf.out$n 2>/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking that named-checkconf prints a known good kasp config ($n)"
ret=0
-awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf > good-kasp.conf.in
+awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf >good-kasp.conf.in
[ -s good-kasp.conf.in ] || ret=1
-$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1
+$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' >good-kasp.conf.out 2>&1 || ret=1
cmp good-kasp.conf.in good-kasp.conf.out || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that max-ixfr-ratio 100% generates a warning ($n)"
ret=0
-$CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-maxratio1.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "exceeds 100%" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that *-source options with specified port generate warnings ($n)"
ret=0
-$CHECKCONF warn-transfer-source.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "not recommended" < checkconf.out$n > /dev/null || ret=1
-$CHECKCONF warn-notify-source.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "not recommended" < checkconf.out$n > /dev/null || ret=1
-$CHECKCONF warn-parental-source.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "not recommended" < checkconf.out$n > /dev/null || ret=1
-if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-transfer-source.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "not recommended" /dev/null || ret=1
+$CHECKCONF warn-notify-source.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "not recommended" /dev/null || ret=1
+$CHECKCONF warn-parental-source.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "not recommended" /dev/null || ret=1
+if [ $ret -ne 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that using both max-zone-ttl and dnssec-policy generates a warning ($n)"
ret=0
-$CHECKCONF warn-kasp-max-zone-ttl.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" < checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF warn-kasp-max-zone-ttl.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=$((n+1))
+n=$((n + 1))
echo_i "check that masterfile-format map generates deprecation warning ($n)"
ret=0
-$CHECKCONF deprecated-masterfile-format-map.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "is deprecated" < checkconf.out$n >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=$((status+ret))
+$CHECKCONF deprecated-masterfile-format-map.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "is deprecated" /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that masterfile-format text and raw don't generate deprecation warning ($n)"
ret=0
-$CHECKCONF good-masterfile-format-text.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "is deprecated" < checkconf.out$n >/dev/null && ret=1
-$CHECKCONF good-masterfile-format-raw.conf > checkconf.out$n 2>/dev/null || ret=1
-grep "is deprecated" < checkconf.out$n >/dev/null && ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=$((status+ret))
+$CHECKCONF good-masterfile-format-text.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "is deprecated" /dev/null && ret=1
+$CHECKCONF good-masterfile-format-raw.conf >checkconf.out$n 2>/dev/null || ret=1
+grep "is deprecated" /dev/null && ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
echo_i "check that 'check-wildcard no;' succeeds as configured ($n)"
ret=0
-$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1
-grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-wildcard-no.conf >checkconf.out$n 2>&1 || ret=1
+grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n >/dev/null && ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that 'check-wildcard yes;' warns as configured ($n)"
ret=0
-$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1
-grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
-status=`expr $status + $ret`
+$CHECKCONF -z check-wildcard.conf >checkconf.out$n 2>&1 || ret=1
+grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo_i "failed"
+ ret=1
+fi
+status=$(expr $status + $ret)
rmdir keys
diff -Nru bind9-9.16.44/bin/tests/system/checkds/ns2/setup.sh bind9-9.16.48/bin/tests/system/checkds/ns2/setup.sh
--- bind9-9.16.44/bin/tests/system/checkds/ns2/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkds/ns2/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -17,18 +17,17 @@
echo_i "ns2/setup.sh"
for subdomain in dspublished reference missing-dspublished bad-dspublished \
- multiple-dspublished incomplete-dspublished bad2-dspublished \
- dswithdrawn missing-dswithdrawn bad-dswithdrawn \
- multiple-dswithdrawn incomplete-dswithdrawn bad2-dswithdrawn
-do
- cp "../ns9/dsset-$subdomain.checkds$TP" .
+ multiple-dspublished incomplete-dspublished bad2-dspublished \
+ dswithdrawn missing-dswithdrawn bad-dswithdrawn \
+ multiple-dswithdrawn incomplete-dswithdrawn bad2-dswithdrawn; do
+ cp "../ns9/dsset-$subdomain.checkds$TP" .
done
zone="checkds"
infile="checkds.db.infile"
zonefile="checkds.db"
-CSK=$($KEYGEN -k default $zone 2> keygen.out.$zone)
-cat template.db.in "${CSK}.key" > "$infile"
-private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
-$SIGNER -S -g -z -x -s now-1h -e now+30d -o $zone -O full -f $zonefile $infile > signer.out.$zone 2>&1
+CSK=$($KEYGEN -k default $zone 2>keygen.out.$zone)
+cat template.db.in "${CSK}.key" >"$infile"
+private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
+$SIGNER -S -g -z -x -s now-1h -e now+30d -o $zone -O full -f $zonefile $infile >signer.out.$zone 2>&1
diff -Nru bind9-9.16.44/bin/tests/system/checkds/ns5/setup.sh bind9-9.16.48/bin/tests/system/checkds/ns5/setup.sh
--- bind9-9.16.44/bin/tests/system/checkds/ns5/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkds/ns5/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -20,7 +20,7 @@
infile="checkds.db.infile"
zonefile="checkds.db"
-CSK=$($KEYGEN -k default $zone 2> keygen.out.$zone)
-cat template.db.in "${CSK}.key" > "$infile"
-private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
-$SIGNER -S -g -z -x -s now-1h -e now+30d -o $zone -O full -f $zonefile $infile > signer.out.$zone 2>&1
+CSK=$($KEYGEN -k default $zone 2>keygen.out.$zone)
+cat template.db.in "${CSK}.key" >"$infile"
+private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
+$SIGNER -S -g -z -x -s now-1h -e now+30d -o $zone -O full -f $zonefile $infile >signer.out.$zone 2>&1
diff -Nru bind9-9.16.44/bin/tests/system/checkds/ns9/setup.sh bind9-9.16.48/bin/tests/system/checkds/ns9/setup.sh
--- bind9-9.16.44/bin/tests/system/checkds/ns9/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkds/ns9/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -17,11 +17,11 @@
echo_i "ns9/setup.sh"
setup() {
- zone="$1"
- echo_i "setting up zone: $zone"
- zonefile="${zone}.db"
- infile="${zone}.db.infile"
- echo "$zone" >> zones
+ zone="$1"
+ echo_i "setting up zone: $zone"
+ zonefile="${zone}.db"
+ infile="${zone}.db.infile"
+ echo "$zone" >>zones
}
# Short environment variable names for key states and times.
@@ -34,30 +34,28 @@
# DS Publication.
for zn in dspublished reference missing-dspublished bad-dspublished \
- multiple-dspublished incomplete-dspublished bad2-dspublished
-do
- setup "${zn}.checkds"
- cp template.db.in "$zonefile"
- keytimes="-P $T -P sync $T -A $T"
- CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
- $SETTIME -s -g $O -k $O $T -r $O $T -z $O $T -d $R $T "$CSK" > settime.out.$zone 2>&1
- cat template.db.in "${CSK}.key" > "$infile"
- private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
- cp $infile $zonefile
- $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
+ multiple-dspublished incomplete-dspublished bad2-dspublished; do
+ setup "${zn}.checkds"
+ cp template.db.in "$zonefile"
+ keytimes="-P $T -P sync $T -A $T"
+ CSK=$($KEYGEN -k default $keytimes $zone 2>keygen.out.$zone)
+ $SETTIME -s -g $O -k $O $T -r $O $T -z $O $T -d $R $T "$CSK" >settime.out.$zone 2>&1
+ cat template.db.in "${CSK}.key" >"$infile"
+ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
+ cp $infile $zonefile
+ $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
done
# DS Withdrawal.
for zn in dswithdrawn missing-dswithdrawn bad-dswithdrawn multiple-dswithdrawn \
- incomplete-dswithdrawn bad2-dswithdrawn
-do
- setup "${zn}.checkds"
- cp template.db.in "$zonefile"
- keytimes="-P $Y -P sync $Y -A $Y"
- CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
- $SETTIME -s -g $H -k $O $T -r $O $T -z $O $T -d $U $T "$CSK" > settime.out.$zone 2>&1
- cat template.db.in "${CSK}.key" > "$infile"
- private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
- cp $infile $zonefile
- $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
+ incomplete-dswithdrawn bad2-dswithdrawn; do
+ setup "${zn}.checkds"
+ cp template.db.in "$zonefile"
+ keytimes="-P $Y -P sync $Y -A $Y"
+ CSK=$($KEYGEN -k default $keytimes $zone 2>keygen.out.$zone)
+ $SETTIME -s -g $H -k $O $T -r $O $T -z $O $T -d $U $T "$CSK" >settime.out.$zone 2>&1
+ cat template.db.in "${CSK}.key" >"$infile"
+ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
+ cp $infile $zonefile
+ $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
done
diff -Nru bind9-9.16.44/bin/tests/system/checkds/prereq.sh bind9-9.16.48/bin/tests/system/checkds/prereq.sh
--- bind9-9.16.44/bin/tests/system/checkds/prereq.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkds/prereq.sh 2024-02-11 11:31:39.000000000 +0000
@@ -14,18 +14,16 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
-if test -n "$PYTHON"
-then
- if [ "$($PYTHON -c "import dns.version; print(dns.version.MAJOR)" 2> /dev/null)" -ge 2 ]
- then
- :
- else
- echo_i "This test requires the dnspython >= 2.0.0 module." >&2
- exit 1
- fi
-else
- echo_i "This test requires Python and the dnspython module." >&2
+if test -n "$PYTHON"; then
+ if [ "$($PYTHON -c "import dns.version; print(dns.version.MAJOR)" 2>/dev/null)" -ge 2 ]; then
+ :
+ else
+ echo_i "This test requires the dnspython >= 2.0.0 module." >&2
exit 1
+ fi
+else
+ echo_i "This test requires Python and the dnspython module." >&2
+ exit 1
fi
exit 0
diff -Nru bind9-9.16.44/bin/tests/system/checkds/setup.sh bind9-9.16.48/bin/tests/system/checkds/setup.sh
--- bind9-9.16.44/bin/tests/system/checkds/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkds/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -27,14 +27,14 @@
# Setup zones
(
- cd ns9
- $SHELL setup.sh
+ cd ns9
+ $SHELL setup.sh
)
(
- cd ns5
- $SHELL setup.sh
+ cd ns5
+ $SHELL setup.sh
)
(
- cd ns2
- $SHELL setup.sh
+ cd ns2
+ $SHELL setup.sh
)
diff -Nru bind9-9.16.44/bin/tests/system/checkdstool/dig.sh bind9-9.16.48/bin/tests/system/checkdstool/dig.sh
--- bind9-9.16.44/bin/tests/system/checkdstool/dig.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkdstool/dig.sh 2024-02-11 11:31:39.000000000 +0000
@@ -12,13 +12,22 @@
# information regarding copyright ownership.
while [ "$#" != 0 ]; do
- case $1 in
+ case $1 in
+*) shift ;;
-t) shift ;;
- DS|ds) ext=ds ; shift ;;
- DNSKEY|dnskey) ext=dnskey ; shift ;;
- *) file=$1 ; shift ;;
- esac
+ DS | ds)
+ ext=ds
+ shift
+ ;;
+ DNSKEY | dnskey)
+ ext=dnskey
+ shift
+ ;;
+ *)
+ file=$1
+ shift
+ ;;
+ esac
done
cat ${file}.${ext}.db
diff -Nru bind9-9.16.44/bin/tests/system/checkdstool/tests.sh bind9-9.16.48/bin/tests/system/checkdstool/tests.sh
--- bind9-9.16.44/bin/tests/system/checkdstool/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkdstool/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -15,12 +15,12 @@
. $SYSTEMTESTTOP/conf.sh
if [ "$CYGWIN" ]; then
- DIG=".\dig.bat"
- WINDSFROMKEY=`cygpath -w $DSFROMKEY`
- CHECKDS="$CHECKDS -a sha1 -a sha256 -d $DIG -D $WINDSFROMKEY"
+ DIG=".\dig.bat"
+ WINDSFROMKEY=$(cygpath -w $DSFROMKEY)
+ CHECKDS="$CHECKDS -a sha1 -a sha256 -d $DIG -D $WINDSFROMKEY"
else
- DIG="./dig.sh"
- CHECKDS="$CHECKDS -a sha1 -a sha256 -d $DIG -D $DSFROMKEY"
+ DIG="./dig.sh"
+ CHECKDS="$CHECKDS -a sha1 -a sha256 -d $DIG -D $DSFROMKEY"
fi
chmod +x $DIG
@@ -29,88 +29,88 @@
echo_i "checking for correct DS, looking up key via 'dig' ($n)"
ret=0
-$CHECKDS ok.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS ok.example >checkds.out.$n 2>&1 || ret=1
+grep 'SHA-1' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for correct DS, obtaining key from file ($n)"
ret=0
-$CHECKDS -f ok.example.dnskey.db ok.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS -f ok.example.dnskey.db ok.example >checkds.out.$n 2>&1 || ret=1
+grep 'SHA-1' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for incorrect DS, looking up key via 'dig' ($n)"
ret=0
-$CHECKDS wrong.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS wrong.example >checkds.out.$n 2>&1 || ret=1
+grep 'SHA-1' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for incorrect DS, obtaining key from file ($n)"
ret=0
-$CHECKDS -f wrong.example.dnskey.db wrong.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS -f wrong.example.dnskey.db wrong.example >checkds.out.$n 2>&1 || ret=1
+grep 'SHA-1' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for partially missing DS, looking up key via 'dig' ($n)"
ret=0
-$CHECKDS missing.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS missing.example >checkds.out.$n 2>&1 && ret=1
+grep 'SHA-1.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-1.*missing' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256.*missing' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for partially missing DS, obtaining key from file ($n)"
ret=0
-$CHECKDS -f missing.example.dnskey.db missing.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS -f missing.example.dnskey.db missing.example >checkds.out.$n 2>&1 && ret=1
+grep 'SHA-1.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-1.*missing' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256.*missing' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for entirely missing DS, looking up key via 'dig' ($n)"
ret=0
-$CHECKDS none.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-n=`expr $n + 1`
+$CHECKDS none.example >checkds.out.$n 2>&1 && ret=1
+grep 'SHA-1.*found' checkds.out.$n >/dev/null 2>&1 && ret=1
+grep 'SHA-256.*found' checkds.out.$n >/dev/null 2>&1 && ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for entirely missing DS, obtaining key from file ($n)"
ret=0
-$CHECKDS -f none.example.dnskey.db none.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-n=`expr $n + 1`
+$CHECKDS -f none.example.dnskey.db none.example >checkds.out.$n 2>&1 && ret=1
+grep 'SHA-1.*found' checkds.out.$n >/dev/null 2>&1 && ret=1
+grep 'SHA-256.*found' checkds.out.$n >/dev/null 2>&1 && ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking with prepared dsset file ($n)"
ret=0
-$CHECKDS -f prep.example.db -s prep.example.ds.db prep.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKDS -f prep.example.db -s prep.example.ds.db prep.example >checkds.out.$n 2>&1 || ret=1
+grep 'SHA-1.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+grep 'SHA-256.*found' checkds.out.$n >/dev/null 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if [ $status = 0 ]; then $SHELL clean.sh; fi
echo_i "exit status: $status"
diff -Nru bind9-9.16.44/bin/tests/system/checknames/tests.sh bind9-9.16.48/bin/tests/system/checknames/tests.sh
--- bind9-9.16.44/bin/tests/system/checknames/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checknames/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -19,173 +19,173 @@
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
-wait_for_record () {
- $DIG $DIGOPTS "$1" "$2" "$3" > "$4" || return 1
- grep NOERROR "$4" > /dev/null || return 1
- return 0
+wait_for_record() {
+ $DIG $DIGOPTS "$1" "$2" "$3" >"$4" || return 1
+ grep NOERROR "$4" >/dev/null || return 1
+ return 0
}
# Entry should exist.
echo_i "check for failure from on zone load for 'check-names fail;' ($n)"
ret=0
-$DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
-grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1
-grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
+$DIG $DIGOPTS fail.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1
+grep SERVFAIL dig.out.ns1.test$n >/dev/null || ret=1
+grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
# Entry should exist.
echo_i "check for warnings from on zone load for 'check-names warn;' ($n)"
ret=0
-grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1
+grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
# Entry should not exist.
echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)"
ret=1
grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
# Entry should exist
echo_i "check that 'check-names response warn;' works ($n)"
ret=0
-$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1
digcomp dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
-grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1
+grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
# Entry should exist
echo_i "check that 'check-names response (owner) fails;' works ($n)"
ret=0
-$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
-grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1
-grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.1 a >dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS yy_yy.ignore.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1
+grep REFUSED dig.out.ns3.test$n >/dev/null || ret=1
+grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
# Entry should exist
echo_i "check that 'check-names response (rdata) fails;' works ($n)"
ret=0
-$DIG $DIGOPTS mx.ignore.example. @10.53.0.1 MX > dig.out.ns1.test$n || ret=1
-$DIG $DIGOPTS mx.ignore.example. @10.53.0.3 MX > dig.out.ns3.test$n || ret=1
-grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
-grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1
-grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1
+$DIG $DIGOPTS mx.ignore.example. @10.53.0.1 MX >dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS mx.ignore.example. @10.53.0.3 MX >dig.out.ns3.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1
+grep SERVFAIL dig.out.ns3.test$n >/dev/null || ret=1
+grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names fail;' are rejected ($n)"
ret=0
not=1
-$NSUPDATE -d < nsupdate.out.test$n 2>&1 || not=0
+$NSUPDATE -d <nsupdate.out.test$n 2>&1 || not=0
check-names off
server 10.53.0.1 ${PORT}
update add xxx_xxx.fail.update. 600 A 10.10.10.1
send
END
if [ $not != 0 ]; then ret=1; fi
-$DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
-grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
-grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1
+grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run >/dev/null || ret=1
+grep NXDOMAIN dig.out.ns1.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)"
ret=0
-$NSUPDATE -d < nsupdate.out.test$n 2>&1|| ret=1
+$NSUPDATE -d <nsupdate.out.test$n 2>&1 || ret=1
check-names off
server 10.53.0.1 ${PORT}
update add xxx_xxx.warn.update. 600 A 10.10.10.1
send
END
-$DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
-grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1
-grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1
+grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run >/dev/null || ret=1
+grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)"
ret=0
not=1
-$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <nsupdate.out.test$n 2>&1 || ret=1
check-names off
server 10.53.0.1 ${PORT}
update add xxx_xxx.ignore.update. 600 A 10.10.10.1
send
END
-grep "xxx_xxx.ignore.update/A.*(check-names)" ns1/named.run > /dev/null || not=0
+grep "xxx_xxx.ignore.update/A.*(check-names)" ns1/named.run >/dev/null || not=0
if [ $not != 0 ]; then ret=1; fi
-$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1
-grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1
+$DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A >dig.out.ns1.test$n || ret=1
+grep NOERROR dig.out.ns1.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
ret=0
not=1
-$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <nsupdate.out.test$n 2>&1 || ret=1
check-names off
server 10.53.0.4 ${PORT}
update add xxx_xxx.primary-ignore.update. 600 A 10.10.10.1
send
END
-grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns4/named.run > /dev/null || not=0
+grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns4/named.run >/dev/null || not=0
if [ $not != 0 ]; then ret=1; fi
-$DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A > dig.out.ns4.test$n || ret=1
-grep NOERROR dig.out.ns4.test$n > /dev/null || ret=1
+$DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A >dig.out.ns4.test$n || ret=1
+grep NOERROR dig.out.ns4.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0
not=1
-$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1
+$NSUPDATE -d <nsupdate.out.test$n 2>&1 || ret=1
check-names off
server 10.53.0.5 ${PORT}
update add xxx_xxx.master-ignore.update. 600 A 10.10.10.1
send
END
-grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns5/named.run > /dev/null || not=0
+grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns5/named.run >/dev/null || not=0
if [ $not != 0 ]; then ret=1; fi
-$DIG $DIGOPTS xxx_xxx.master-ignore.update @10.53.0.5 A > dig.out.ns5.test$n || ret=1
-grep NOERROR dig.out.ns5.test$n > /dev/null || ret=1
+$DIG $DIGOPTS xxx_xxx.master-ignore.update @10.53.0.5 A >dig.out.ns5.test$n || ret=1
+grep NOERROR dig.out.ns5.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-n=$((n+1))
+status=$((status + ret))
+n=$((n + 1))
echo_i "check that updates to 'check-names secondary ignore;' succeed and are not logged ($n)"
ret=0
# takes a while for the transfer to succeed as ns5 (primary) is started after ns4 (secondary)
# and the zone is still loading when we get to this point.
retry_quiet 35 wait_for_record xxx_xxx.master-ignore.update @10.53.0.4 A dig.out.ns4.test$n || ret=1
-grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run > /dev/null && ret=1
+grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-n=`expr $n + 1`
+status=$(expr $status + $ret)
+n=$(expr $n + 1)
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
ret=0
retry_quiet 35 wait_for_record xxx_xxx.primary-ignore.update @10.53.0.5 A dig.out.ns5.test$n || ret=1
-grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns5/named.run > /dev/null && ret=1
+grep "xxx_xxx.primary-ignore.update/A.*(check-names)" ns5/named.run >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-n=$((n+1))
+status=$((status + ret))
+n=$((n + 1))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/checkzone/setup.sh bind9-9.16.48/bin/tests/system/checkzone/setup.sh
--- bind9-9.16.44/bin/tests/system/checkzone/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkzone/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -17,8 +17,8 @@
ln -s $CHECKZONE named-compilezone
./named-compilezone -D -F raw -o good1.db.raw example \
- zones/good1.db > /dev/null 2>&1
+ zones/good1.db >/dev/null 2>&1
./named-compilezone -D -F map -o good1.db.map example \
- zones/good1.db > /dev/null 2>&1
+ zones/good1.db >/dev/null 2>&1
copy_setports zones/bad-tsig.db.in zones/bad-tsig.db
diff -Nru bind9-9.16.44/bin/tests/system/checkzone/tests.sh bind9-9.16.48/bin/tests/system/checkzone/tests.sh
--- bind9-9.16.44/bin/tests/system/checkzone/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/checkzone/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -17,129 +17,127 @@
status=0
n=1
-for db in zones/good*.db
-do
- echo_i "checking $db ($n)"
- ret=0
- case $db in
- zones/good-gc-msdcs.db|zones/good-spf-exception.db)
- $CHECKZONE -k fail -i local example $db > test.out.$n 2>&1 || ret=1
- ;;
- zones/good-dns-sd-reverse.db)
- $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 || ret=1
- ;;
- *)
- $CHECKZONE -i local example $db > test.out.$n 2>&1 || ret=1
- ;;
- esac
- n=$((n+1))
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+for db in zones/good*.db; do
+ echo_i "checking $db ($n)"
+ ret=0
+ case $db in
+ zones/good-gc-msdcs.db | zones/good-spf-exception.db)
+ $CHECKZONE -k fail -i local example $db >test.out.$n 2>&1 || ret=1
+ ;;
+ zones/good-dns-sd-reverse.db)
+ $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db >test.out.$n 2>&1 || ret=1
+ ;;
+ *)
+ $CHECKZONE -i local example $db >test.out.$n 2>&1 || ret=1
+ ;;
+ esac
+ n=$((n + 1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
done
-for db in zones/bad*.db
-do
- echo_i "checking $db ($n)"
- ret=0 v=0
- case $db in
- zones/bad-dns-sd-reverse.db|zones/bad-svcb-servername.db)
- $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db > test.out.$n 2>&1 || v=$?
- ;;
- *)
- $CHECKZONE -i local example $db > test.out.$n 2>&1 || v=$?
- ;;
- esac
- test $v = 1 || ret=1
- n=$((n+1))
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+for db in zones/bad*.db; do
+ echo_i "checking $db ($n)"
+ ret=0 v=0
+ case $db in
+ zones/bad-dns-sd-reverse.db | zones/bad-svcb-servername.db)
+ $CHECKZONE -k fail -i local 0.0.0.0.in-addr.arpa $db >test.out.$n 2>&1 || v=$?
+ ;;
+ *)
+ $CHECKZONE -i local example $db >test.out.$n 2>&1 || v=$?
+ ;;
+ esac
+ test $v = 1 || ret=1
+ n=$((n + 1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status + ret))
done
echo_i "checking with journal file ($n)"
ret=0
-$CHECKZONE -D -o test.orig.db test zones/test1.db > /dev/null 2>&1 || ret=1
-$CHECKZONE -D -o test.changed.db test zones/test2.db > /dev/null 2>&1 || ret=1
+$CHECKZONE -D -o test.orig.db test zones/test1.db >/dev/null 2>&1 || ret=1
+$CHECKZONE -D -o test.changed.db test zones/test2.db >/dev/null 2>&1 || ret=1
$MAKEJOURNAL test test.orig.db test.changed.db test.orig.db.jnl 2>&1 || ret=1
jlines=$($JOURNALPRINT test.orig.db.jnl | wc -l)
[ $jlines = 3 ] || ret=1
-$CHECKZONE -D -j -o test.out1.db test test.orig.db > /dev/null 2>&1 || ret=1
+$CHECKZONE -D -j -o test.out1.db test test.orig.db >/dev/null 2>&1 || ret=1
cmp -s test.changed.db test.out1.db || ret=1
mv -f test.orig.db.jnl test.journal
-$CHECKZONE -D -J test.journal -o test.out2.db test test.orig.db > /dev/null 2>&1 || ret=1
+$CHECKZONE -D -J test.journal -o test.out2.db test test.orig.db >/dev/null 2>&1 || ret=1
cmp -s test.changed.db test.out2.db || ret=1
-n=$((n+1))
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking with spf warnings ($n)"
ret=0
-$CHECKZONE example zones/spf.db > test.out1.$n 2>&1 || ret=1
-$CHECKZONE -T ignore example zones/spf.db > test.out2.$n 2>&1 || ret=1
-grep "'x.example' found type SPF" test.out1.$n > /dev/null && ret=1
-grep "'y.example' found type SPF" test.out1.$n > /dev/null || ret=1
-grep "'example' found type SPF" test.out1.$n > /dev/null && ret=1
-grep "'x.example' found type SPF" test.out2.$n > /dev/null && ret=1
-grep "'y.example' found type SPF" test.out2.$n > /dev/null && ret=1
-grep "'example' found type SPF" test.out2.$n > /dev/null && ret=1
-n=$((n+1))
+$CHECKZONE example zones/spf.db >test.out1.$n 2>&1 || ret=1
+$CHECKZONE -T ignore example zones/spf.db >test.out2.$n 2>&1 || ret=1
+grep "'x.example' found type SPF" test.out1.$n >/dev/null && ret=1
+grep "'y.example' found type SPF" test.out1.$n >/dev/null || ret=1
+grep "'example' found type SPF" test.out1.$n >/dev/null && ret=1
+grep "'x.example' found type SPF" test.out2.$n >/dev/null && ret=1
+grep "'y.example' found type SPF" test.out2.$n >/dev/null && ret=1
+grep "'example' found type SPF" test.out2.$n >/dev/null && ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking with max ttl (text) ($n)"
ret=0
-$CHECKZONE -l 300 example zones/good1.db > test.out1.$n 2>&1 && ret=1
-$CHECKZONE -l 600 example zones/good1.db > test.out2.$n 2>&1 || ret=1
-n=$((n+1))
+$CHECKZONE -l 300 example zones/good1.db >test.out1.$n 2>&1 && ret=1
+$CHECKZONE -l 600 example zones/good1.db >test.out2.$n 2>&1 || ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking with max ttl (raw) ($n)"
ret=0
-$CHECKZONE -f raw -l 300 example good1.db.raw > test.out1.$n 2>&1 && ret=1
-$CHECKZONE -f raw -l 600 example good1.db.raw > test.out2.$n 2>&1 || ret=1
-n=$((n+1))
+$CHECKZONE -f raw -l 300 example good1.db.raw >test.out1.$n 2>&1 && ret=1
+$CHECKZONE -f raw -l 600 example good1.db.raw >test.out2.$n 2>&1 || ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking with max ttl (map) ($n)"
ret=0
-$CHECKZONE -f map -l 300 example good1.db.map > test.out1.$n 2>&1 && ret=1
-$CHECKZONE -f map -l 600 example good1.db.map > test.out2.$n 2>&1 || ret=1
-n=`expr $n + 1`
+$CHECKZONE -f map -l 300 example good1.db.map >test.out1.$n 2>&1 && ret=1
+$CHECKZONE -f map -l 600 example good1.db.map >test.out2.$n 2>&1 || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking for no 'inherited owner' warning on '\$INCLUDE file' with no new \$ORIGIN ($n)"
ret=0
-$CHECKZONE example zones/nowarn.inherited.owner.db > test.out1.$n 2>&1 || ret=1
-grep "inherited.owner" test.out1.$n > /dev/null && ret=1
-n=$((n+1))
+$CHECKZONE example zones/nowarn.inherited.owner.db >test.out1.$n 2>&1 || ret=1
+grep "inherited.owner" test.out1.$n >/dev/null && ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking for 'inherited owner' warning on '\$ORIGIN + \$INCLUDE file' ($n)"
ret=0
-$CHECKZONE example zones/warn.inherit.origin.db > test.out1.$n 2>&1 || ret=1
-grep "inherited.owner" test.out1.$n > /dev/null || ret=1
-n=$((n+1))
+$CHECKZONE example zones/warn.inherit.origin.db >test.out1.$n 2>&1 || ret=1
+grep "inherited.owner" test.out1.$n >/dev/null || ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking for 'inherited owner' warning on '\$INCLUDE file origin' ($n)"
ret=0
-$CHECKZONE example zones/warn.inherited.owner.db > test.out1.$n 2>&1 || ret=1
-grep "inherited.owner" test.out1.$n > /dev/null || ret=1
-n=$((n+1))
+$CHECKZONE example zones/warn.inherited.owner.db >test.out1.$n 2>&1 || ret=1
+grep "inherited.owner" test.out1.$n >/dev/null || ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking that raw zone with bad class is handled ($n)"
ret=0
-$CHECKZONE -f raw example zones/bad-badclass.raw > test.out.$n 2>&1 && ret=1
+$CHECKZONE -f raw example zones/bad-badclass.raw >test.out.$n 2>&1 && ret=1
grep "failed: bad class" test.out.$n >/dev/null || ret=1
-n=$((n+1))
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking that expirations that loop using serial arithmetic are handled ($n)"
ret=0
@@ -166,35 +164,35 @@
test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1
test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1
test $ret -eq 1 || $CHECKZONE $q dyn.example.net zones/crashzone.db || ret=1
-n=$((n+1))
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking that nameserver below DNAME is reported even with occulted address record present ($n)"
ret=0
-$CHECKZONE example.com zones/ns-address-below-dname.db > test.out.$n 2>&1 && ret=1
+$CHECKZONE example.com zones/ns-address-below-dname.db >test.out.$n 2>&1 && ret=1
grep "is below a DNAME" test.out.$n >/dev/null || ret=1
-n=$((n+1))
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "checking that delegating nameserver below DNAME is reported even with occulted address record present ($n)"
ret=0
-$CHECKZONE example.com zones/delegating-ns-address-below-dname.db > test.out.$n 2>&1 || ret=1
+$CHECKZONE example.com zones/delegating-ns-address-below-dname.db >test.out.$n 2>&1 || ret=1
grep "is below a DNAME" test.out.$n >/dev/null || ret=1
-n=$((n+1))
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
-n=$((n+1))
+n=$((n + 1))
ret=0
echo_i "checking integer overflow is prevented in \$GENERATE ($n)"
-$CHECKZONE -D example.com zones/generate-overflow.db > test.out.$n 2>&1 || ret=1
+$CHECKZONE -D example.com zones/generate-overflow.db >test.out.$n 2>&1 || ret=1
lines=$(grep -c CNAME test.out.$n)
echo $lines
[ "$lines" -eq 1 ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/ckdnsrps.sh bind9-9.16.48/bin/tests/system/ckdnsrps.sh
--- bind9-9.16.44/bin/tests/system/ckdnsrps.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/ckdnsrps.sh 2024-02-11 11:31:39.000000000 +0000
@@ -18,7 +18,6 @@
# Note that dnsrps.conf and dnsrps-slave.conf are included in named.conf
# and differ from dnsrpz.conf which is used by dnsrpzd.
-
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
@@ -30,57 +29,64 @@
SCONF=dnsrps-slave.conf
USAGE="$0: [-xAD] [-M dnsrps.conf] [-S dnsrps-slave.conf]"
while getopts "xADM:S:" c; do
- case $c in
- x) set -x; DEBUG=-x;;
- A) AS_NS=yes;;
- D) TEST_DNSRPS=yes;;
- M) MCONF="$OPTARG";;
- S) SCONF="$OPTARG";;
- *) echo "$USAGE" 1>&2; exit 1;;
- esac
+ case $c in
+ x)
+ set -x
+ DEBUG=-x
+ ;;
+ A) AS_NS=yes ;;
+ D) TEST_DNSRPS=yes ;;
+ M) MCONF="$OPTARG" ;;
+ S) SCONF="$OPTARG" ;;
+ *)
+ echo "$USAGE" 1>&2
+ exit 1
+ ;;
+ esac
done
-shift `expr $OPTIND - 1 || true`
+shift $(expr $OPTIND - 1 || true)
if [ "$#" -ne 0 ]; then
- echo "$USAGE" 1>&2
- exit 1
+ echo "$USAGE" 1>&2
+ exit 1
fi
# erase any existing conf files
-cat /dev/null > $MCONF
-cat /dev/null > $SCONF
+cat /dev/null >$MCONF
+cat /dev/null >$SCONF
-add_conf () {
- echo "$*" >>$MCONF
- echo "$*" >>$SCONF
+add_conf() {
+ echo "$*" >>$MCONF
+ echo "$*" >>$SCONF
}
if ! $FEATURETEST --enable-dnsrps; then
- if [ -n "$TEST_DNSRPS" ]; then
- add_conf "## DNSRPS disabled at compile time"
- fi
- add_conf "#skip"
- exit 0
+ if [ -n "$TEST_DNSRPS" ]; then
+ add_conf "## DNSRPS disabled at compile time"
+ fi
+ add_conf "#skip"
+ exit 0
fi
if [ -z "$TEST_DNSRPS" ]; then
- add_conf "## testing with native RPZ"
- add_conf '#skip'
- exit 0
+ add_conf "## testing with native RPZ"
+ add_conf '#skip'
+ exit 0
else
- add_conf "## testing with DNSRPS"
+ add_conf "## testing with DNSRPS"
fi
if [ ! -x "$DNSRPS_CMD" ]; then
- add_conf "## make $DNSRPS_CMD to test DNSRPS"
- add_conf '#skip'
- exit 0
+ add_conf "## make $DNSRPS_CMD to test DNSRPS"
+ add_conf '#skip'
+ exit 0
fi
-if $DNSRPS_CMD -a >/dev/null; then :
+if $DNSRPS_CMD -a >/dev/null; then
+ :
else
- add_conf "## DNSRPS provider library is not available"
- add_conf '#skip'
- exit 0
+ add_conf "## DNSRPS provider library is not available"
+ add_conf '#skip'
+ exit 0
fi
CMN=" dnsrps-options { dnsrpzd-conf ../dnsrpzd.conf
@@ -91,7 +97,7 @@
MASTER="$CMN"
if [ -n "$AS_NS" ]; then
- MASTER="$MASTER
+ MASTER="$MASTER
qname-as-ns yes
ip-as-ns yes"
fi
@@ -107,7 +113,6 @@
dnsrpzd '' }; # do not start dnsrpzd
EOF
-
# DNSRPS is available.
# The test should fail if the license is bad.
add_conf "dnsrps-enable yes;"
@@ -118,49 +123,49 @@
# try ../rpz/alt-dnsrpzd-license.conf if alt-dnsrpzd-license.conf does not exist
[ -s $ALT_L ] || ALT_L=../rpz/alt-dnsrpzd-license.conf
if [ -s $ALT_L ]; then
- SRC_L=$ALT_L
- USE_ALT=
+ SRC_L=$ALT_L
+ USE_ALT=
else
- SRC_L=../rpz/dnsrpzd-license.conf
- USE_ALT="## consider installing alt-dnsrpzd-license.conf"
+ SRC_L=../rpz/dnsrpzd-license.conf
+ USE_ALT="## consider installing alt-dnsrpzd-license.conf"
fi
cp $SRC_L $CUR_L
# parse $CUR_L for the license zone name, master IP addresses, and optional
# transfer-source IP addresses
-eval `sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'\
- -e 's/.*zone *\([-a-z0-9]*.license.fastrpz.com\).*/NAME=\1/p' \
- -e 's/.*farsight_fastrpz_license *\([0-9.]*\);.*/IPV4=\1/p' \
- -e 's/.*farsight_fastrpz_license *\([0-9a-f:]*\);.*/IPV6=\1/p' \
- -e 's/.*transfer-source *\([0-9.]*\);.*/TS4=-b\1/p' \
- -e 's/.*transfer-source *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
- -e 's/.*transfer-source-v6 *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
- $CUR_L`
+eval $(sed -n -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/' \
+ -e 's/.*zone *\([-a-z0-9]*.license.fastrpz.com\).*/NAME=\1/p' \
+ -e 's/.*farsight_fastrpz_license *\([0-9.]*\);.*/IPV4=\1/p' \
+ -e 's/.*farsight_fastrpz_license *\([0-9a-f:]*\);.*/IPV6=\1/p' \
+ -e 's/.*transfer-source *\([0-9.]*\);.*/TS4=-b\1/p' \
+ -e 's/.*transfer-source *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
+ -e 's/.*transfer-source-v6 *\([0-9a-f:]*\);.*/TS6=-b\1/p' \
+ $CUR_L)
if [ -z "$NAME" ]; then
- add_conf "## no DNSRPS tests; no license domain name in $SRC_L"
- add_conf '#fail'
- exit 0
+ add_conf "## no DNSRPS tests; no license domain name in $SRC_L"
+ add_conf '#fail'
+ exit 0
fi
if [ -z "$IPV4" ]; then
- IPV4=license1.fastrpz.com
- TS4=
+ IPV4=license1.fastrpz.com
+ TS4=
fi
if [ -z "$IPV6" ]; then
- IPV6=license1.fastrpz.com
- TS6=
+ IPV6=license1.fastrpz.com
+ TS6=
fi
# This TSIG key is common and NOT a secret
KEY='hmac-sha256:farsight_fastrpz_license:f405d02b4c8af54855fcebc1'
# Try IPv4 and then IPv6 to deal with IPv6 tunnel and connectivity problems
-if `$DIG -4 -t axfr -y$KEY $TS4 $NAME @$IPV4 \
- | grep -i "^$NAME.*TXT" >/dev/null`; then
- exit 0
-fi
-if `$DIG -6 -t axfr -y$KEY $TS6 $NAME @$IPV6 \
- | grep -i "^$NAME.*TXT" >/dev/null`; then
- exit 0
+if $($DIG -4 -t axfr -y$KEY $TS4 $NAME @$IPV4 \
+ | grep -i "^$NAME.*TXT" >/dev/null); then
+ exit 0
+fi
+if $($DIG -6 -t axfr -y$KEY $TS6 $NAME @$IPV6 \
+ | grep -i "^$NAME.*TXT" >/dev/null); then
+ exit 0
fi
add_conf "## DNSRPS lacks a valid license via $SRC_L"
diff -Nru bind9-9.16.44/bin/tests/system/cleanall.sh bind9-9.16.48/bin/tests/system/cleanall.sh
--- bind9-9.16.44/bin/tests/system/cleanall.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cleanall.sh 2024-02-11 11:31:39.000000000 +0000
@@ -18,20 +18,17 @@
SYSTEMTESTTOP=.
. $SYSTEMTESTTOP/conf.sh
-
find . -type f \( \
- -name '*~' -o -name 'core' -o -name '*.core' \
- -o -name '*.log' -o -name '*.pid' -o -name '*.keyset' \
- -o -name named.run -o -name ans.run \
- -o -name '*-valgrind-*.log' \) -print | xargs rm -f
+ -name '*~' -o -name 'core' -o -name '*.core' \
+ -o -name '*.log' -o -name '*.pid' -o -name '*.keyset' \
+ -o -name named.run -o -name ans.run \) -print | xargs rm -f
status=0
rm -f $SYSTEMTESTTOP/random.data
-for d in $SUBDIRS
-do
- test ! -f $d/clean.sh || ( cd $d && $SHELL clean.sh )
- rm -f test.output.$d
- test -d $d && find $d -type d -exec rmdir '{}' \; 2> /dev/null
+for d in $SUBDIRS; do
+ test ! -f $d/clean.sh || (cd $d && $SHELL clean.sh)
+ rm -f test.output.$d
+ test -d $d && find $d -type d -exec rmdir '{}' \; 2>/dev/null
done
diff -Nru bind9-9.16.44/bin/tests/system/cleanpkcs11.sh bind9-9.16.48/bin/tests/system/cleanpkcs11.sh
--- bind9-9.16.44/bin/tests/system/cleanpkcs11.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cleanpkcs11.sh 2024-02-11 11:31:39.000000000 +0000
@@ -15,4 +15,4 @@
PK11DELBIN=$(echo "$PK11DEL" | awk '{ print $1 }')
-[ -x "$PK11DELBIN" ] && $PK11DEL -w0 > /dev/null 2>&1
+[ -x "$PK11DELBIN" ] && $PK11DEL -w0 >/dev/null 2>&1
diff -Nru bind9-9.16.44/bin/tests/system/conf.sh.in bind9-9.16.48/bin/tests/system/conf.sh.in
--- bind9-9.16.44/bin/tests/system/conf.sh.in 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/conf.sh.in 2024-02-11 11:31:39.000000000 +0000
@@ -33,12 +33,12 @@
export CHECKZONE=$TOP/bin/check/named-checkzone
export COVERAGE=$TOP/bin/python/dnssec-coverage
export DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
-if [ -z "$TSAN_OPTIONS" ]; then # workaround for GL#4119
- export DELV=$TOP/bin/delv/delv
- export RESOLVE=$TOP/bin/tests/system/resolve
+if [ -z "$TSAN_OPTIONS" ]; then # workaround for GL#4119
+ export DELV=$TOP/bin/delv/delv
+ export RESOLVE=$TOP/bin/tests/system/resolve
else
- export DELV=:
- export RESOLVE=:
+ export DELV=:
+ export RESOLVE=:
fi
export DIG=$TOP/bin/dig/dig
export DNSTAPREAD=$TOP/bin/tools/dnstap-read
@@ -105,8 +105,8 @@
#
export PERL=@PERL@
if ! test -x "$PERL"; then
- echo "Perl interpreter is required for system tests."
- exit 77
+ echo "Perl interpreter is required for system tests."
+ exit 77
fi
export PYTHON=@PYTHON@
@@ -115,7 +115,6 @@
#
export CRYPTO=@CRYPTO@
-
# Load common values shared between windows and unix/linux.
. $TOP/bin/tests/system/conf.sh.common
diff -Nru bind9-9.16.44/bin/tests/system/cookie/prereq.sh bind9-9.16.48/bin/tests/system/cookie/prereq.sh
--- bind9-9.16.44/bin/tests/system/cookie/prereq.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cookie/prereq.sh 2024-02-11 11:31:39.000000000 +0000
@@ -16,18 +16,16 @@
set -e
-if test -n "$PYTHON"
-then
- if $PYTHON -c "import dns" 2> /dev/null
- then
- :
- else
- echo_i "This test requires the dnspython module." >&2
- exit 1
- fi
-else
- echo_i "This test requires Python and the dnspython module." >&2
+if test -n "$PYTHON"; then
+ if $PYTHON -c "import dns" 2>/dev/null; then
+ :
+ else
+ echo_i "This test requires the dnspython module." >&2
exit 1
+ fi
+else
+ echo_i "This test requires Python and the dnspython module." >&2
+ exit 1
fi
exit 0
diff -Nru bind9-9.16.44/bin/tests/system/cookie/tests.sh bind9-9.16.48/bin/tests/system/cookie/tests.sh
--- bind9-9.16.44/bin/tests/system/cookie/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/cookie/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -21,189 +21,187 @@
n=0
getcookie() {
- awk '$2 == "COOKIE:" {
+ awk '$2 == "COOKIE:" {
print $3;
- }' < $1 | tr -d '\r'
+ }' <$1 | tr -d '\r'
}
fullcookie() {
- awk 'BEGIN { n = 0 }
+ awk 'BEGIN { n = 0 }
// { v[n++] = length(); }
END { print (v[1] == v[2]); }'
}
havetc() {
- grep 'flags:.* tc[^;]*;' $1 > /dev/null
+ grep 'flags:.* tc[^;]*;' $1 >/dev/null
}
-for bad in bad*.conf
-do
- n=`expr $n + 1`
- echo_i "checking that named-checkconf detects error in $bad ($n)"
- ret=0
- $CHECKCONF $bad > /dev/null 2>&1 && ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+for bad in bad*.conf; do
+ n=$(expr $n + 1)
+ echo_i "checking that named-checkconf detects error in $bad ($n)"
+ ret=0
+ $CHECKCONF $bad >/dev/null 2>&1 && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
done
-for good in good*.conf
-do
- n=`expr $n + 1`
- echo_i "checking that named-checkconf detects accepts $good ($n)"
- ret=0
- $CHECKCONF $good > /dev/null 2>&1 || ret=1
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+for good in good*.conf; do
+ n=$(expr $n + 1)
+ echo_i "checking that named-checkconf detects accepts $good ($n)"
+ ret=0
+ $CHECKCONF $good >/dev/null 2>&1 || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
done
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)"
ret=0
-$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n
-grep COOKIE: dig.out.test$n > /dev/null && ret=1
-grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 >dig.out.test$n
+grep COOKIE: dig.out.test$n >/dev/null && ret=1
+grep "status: FORMERR" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)"
ret=0
-$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
-grep COOKIE: dig.out.test$n > /dev/null || ret=1
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 >dig.out.test$n
+grep COOKIE: dig.out.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking COOKIE token is returned to empty COOKIE option ($n)"
ret=0
-$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
-grep COOKIE: dig.out.test$n > /dev/null || ret=1
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 >dig.out.test$n
+grep COOKIE: dig.out.test$n >/dev/null || ret=1
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking COOKIE is not returned when answer-cookie is false ($n)"
ret=0
-$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n
-grep COOKIE: dig.out.test$n > /dev/null && ret=1
-grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 >dig.out.test$n
+grep COOKIE: dig.out.test$n >/dev/null && ret=1
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking response size without COOKIE ($n)"
ret=0
-$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore >dig.out.test$n
havetc dig.out.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking response size without valid COOKIE ($n)"
ret=0
-$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore >dig.out.test$n
havetc dig.out.test$n || ret=1
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking response size with COOKIE ($n)"
ret=0
-$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l
-cookie=`getcookie dig.out.test$n.l`
-$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 >dig.out.test$n.l
+cookie=$(getcookie dig.out.test$n.l)
+$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore >dig.out.test$n
havetc dig.out.test$n && ret=1
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking response size with COOKIE recursive ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore >dig.out.test$n
havetc dig.out.test$n && ret=1
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking COOKIE is learnt for TCP retry ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n
-linecount=`getcookie dig.out.test$n | wc -l`
+$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 >dig.out.test$n
+linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 3 ]; then ret=1; fi
-checkfull=`getcookie dig.out.test$n | fullcookie`
+checkfull=$(getcookie dig.out.test$n | fullcookie)
if [ $checkfull != 1 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking for COOKIE value in adb ($n)"
ret=0
rndc_dumpdb ns1
-grep "10.53.0.2.*\[cookie=" ns1/named_dump.db.test$n > /dev/null || ret=1
+grep "10.53.0.2.*\[cookie=" ns1/named_dump.db.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking require-server-cookie default (no) ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n
-grep BADCOOKIE dig.out.test$n > /dev/null && ret=1
-linecount=`getcookie dig.out.test$n | wc -l`
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 >dig.out.test$n
+grep BADCOOKIE dig.out.test$n >/dev/null && ret=1
+linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking require-server-cookie yes ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n
-grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
-grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
-grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
-linecount=`getcookie dig.out.test$n | wc -l`
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 >dig.out.test$n
+grep "flags: qr[^;]* aa[ ;]" dig.out.test$n >/dev/null && ret=1
+grep "flags: qr[^;]* ad[ ;]" dig.out.test$n >/dev/null && ret=1
+grep BADCOOKIE dig.out.test$n >/dev/null || ret=1
+linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "checking require-server-cookie yes with rate-limit ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n
-grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
-grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
-linecount=`getcookie dig.out.test$n | wc -l`
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 >dig.out.test$n
+grep "flags: qr[^;]* ad[ ;]" dig.out.test$n >/dev/null && ret=1
+grep BADCOOKIE dig.out.test$n >/dev/null || ret=1
+linecount=$(getcookie dig.out.test$n | wc -l)
if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "send undersized cookie ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 > dig.out.test$n || ret=1
-grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 >dig.out.test$n || ret=1
+grep "status: FORMERR" dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "send oversized for named cookie ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 > dig.out.test$n || ret=1
-grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 >dig.out.test$n || ret=1
+grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "send oversized for named cookie with server requiring a good cookie ($n)"
ret=0
-$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 > dig.out.test$n || ret=1
-grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 >dig.out.test$n || ret=1
+grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
#
# Test shared cookie-secret support.
@@ -222,293 +220,292 @@
# Force local address so that the client's address is the same to all servers.
#
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "get NS4 cookie for cross server checking ($n)"
ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-ns4cookie=`getcookie dig.out.test$n`
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+ns4cookie=$(getcookie dig.out.test$n)
test -n "$ns4cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "get NS5 cookie for cross server checking ($n)"
ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-ns5cookie=`getcookie dig.out.test$n`
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+ns5cookie=$(getcookie dig.out.test$n)
test -n "$ns5cookie" || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "get NS6 cookie for cross server checking ($n)"
ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-ns6cookie=`getcookie dig.out.test$n`
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+ns6cookie=$(getcookie dig.out.test$n)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS4 cookie on NS5 (expect success) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: NOERROR," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: BADCOOKIE," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS5 cookie on NS4 (expect success) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: NOERROR," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: BADCOOKIE," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: BADCOOKIE," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "test NS6 cookie on NS5 (expect success) ($n)"
ret=0
-$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
-grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
-grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
+$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 >dig.out.test$n
+grep "; COOKIE:.*(good)" dig.out.test$n >/dev/null || ret=1
+grep "status: NOERROR," dig.out.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
#UDP
-$DIG $DIGOPTS @10.53.0.9 +notcp tld > dig.out.test$n.1
-grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
-grep "$pat" dig.out.test$n.1 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.1 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.1 > /dev/null && ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +notcp tcponly.tld > dig.out.test$n.2
-grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
-grep "; COOKIE:" dig.out.test$n.2 > /dev/null && ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null || ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +notcp nocookie.tld > dig.out.test$n.3
-grep "status: NOERROR" dig.out.test$n.3 > /dev/null || ret=1
-grep "; COOKIE:" dig.out.test$n.3 > /dev/null && ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.3 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.3 > /dev/null || ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +notcp withtsig.tld > dig.out.test$n.4
-grep "status: NOERROR" dig.out.test$n.4 > /dev/null || ret=1
-grep "; COOKIE:" dig.out.test$n.4 > /dev/null && ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.4 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.4 > /dev/null || ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.4 > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.9 +notcp tld >dig.out.test$n.1
+grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
+grep "$pat" dig.out.test$n.1 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.1 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.1 >/dev/null && ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +notcp tcponly.tld >dig.out.test$n.2
+grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+grep "; COOKIE:" dig.out.test$n.2 >/dev/null && ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null || ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +notcp nocookie.tld >dig.out.test$n.3
+grep "status: NOERROR" dig.out.test$n.3 >/dev/null || ret=1
+grep "; COOKIE:" dig.out.test$n.3 >/dev/null && ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.3 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.3 >/dev/null || ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +notcp withtsig.tld >dig.out.test$n.4
+grep "status: NOERROR" dig.out.test$n.4 >/dev/null || ret=1
+grep "; COOKIE:" dig.out.test$n.4 >/dev/null && ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.4 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.4 >/dev/null || ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.4 >/dev/null || ret=1
#TCP
-$DIG $DIGOPTS @10.53.0.9 +tcp tld > dig.out.test$n.5
-grep "status: NOERROR" dig.out.test$n.5 > /dev/null || ret=1
-grep "$pat" dig.out.test$n.5 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.5 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.5 > /dev/null && ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +tcp tcponly.tld > dig.out.test$n.6
-grep "status: NOERROR" dig.out.test$n.6 > /dev/null || ret=1
-grep "$pat" dig.out.test$n.6 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.6 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.6 > /dev/null && ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +tcp nocookie.tld > dig.out.test$n.7
-grep "status: NOERROR" dig.out.test$n.7 > /dev/null || ret=1
-grep "; COOKIE:" dig.out.test$n.7 > /dev/null && ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.7 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.7 > /dev/null && ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1
-
-$DIG $DIGOPTS @10.53.0.9 +tcp withtsig.tld > dig.out.test$n.8
-grep "status: NOERROR" dig.out.test$n.8 > /dev/null || ret=1
-grep "$pat" dig.out.test$n.8 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.8 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.8 > /dev/null && ret=1
-grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.8 > /dev/null && ret=1
+$DIG $DIGOPTS @10.53.0.9 +tcp tld >dig.out.test$n.5
+grep "status: NOERROR" dig.out.test$n.5 >/dev/null || ret=1
+grep "$pat" dig.out.test$n.5 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.5 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.5 >/dev/null && ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +tcp tcponly.tld >dig.out.test$n.6
+grep "status: NOERROR" dig.out.test$n.6 >/dev/null || ret=1
+grep "$pat" dig.out.test$n.6 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.6 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.6 >/dev/null && ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +tcp nocookie.tld >dig.out.test$n.7
+grep "status: NOERROR" dig.out.test$n.7 >/dev/null || ret=1
+grep "; COOKIE:" dig.out.test$n.7 >/dev/null && ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.7 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.7 >/dev/null && ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 >/dev/null && ret=1
+
+$DIG $DIGOPTS @10.53.0.9 +tcp withtsig.tld >dig.out.test$n.8
+grep "status: NOERROR" dig.out.test$n.8 >/dev/null || ret=1
+grep "$pat" dig.out.test$n.8 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.8 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.8 >/dev/null && ret=1
+grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.8 >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that spoofed response is dropped when we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
# prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
-grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.1 tld >dig.out.test$n.1
+grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
rndc_dumpdb ns1
-grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
+grep "$pat" ns1/named_dump.db.test$n >/dev/null || ret=1
# spoofed response contains 10.53.0.10
nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 tcponly.tld > dig.out.test$n.2
+$DIG $DIGOPTS @10.53.0.1 tcponly.tld >dig.out.test$n.2
wait_for_log 5 "$msg" ns1/named.run || ret=1
-grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
+grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that gracefully handle server disabling DNS COOKIE we have a server cookie ($n)"
ret=0
msg="missing expected cookie from"
pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
# prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
-grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.1 tld >dig.out.test$n.1
+grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
rndc_dumpdb ns1
-grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
+grep "$pat" ns1/named_dump.db.test$n >/dev/null || ret=1
# check the disabled server response
nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 nocookie.tld > dig.out.test$n.2
+$DIG $DIGOPTS @10.53.0.1 nocookie.tld >dig.out.test$n.2
wait_for_log 5 "$msg" ns1/named.run || ret=1
-grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
+grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
-n=`expr $n + 1`
+n=$(expr $n + 1)
echo_i "check that spoofed response with a TSIG is dropped when we have a server cookie ($n)"
ret=0
pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
# prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
-grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
+$DIG $DIGOPTS @10.53.0.1 tld >dig.out.test$n.1
+grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
rndc_dumpdb ns1
-grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
+grep "$pat" ns1/named_dump.db.test$n >/dev/null || ret=1
# spoofed response contains 10.53.0.10
nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 withtsig.tld > dig.out.test$n.2
-grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
-grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
-nextpart ns1/named.run > named.run.test$n
+$DIG $DIGOPTS @10.53.0.1 withtsig.tld >dig.out.test$n.2
+grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null && ret=1
+nextpart ns1/named.run >named.run.test$n
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 1 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
if $PYTHON -c '
import dns.version, sys;
if dns.version.MAJOR > 1: sys.exit(0);
if dns.version.MAJOR == 1 and dns.version.MINOR >= 16: sys.exit(0);
-sys.exit(1)'
-then
- n=`expr $n + 1`
+sys.exit(1)'; then
+ n=$(expr $n + 1)
echo_i "check that TSIG test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
key=hmac-sha256:foo:aaaaaaaaaaaa
#UDP
- $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
- grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
- grep "$pat" dig.out.test$n.1 > /dev/null || ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.1 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.1 > /dev/null && ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
-
- $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tcponly.tsig > dig.out.test$n.2
- grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
- grep "; COOKIE:" dig.out.test$n.2 > /dev/null && ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null || ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
-
- $DIG $DIGOPTS @10.53.0.10 -y $key +notcp nocookie.tsig > dig.out.test$n.3
- grep "status: NOERROR" dig.out.test$n.3 > /dev/null || ret=1
- grep "; COOKIE:" dig.out.test$n.3 > /dev/null && ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.3 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.3 > /dev/null || ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
+ $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. >dig.out.test$n.1
+ grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
+ grep "$pat" dig.out.test$n.1 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.1 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.1 >/dev/null && ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
+
+ $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tcponly.tsig >dig.out.test$n.2
+ grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+ grep "; COOKIE:" dig.out.test$n.2 >/dev/null && ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null || ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
+
+ $DIG $DIGOPTS @10.53.0.10 -y $key +notcp nocookie.tsig >dig.out.test$n.3
+ grep "status: NOERROR" dig.out.test$n.3 >/dev/null || ret=1
+ grep "; COOKIE:" dig.out.test$n.3 >/dev/null && ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.3 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.3 >/dev/null || ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
#TCP
- $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tsig. > dig.out.test$n.5
- grep "status: NOERROR" dig.out.test$n.5 > /dev/null || ret=1
- grep "$pat" dig.out.test$n.5 > /dev/null || ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.5 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.5 > /dev/null && ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
-
- $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tcponly.tsig > dig.out.test$n.6
- grep "status: NOERROR" dig.out.test$n.6 > /dev/null || ret=1
- grep "$pat" dig.out.test$n.6 > /dev/null || ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.6 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.6 > /dev/null && ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
-
- $DIG $DIGOPTS @10.53.0.10 -y $key +tcp nocookie.tsig > dig.out.test$n.7
- grep "status: NOERROR" dig.out.test$n.7 > /dev/null || ret=1
- grep "; COOKIE:" dig.out.test$n.7 > /dev/null && ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.7 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.7 > /dev/null && ret=1
- grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1
+ $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tsig. >dig.out.test$n.5
+ grep "status: NOERROR" dig.out.test$n.5 >/dev/null || ret=1
+ grep "$pat" dig.out.test$n.5 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.5 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.5 >/dev/null && ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
+
+ $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tcponly.tsig >dig.out.test$n.6
+ grep "status: NOERROR" dig.out.test$n.6 >/dev/null || ret=1
+ grep "$pat" dig.out.test$n.6 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.6 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.6 >/dev/null && ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
+
+ $DIG $DIGOPTS @10.53.0.10 -y $key +tcp nocookie.tsig >dig.out.test$n.7
+ grep "status: NOERROR" dig.out.test$n.7 >/dev/null || ret=1
+ grep "; COOKIE:" dig.out.test$n.7 >/dev/null && ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.7 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.7 >/dev/null && ret=1
+ grep 'TSIG.*NOERROR' dig.out.test$n.1 >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ status=$(expr $status + $ret)
- n=`expr $n + 1`
+ n=$(expr $n + 1)
echo_i "check that missing COOKIE with a valid TSIG signed response does not trigger TCP fallback ($n)"
ret=0
pat='10\.53\.0\.10 .*\[cookie=................................\] \[ttl'
# prime EDNS COOKIE state
- $DIG $DIGOPTS @10.53.0.1 tsig. > dig.out.test$n.1
- grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
+ $DIG $DIGOPTS @10.53.0.1 tsig. >dig.out.test$n.1
+ grep "status: NOERROR" dig.out.test$n.1 >/dev/null || ret=1
rndc_dumpdb ns1
- grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
+ grep "$pat" ns1/named_dump.db.test$n >/dev/null || ret=1
# check the disabled server response
nextpart ns1/named.run >/dev/null
- $DIG $DIGOPTS @10.53.0.1 nocookie.tsig > dig.out.test$n.2
- grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
- grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
- grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null || ret=1
- nextpart ns1/named.run > named.run.test$n
+ $DIG $DIGOPTS @10.53.0.1 nocookie.tsig >dig.out.test$n.2
+ grep "status: NOERROR" dig.out.test$n.2 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.9' dig.out.test$n.2 >/dev/null || ret=1
+ grep 'A.10\.53\.0\.10' dig.out.test$n.2 >/dev/null || ret=1
+ nextpart ns1/named.run >named.run.test$n
count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n)
test $count -eq 2 || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ status=$(expr $status + $ret)
fi
echo_i "exit status: $status"
diff -Nru bind9-9.16.44/bin/tests/system/coverage/setup.sh bind9-9.16.48/bin/tests/system/coverage/setup.sh
--- bind9-9.16.44/bin/tests/system/coverage/setup.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/coverage/setup.sh 2024-02-11 11:31:39.000000000 +0000
@@ -21,40 +21,40 @@
# Test 1: KSK goes inactive before successor is active
dir=01-ksk-inactive
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
-$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
-$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +7mo $ksk1 >/dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 2: ZSK goes inactive before successor is active
dir=02-zsk-inactive
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
-$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +7mo $zsk1 >/dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 3: KSK is unpublished before its successor is published
dir=03-ksk-unpublished
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
-$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
-$SETTIME -K $dir -D +6mo $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -D +6mo $ksk1 >/dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 4: ZSK is unpublished before its successor is published
dir=04-zsk-unpublished
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
-$SETTIME -K $dir -D +6mo $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -D +6mo $zsk1 >/dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 5: KSK deleted and successor published before KSK is deactivated
# and successor activated.
dir=05-ksk-unpub-active
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
-$SETTIME -K $dir -I +9mo -D +8mo $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +8mo $ksk1 >/dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
@@ -62,50 +62,50 @@
# and successor activated.
dir=06-zsk-unpub-active
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +9mo -D +8mo $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +8mo $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 7: KSK rolled with insufficient delay after prepublication.
dir=07-ksk-ttl
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
-$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
# allow only 1 day between publication and activation
-$SETTIME -K $dir -P +269d $ksk2 > /dev/null 2>&1
+$SETTIME -K $dir -P +269d $ksk2 >/dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 8: ZSK rolled with insufficient delay after prepublication.
dir=08-zsk-ttl
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
# allow only 1 day between publication and activation
-$SETTIME -K $dir -P +269d $zsk2 > /dev/null 2>&1
+$SETTIME -K $dir -P +269d $zsk2 >/dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 9: KSK goes inactive before successor is active, but checking ZSKs
dir=09-check-zsk
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
-$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
-$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +7mo $ksk1 >/dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 10: ZSK goes inactive before successor is active, but checking KSKs
dir=10-check-ksk
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
-$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +7mo $zsk1 >/dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 11: ZSK goes inactive before successor is active, but after cutoff
dir=11-cutoff
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
-$SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +18mo -D +2y $zsk1 >/dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
-$SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1
+$SETTIME -K $dir -I +16mo $zsk1 >/dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 12: Too early KSK deletion
diff -Nru bind9-9.16.44/bin/tests/system/coverage/tests.sh bind9-9.16.48/bin/tests/system/coverage/tests.sh
--- bind9-9.16.44/bin/tests/system/coverage/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/coverage/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -19,68 +19,68 @@
status=0
n=1
-matchall () {
- file=$1
- echo "$2" | while read matchline; do
- grep "$matchline" $file > /dev/null 2>&1 || {
- echo "FAIL"
- return
- }
- done
+matchall() {
+ file=$1
+ echo "$2" | while read matchline; do
+ grep "$matchline" $file >/dev/null 2>&1 || {
+ echo "FAIL"
+ return
+ }
+ done
}
echo_i "checking for DNSSEC key coverage issues"
ret=0
for dir in [0-9][0-9]-*; do
- ret=0
- echo_i "$dir"
- args= warn= error= ok= retcode= match= zones=
- . $dir/expect
- $COVERAGE $args -K $dir ${zones:-example.com} > coverage.$n 2>&1
-
- # check that return code matches expectations
- found=$?
- if [ $found -ne $retcode ]; then
- echo "retcode was $found expected $retcode"
- ret=1
- fi
-
- # check for correct number of errors
- found=`grep ERROR coverage.$n | wc -l`
- if [ $found -ne $error ]; then
- echo "error count was $found expected $error"
- ret=1
- fi
-
- # check for correct number of warnings
- found=`grep WARNING coverage.$n | wc -l`
- if [ $found -ne $warn ]; then
- echo "warning count was $found expected $warn"
- ret=1
- fi
-
- # check for correct number of OKs
- found=`grep "No errors found" coverage.$n | wc -l`
- if [ $found -ne $ok ]; then
- echo "good count was $found expected $ok"
- ret=1
- fi
-
- found=`matchall coverage.$n "$match"`
- if [ "$found" = "FAIL" ]; then
- echo "no match on '$match'"
- ret=1
- fi
-
- found=`grep Traceback coverage.$n | wc -l`
- if [ $found -ne 0 ]; then
- echo "python exception detected"
- ret=1
- fi
-
- n=`expr $n + 1`
- if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ ret=0
+ echo_i "$dir"
+ args= warn= error= ok= retcode= match= zones=
+ . $dir/expect
+ $COVERAGE $args -K $dir ${zones:-example.com} >coverage.$n 2>&1
+
+ # check that return code matches expectations
+ found=$?
+ if [ $found -ne $retcode ]; then
+ echo "retcode was $found expected $retcode"
+ ret=1
+ fi
+
+ # check for correct number of errors
+ found=$(grep ERROR coverage.$n | wc -l)
+ if [ $found -ne $error ]; then
+ echo "error count was $found expected $error"
+ ret=1
+ fi
+
+ # check for correct number of warnings
+ found=$(grep WARNING coverage.$n | wc -l)
+ if [ $found -ne $warn ]; then
+ echo "warning count was $found expected $warn"
+ ret=1
+ fi
+
+ # check for correct number of OKs
+ found=$(grep "No errors found" coverage.$n | wc -l)
+ if [ $found -ne $ok ]; then
+ echo "good count was $found expected $ok"
+ ret=1
+ fi
+
+ found=$(matchall coverage.$n "$match")
+ if [ "$found" = "FAIL" ]; then
+ echo "no match on '$match'"
+ ret=1
+ fi
+
+ found=$(grep Traceback coverage.$n | wc -l)
+ if [ $found -ne 0 ]; then
+ echo "python exception detected"
+ ret=1
+ fi
+
+ n=$(expr $n + 1)
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$(expr $status + $ret)
done
echo_i "exit status: $status"
diff -Nru bind9-9.16.44/bin/tests/system/database/tests.sh bind9-9.16.48/bin/tests/system/database/tests.sh
--- bind9-9.16.44/bin/tests/system/database/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/database/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -26,11 +26,11 @@
echo_i "checking pre reload zone ($n)"
ret=0
-$DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
-grep "hostmaster\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
-n=`expr $n + 1`
+$DIG $DIGOPTS soa database. @10.53.0.1 >dig.out.ns1.test$n || ret=1
+grep "hostmaster\.isc\.org" dig.out.ns1.test$n >/dev/null || ret=1
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
copy_setports ns1/named2.conf.in ns1/named.conf
$RNDCCMD reload 2>&1 >/dev/null
@@ -38,18 +38,17 @@
echo_i "checking post reload zone ($n)"
ret=1
try=0
-while test $try -lt 6
-do
- sleep 1
- ret=0
- $DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1
- grep "marka\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1
- try=`expr $try + 1`
- test $ret -eq 0 && break
+while test $try -lt 6; do
+ sleep 1
+ ret=0
+ $DIG $DIGOPTS soa database. @10.53.0.1 >dig.out.ns1.test$n || ret=1
+ grep "marka\.isc\.org" dig.out.ns1.test$n >/dev/null || ret=1
+ try=$(expr $try + 1)
+ test $ret -eq 0 && break
done
-n=`expr $n + 1`
+n=$(expr $n + 1)
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/dialup/tests.sh bind9-9.16.48/bin/tests/system/dialup/tests.sh
--- bind9-9.16.44/bin/tests/system/dialup/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/dialup/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -22,44 +22,40 @@
# Check the example. domain
-$DIG $DIGOPTS example. @10.53.0.1 soa > dig.out.ns1.test || ret=1
+$DIG $DIGOPTS example. @10.53.0.1 soa >dig.out.ns1.test || ret=1
echo_i "checking that first zone transfer worked"
ret=0
try=0
-while test $try -lt 120
-do
- $DIG $DIGOPTS example. @10.53.0.2 soa > dig.out.ns2.test || ret=1
- if grep SERVFAIL dig.out.ns2.test > /dev/null
- then
- try=`expr $try + 1`
- sleep 1
- else
- digcomp dig.out.ns1.test dig.out.ns2.test || ret=1
- break;
- fi
+while test $try -lt 120; do
+ $DIG $DIGOPTS example. @10.53.0.2 soa >dig.out.ns2.test || ret=1
+ if grep SERVFAIL dig.out.ns2.test >/dev/null; then
+ try=$(expr $try + 1)
+ sleep 1
+ else
+ digcomp dig.out.ns1.test dig.out.ns2.test || ret=1
+ break
+ fi
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "checking that second zone transfer worked"
ret=0
try=0
-while test $try -lt 120
-do
- $DIG $DIGOPTS example. @10.53.0.3 soa > dig.out.ns3.test || ret=1
- if grep SERVFAIL dig.out.ns3.test > /dev/null
- then
- try=`expr $try + 1`
- sleep 1
- else
- digcomp dig.out.ns1.test dig.out.ns3.test || ret=1
- break;
- fi
+while test $try -lt 120; do
+ $DIG $DIGOPTS example. @10.53.0.3 soa >dig.out.ns3.test || ret=1
+ if grep SERVFAIL dig.out.ns3.test >/dev/null; then
+ try=$(expr $try + 1)
+ sleep 1
+ else
+ digcomp dig.out.ns1.test dig.out.ns3.test || ret=1
+ break
+ fi
done
echo_i "try $try"
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$(expr $status + $ret)
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
diff -Nru bind9-9.16.44/bin/tests/system/digdelv/ns2/sign.sh bind9-9.16.48/bin/tests/system/digdelv/ns2/sign.sh
--- bind9-9.16.44/bin/tests/system/digdelv/ns2/sign.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/digdelv/ns2/sign.sh 2024-02-11 11:31:39.000000000 +0000
@@ -20,10 +20,10 @@
cp example.db.in example.db
-"$SIGNER" -Sz -f example.db -o example example.db.in > /dev/null 2>&1
+"$SIGNER" -Sz -f example.db -o example example.db.in >/dev/null 2>&1
-keyfile_to_key_id "$ksk" > keyid
-grep -Ev '^;' < "$ksk.key" | cut -f 7- -d ' ' > keydata
+keyfile_to_key_id "$ksk" >keyid
+grep -Ev '^;' <"$ksk.key" | cut -f 7- -d ' ' >keydata
-keyfile_to_initial_keys "$ksk" > ../ns3/anchor.dnskey
-keyfile_to_initial_ds "$ksk" > ../ns3/anchor.ds
+keyfile_to_initial_keys "$ksk" >../ns3/anchor.dnskey
+keyfile_to_initial_ds "$ksk" >../ns3/anchor.ds
diff -Nru bind9-9.16.44/bin/tests/system/digdelv/prereq.sh bind9-9.16.48/bin/tests/system/digdelv/prereq.sh
--- bind9-9.16.44/bin/tests/system/digdelv/prereq.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/digdelv/prereq.sh 2024-02-11 11:31:39.000000000 +0000
@@ -16,10 +16,9 @@
set -e
-if $PERL -e 'use Net::DNS;' 2>/dev/null
-then
- :
+if $PERL -e 'use Net::DNS;' 2>/dev/null; then
+ :
else
- echo_i "This test requires the Net::DNS library." >&2
- exit 1
+ echo_i "This test requires the Net::DNS library." >&2
+ exit 1
fi
diff -Nru bind9-9.16.44/bin/tests/system/digdelv/tests.sh bind9-9.16.48/bin/tests/system/digdelv/tests.sh
--- bind9-9.16.44/bin/tests/system/digdelv/tests.sh 2023-09-08 12:40:48.000000000 +0000
+++ bind9-9.16.48/bin/tests/system/digdelv/tests.sh 2024-02-11 11:31:39.000000000 +0000
@@ -21,15 +21,15 @@
n=0
sendcmd() {
- "$PERL" "$SYSTEMTESTTOP/send.pl" "${1}" "$EXTRAPORT1"
+ "$PERL" "$SYSTEMTESTTOP/send.pl" "${1}" "$EXTRAPORT1"
}
dig_with_opts() {
- "$DIG" -p "$PORT" "$@"
+ "$DIG" -p "$PORT" "$@"
}
mdig_with_opts() {
- "$MDIG" -p "$PORT" "$@"
+ "$MDIG" -p "$PORT" "$@"
}
# Check if response in file $1 has the correct TTL range.
@@ -38,212 +38,211 @@
# the second word on the line. TTL position can be adjusted with
# setting the position $4, but that requires updating this function.
check_ttl_range() {
- file=$1
- pos=$4
+ file=$1
+ pos=$4
- case "$pos" in
+ case "$pos" in
"3")
- awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
- ;;
+ awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' <$file
+ ;;
*)
- awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file
- ;;
- esac
-
- result=$?
- [ $result -eq 0 ] || echo_i "ttl check failed"
- return $result
+ awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' <$file
+ ;;
+ esac
+
+ result=$?
+ [ $result -eq 0 ] || echo_i "ttl check failed"
+ return $result
}
# using delv insecure mode as not testing dnssec here
delv_with_opts() {
- "$DELV" +noroot -p "$PORT" "$@"
+ "$DELV" +noroot -p "$PORT" "$@"
}
KEYID="$(cat ns2/keyid)"
-KEYDATA="$(< ns2/keydata sed -e 's/+/[+]/g')"
-NOSPLIT="$(< ns2/keydata sed -e 's/+/[+]/g' -e 's/ //g')"
+KEYDATA="$(sed /dev/null && HAS_PYYAML=1
+if [ -n "$PYTHON" ]; then
+ $PYTHON -c "import yaml" 2>/dev/null && HAS_PYYAML=1
fi
#
# test whether ans7/ans.pl will be able to send a UPDATE response.
# if it can't, we will log that below.
#
-if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet; my $p = new Net::DNS::Packet; $p->header->opcode(5);' > /dev/null 2>&1
-then
- checkupdate=1
+if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet; my $p = new Net::DNS::Packet; $p->header->opcode(5);' >/dev/null 2>&1; then
+ checkupdate=1
else
- checkupdate=0
+ checkupdate=0
fi
-if [ -x "$NSLOOKUP" -a $checkupdate -eq 1 ] ; then
+if [ -x "$NSLOOKUP" -a $checkupdate -eq 1 ]; then
- n=$((n+1))
+ n=$((n + 1))
echo_i "check nslookup handles UPDATE response ($n)"
ret=0
- "$NSLOOKUP" -q=CNAME "-port=$PORT" foo.bar 10.53.0.7 > nslookup.out.test$n 2>&1 && ret=1
- grep "Opcode mismatch" nslookup.out.test$n > /dev/null || ret=1
+ "$NSLOOKUP" -q=CNAME "-port=$PORT" foo.bar 10.53.0.7 >nslookup.out.test$n 2>&1 && ret=1
+ grep "Opcode mismatch" nslookup.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
fi
-if [ -x "$HOST" -a $checkupdate -eq 1 ] ; then
+if [ -x "$HOST" -a $checkupdate -eq 1 ]; then
- n=$((n+1))
+ n=$((n + 1))
echo_i "check host handles UPDATE response ($n)"
ret=0
- "$HOST" -t CNAME -p $PORT foo.bar 10.53.0.7 > host.out.test$n 2>&1 && ret=1
- grep "Opcode mismatch" host.out.test$n > /dev/null || ret=1
+ "$HOST" -t CNAME -p $PORT foo.bar 10.53.0.7 >host.out.test$n 2>&1 && ret=1
+ grep "Opcode mismatch" host.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
fi
-if [ -x "$NSUPDATE" -a $checkupdate -eq 1 ] ; then
+if [ -x "$NSUPDATE" -a $checkupdate -eq 1 ]; then
- n=$((n+1))
+ n=$((n + 1))
echo_i "check nsupdate handles UPDATE response to QUERY ($n)"
ret=0
res=0
- $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || res=$?
+ $NSUPDATE <nsupdate.out.test$n 2>&1 || res=$?
server 10.53.0.7 ${PORT}
add x.example.com 300 in a 1.2.3.4
send
EOF
test $res -eq 1 || ret=1
- grep "invalid OPCODE in response to SOA query" nsupdate.out.test$n > /dev/null || ret=1
+ grep "invalid OPCODE in response to SOA query" nsupdate.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
fi
-if [ -x "$DIG" ] ; then
+if [ -x "$DIG" ]; then
- if [ $checkupdate -eq 1 ] ; then
+ if [ $checkupdate -eq 1 ]; then
- n=$((n+1))
+ n=$((n + 1))
echo_i "check dig handles UPDATE response ($n)"
ret=0
- dig_with_opts @10.53.0.7 cname foo.bar > dig.out.test$n 2>&1 && ret=1
- grep "Opcode mismatch" dig.out.test$n > /dev/null || ret=1
+ dig_with_opts @10.53.0.7 cname foo.bar >dig.out.test$n 2>&1 && ret=1
+ grep "Opcode mismatch" dig.out.test$n >/dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
else
echo_i "Skipped UPDATE handling test"
fi
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig short form works ($n)"
ret=0
- dig_with_opts @10.53.0.3 +short a a.example > dig.out.test$n || ret=1
- test "$(wc -l < dig.out.test$n)" -eq 1 || ret=1
+ dig_with_opts @10.53.0.3 +short a a.example >dig.out.test$n || ret=1
+ test "$(wc -l dig.out.test$n || ret=1
- grep " 9ABC DEF6 7890 " < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts @10.53.0.3 +split=4 -t sshfp foo.example >dig.out.test$n || ret=1
+ grep " 9ABC DEF6 7890 " /dev/null || ret=1
check_ttl_range dig.out.test$n "SSHFP" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +unknownformat works ($n)"
ret=0
- dig_with_opts @10.53.0.3 +unknownformat a a.example > dig.out.test$n || ret=1
- grep "CLASS1[ ][ ]*TYPE1[ ][ ]*\\\\# 4 0A000001" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts @10.53.0.3 +unknownformat a a.example >dig.out.test$n || ret=1
+ grep "CLASS1[ ][ ]*TYPE1[ ][ ]*\\\\# 4 0A000001" /dev/null || ret=1
check_ttl_range dig.out.test$n "TYPE1" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig with reverse lookup works ($n)"
ret=0
- dig_with_opts @10.53.0.3 -x 127.0.0.1 > dig.out.test$n 2>&1 || ret=1
+ dig_with_opts @10.53.0.3 -x 127.0.0.1 >dig.out.test$n 2>&1 || ret=1
# doesn't matter if has answer
- grep -i "127\\.in-addr\\.arpa\\." < dig.out.test$n > /dev/null || ret=1
+ grep -i "127\\.in-addr\\.arpa\\." /dev/null || ret=1
check_ttl_range dig.out.test$n "SOA" 86400 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig over TCP works ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 a a.example > dig.out.test$n || ret=1
- grep "10\\.0\\.0\\.1$" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 a a.example >dig.out.test$n || ret=1
+ grep "10\\.0\\.0\\.1$" /dev/null || ret=1
check_ttl_range dig.out.test$n "A" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +multi +norrcomments works for DNSKEY (when default is rrcomments)($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t DNSKEY example > dig.out.test$n || ret=1
- grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t DNSKEY example >dig.out.test$n || ret=1
+ grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" dig.out.test$n >/dev/null && ret=1
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +multi +norrcomments works for SOA (when default is rrcomments)($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t SOA example > dig.out.test$n || ret=1
- grep "; serial" dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +tcp @10.53.0.3 +multi +norrcomments -t SOA example >dig.out.test$n || ret=1
+ grep "; serial" dig.out.test$n >/dev/null && ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +rrcomments works for DNSKEY($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +rrcomments DNSKEY example > dig.out.test$n || ret=1
- grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +rrcomments DNSKEY example >dig.out.test$n || ret=1
+ grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" /dev/null || ret=1
check_ttl_range dig.out.test$n "DNSKEY" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +short +rrcomments works for DNSKEY ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example > dig.out.test$n || ret=1
- grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example >dig.out.test$n || ret=1
+ grep "; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +short +nosplit works($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +short +nosplit DNSKEY example > dig.out.test$n || ret=1
- grep "$NOSPLIT" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +short +nosplit DNSKEY example >dig.out.test$n || ret=1
+ grep "$NOSPLIT" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +short +rrcomments works($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example > dig.out.test$n || ret=1
- grep -q "$KEYDATA ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" < dig.out.test$n || ret=1
+ dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example >dig.out.test$n || ret=1
+ grep -q "$KEYDATA ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" dig.out.nn.$n || ret=1
- dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +multi example +nomulti > dig.out.mn.$n || ret=1
- dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +nomulti example +multi > dig.out.nm.$n || ret=1
- dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +multi example +multi > dig.out.mm.$n || ret=1
- lcnn=$(wc -l < dig.out.nn.$n)
- lcmn=$(wc -l < dig.out.mn.$n)
- lcnm=$(wc -l < dig.out.nm.$n)
- lcmm=$(wc -l < dig.out.mm.$n)
+ dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +nomulti example +nomulti >dig.out.nn.$n || ret=1
+ dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +multi example +nomulti >dig.out.mn.$n || ret=1
+ dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +nomulti example +multi >dig.out.nm.$n || ret=1
+ dig_with_opts +tcp @10.53.0.3 -t DNSKEY example +multi example +multi >dig.out.mm.$n || ret=1
+ lcnn=$(wc -l dig.out.test$n || ret=1
- grep "Got answer:" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +noheader-only A example >dig.out.test$n || ret=1
+ grep "Got answer:" /dev/null || ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +short +rrcomments works($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example > dig.out.test$n || ret=1
- grep -q "$KEYDATA ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" < dig.out.test$n || ret=1
+ dig_with_opts +tcp @10.53.0.3 +short +rrcomments DNSKEY example >dig.out.test$n || ret=1
+ grep -q "$KEYDATA ; ZSK; alg = $DEFAULT_ALGORITHM ; key id = $KEYID\$" dig.out.test$n || ret=1
- grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
- grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +tcp @10.53.0.3 +header-only example >dig.out.test$n || ret=1
+ grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," /dev/null || ret=1
+ grep "^;; QUESTION SECTION:" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +raflag works ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +raflag +qr example > dig.out.test$n || ret=1
- grep "^;; flags: rd ra ad; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
- grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +raflag +qr example >dig.out.test$n || ret=1
+ grep "^;; flags: rd ra ad; QUERY: 1, ANSWER: 0," /dev/null || ret=1
+ grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," /dev/null || ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +tcflag works ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +tcflag +qr example > dig.out.test$n || ret=1
- grep "^;; flags: tc rd ad; QUERY: 1, ANSWER: 0" < dig.out.test$n > /dev/null || ret=1
- grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +tcflag +qr example >dig.out.test$n || ret=1
+ grep "^;; flags: tc rd ad; QUERY: 1, ANSWER: 0" /dev/null || ret=1
+ grep "^;; flags: qr rd ra; QUERY: 1, ANSWER: 0," /dev/null || ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +header-only works (with class and type set) ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +header-only -c IN -t A example > dig.out.test$n || ret=1
- grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," < dig.out.test$n > /dev/null || ret=1
- grep "^;; QUESTION SECTION:" < dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +tcp @10.53.0.3 +header-only -c IN -t A example >dig.out.test$n || ret=1
+ grep "^;; flags: qr rd; QUERY: 0, ANSWER: 0," /dev/null || ret=1
+ grep "^;; QUESTION SECTION:" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +zflag works, and that BIND properly ignores it ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.3 +zflag +qr A example > dig.out.test$n || ret=1
- sed -n '/Sending:/,/Got answer:/p' dig.out.test$n | grep "^;; flags: rd ad; MBZ: 0x4;" > /dev/null || ret=1
- sed -n '/Got answer:/,/AUTHORITY SECTION:/p' dig.out.test$n | grep "^;; flags: qr rd ra; QUERY: 1" > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.3 +zflag +qr A example >dig.out.test$n || ret=1
+ sed -n '/Sending:/,/Got answer:/p' dig.out.test$n | grep "^;; flags: rd ad; MBZ: 0x4;" >/dev/null || ret=1
+ sed -n '/Got answer:/,/AUTHORITY SECTION:/p' dig.out.test$n | grep "^;; flags: qr rd ra; QUERY: 1" >/dev/null || ret=1
check_ttl_range dig.out.test$n "SOA" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +qr +ednsopt=08 does not cause an INSIST failure ($n)"
ret=0
- dig_with_opts @10.53.0.3 +ednsopt=08 +qr a a.example > dig.out.test$n || ret=1
- grep "INSIST" < dig.out.test$n > /dev/null && ret=1
- grep "FORMERR" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts @10.53.0.3 +ednsopt=08 +qr a a.example >dig.out.test$n || ret=1
+ grep "INSIST" /dev/null && ret=1
+ grep "FORMERR" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +ttlunits works ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +ttlunits A weeks.example > dig.out.test$n || ret=1
- grep "^weeks.example. 3w" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +ttlunits A days.example > dig.out.test$n || ret=1
- grep "^days.example. 3d" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +ttlunits A hours.example > dig.out.test$n || ret=1
- grep "^hours.example. 3h" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +ttlunits A minutes.example > dig.out.test$n || ret=1
- grep "^minutes.example. 45m" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +ttlunits A seconds.example > dig.out.test$n || ret=1
- grep "^seconds.example. 45s" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits A weeks.example >dig.out.test$n || ret=1
+ grep "^weeks.example. 3w" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits A days.example >dig.out.test$n || ret=1
+ grep "^days.example. 3d" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits A hours.example >dig.out.test$n || ret=1
+ grep "^hours.example. 3h" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits A minutes.example >dig.out.test$n || ret=1
+ grep "^minutes.example. 45m" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits A seconds.example >dig.out.test$n || ret=1
+ grep "^seconds.example. 45s" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig respects precedence of options with +ttlunits ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +ttlunits +nottlid A weeks.example > dig.out.test$n || ret=1
- grep "^weeks.example. IN" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +nottlid +ttlunits A weeks.example > dig.out.test$n || ret=1
- grep "^weeks.example. 3w" < dig.out.test$n > /dev/null || ret=1
- dig_with_opts +tcp @10.53.0.2 +nottlid +nottlunits A weeks.example > dig.out.test$n || ret=1
- grep "^weeks.example. 1814400" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +ttlunits +nottlid A weeks.example >dig.out.test$n || ret=1
+ grep "^weeks.example. IN" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +nottlid +ttlunits A weeks.example >dig.out.test$n || ret=1
+ grep "^weeks.example. 3w" /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +nottlid +nottlunits A weeks.example >dig.out.test$n || ret=1
+ grep "^weeks.example. 1814400" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig preserves origin on TCP retries ($n)"
ret=0
# Ask ans4 to still accept TCP connections, but not respond to queries
echo "//" | sendcmd 10.53.0.4
- dig_with_opts -d +tcp @10.53.0.4 +retry=1 +time=1 +domain=bar foo > dig.out.test$n 2>&1 && ret=1
+ dig_with_opts -d +tcp @10.53.0.4 +retry=1 +time=1 +domain=bar foo >dig.out.test$n 2>&1 && ret=1
test "$(grep -c "trying origin bar" dig.out.test$n)" -eq 2 || ret=1
- grep "using root origin" < dig.out.test$n > /dev/null && ret=1
+ grep "using root origin" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig -6 -4 ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 -4 -6 A a.example > dig.out.test$n 2>&1 && ret=1
- grep "only one of -4 and -6 allowed" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 -4 -6 A a.example >dig.out.test$n 2>&1 && ret=1
+ grep "only one of -4 and -6 allowed" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig @IPv6addr -4 A a.example ($n)"
- if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null
- then
+ if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null; then
ret=0
- dig_with_opts +tcp @fd92:7065:b8e:ffff::2 -4 A a.example > dig.out.test$n 2>&1 && ret=1
- grep "address family not supported" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @fd92:7065:b8e:ffff::2 -4 A a.example >dig.out.test$n 2>&1 && ret=1
+ grep "address family not supported" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping"
fi
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig @IPv4addr -6 +mapped A a.example ($n)"
- if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null && [ "$(uname -s)" != "OpenBSD" ]
- then
+ if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null && [ "$(uname -s)" != "OpenBSD" ]; then
ret=0
- dig_with_opts +tcp @10.53.0.2 -6 +mapped A a.example > dig.out.test$n 2>&1 || ret=1
- grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 -6 +mapped A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "SERVER: ::ffff:10.53.0.2#$PORT" /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
else
echo_i "IPv6 or IPv4-to-IPv6 mapping unavailable; skipping"
fi
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +tcp @IPv4addr -6 +nomapped A a.example ($n)"
- if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null
- then
+ if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null; then
ret=0
- dig_with_opts +tcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1
- grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +tcp @10.53.0.2 -6 +nomapped A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "SERVER: ::ffff:10.53.0.2#$PORT" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping"
fi
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +notcp @IPv4addr -6 +nomapped A a.example ($n)"
- if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null
- then
+ if testsock6 fd92:7065:b8e:ffff::2 2>/dev/null; then
ret=0
- dig_with_opts +notcp @10.53.0.2 -6 +nomapped A a.example > dig.out.test$n 2>&1 || ret=1
- grep "SERVER: ::ffff:10.53.0.2#$PORT" < dig.out.test$n > /dev/null && ret=1
+ dig_with_opts +notcp @10.53.0.2 -6 +nomapped A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "SERVER: ::ffff:10.53.0.2#$PORT" /dev/null && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
else
echo_i "IPv6 unavailable; skipping"
fi
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +subnet ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1
- grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.1 A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "CLIENT-SUBNET: 127.0.0.1/32/0" /dev/null || ret=1
check_ttl_range dig.out.test$n "A" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +subnet +subnet ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example > dig.out.test$n 2>&1 || ret=1
- grep "CLIENT-SUBNET: 127.0.0.1/32/0" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +subnet=127.0.0.0 +subnet=127.0.0.1 A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "CLIENT-SUBNET: 127.0.0.1/32/0" /dev/null || ret=1
check_ttl_range dig.out.test$n "A" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +subnet with various prefix lengths ($n)"
ret=0
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24; do
- dig_with_opts +tcp @10.53.0.2 +subnet=255.255.255.255/$i A a.example > dig.out.$i.test$n 2>&1 || ret=1
- case $i in
- 1|9|17) octet=128 ;;
- 2|10|18) octet=192 ;;
- 3|11|19) octet=224 ;;
- 4|12|20) octet=240 ;;
- 5|13|21) octet=248 ;;
- 6|14|22) octet=252 ;;
- 7|15|23) octet=254 ;;
- 8|16|24) octet=255 ;;
- esac
- case $i in
- 1|2|3|4|5|6|7|8) addr="${octet}.0.0.0";;
- 9|10|11|12|13|14|15|16) addr="255.${octet}.0.0";;
- 17|18|19|20|21|22|23|24) addr="255.255.${octet}.0" ;;
- esac
- grep "FORMERR" < dig.out.$i.test$n > /dev/null && ret=1
- grep "CLIENT-SUBNET: $addr/$i/0" < dig.out.$i.test$n > /dev/null || ret=1
- check_ttl_range dig.out.$i.test$n "A" 300 || ret=1
+ dig_with_opts +tcp @10.53.0.2 +subnet=255.255.255.255/$i A a.example >dig.out.$i.test$n 2>&1 || ret=1
+ case $i in
+ 1 | 9 | 17) octet=128 ;;
+ 2 | 10 | 18) octet=192 ;;
+ 3 | 11 | 19) octet=224 ;;
+ 4 | 12 | 20) octet=240 ;;
+ 5 | 13 | 21) octet=248 ;;
+ 6 | 14 | 22) octet=252 ;;
+ 7 | 15 | 23) octet=254 ;;
+ 8 | 16 | 24) octet=255 ;;
+ esac
+ case $i in
+ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8) addr="${octet}.0.0.0" ;;
+ 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16) addr="255.${octet}.0.0" ;;
+ 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24) addr="255.255.${octet}.0" ;;
+ esac
+ grep "FORMERR" /dev/null && ret=1
+ grep "CLIENT-SUBNET: $addr/$i/0" /dev/null || ret=1
+ check_ttl_range dig.out.$i.test$n "A" 300 || ret=1
done
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +subnet=0/0 ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +subnet=0/0 A a.example > dig.out.test$n 2>&1 || ret=1
- grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
- grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
- grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +subnet=0/0 A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "status: NOERROR" /dev/null || ret=1
+ grep "CLIENT-SUBNET: 0.0.0.0/0/0" /dev/null || ret=1
+ grep "10.0.0.1" /dev/null || ret=1
check_ttl_range dig.out.test$n "A" 300 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
- status=$((status+ret))
+ status=$((status + ret))
- n=$((n+1))
+ n=$((n + 1))
echo_i "checking dig +subnet=0 ($n)"
ret=0
- dig_with_opts +tcp @10.53.0.2 +subnet=0 A a.example > dig.out.test$n 2>&1 || ret=1
- grep "status: NOERROR" < dig.out.test$n > /dev/null || ret=1
- grep "CLIENT-SUBNET: 0.0.0.0/0/0" < dig.out.test$n > /dev/null || ret=1
- grep "10.0.0.1" < dig.out.test$n > /dev/null || ret=1
+ dig_with_opts +tcp @10.53.0.2 +subnet=0 A a.example >dig.out.test$n 2>&1 || ret=1
+ grep "status: NOERROR" /dev/null || ret=1
+ grep "CLIENT-SUBNET: 0.0.0.0/0/0" /dev/null || ret=1
+ grep "10.0.0.1"