[thirdparty/pdns.git] / regression-tests / tests / verify-dnssec-zone / command

#!/usr/bin/env bash
for zone in $(grep 'zone ' named.conf  | cut -f2 -d\" | grep -v '^\(example.com\|nztest.com\|insecure.dnssec-parent.com\)$')
do
	TFILE=$(mktemp tmp.XXXXXXXXXX)
	drill -p $port axfr $zone @$nameserver | ldns-read-zone -z -u CDS -u CDNSKEY > $TFILE
	for validator in "ldns-verify-zone -V2" validns jdnssec-verifyzone named-checkzone
	do
		if [ "$validator" = "validns" ] && [ "$zone" = "." ]
		then
			continue
		fi
		echo --- $validator $zone
		if [ "$validator" = "named-checkzone" ]
		then
			named-checkzone -i local $zone $TFILE 2>&1 | grep -v 'addnode: NSEC node already exists'
		else
			if [ ! -e ${testsdir}/${testname}/allow-missing ] || [[ $(type -P "$validator") ]]
			then
				$validator $TFILE 2>&1
			else
				#fake output for missing validators
				if [ "$validator" = "jdnssec-verifyzone" ]
				then
					echo zone verified.
				fi
			fi
		fi
		RETVAL=$?
		echo RETVAL: $RETVAL
		if [ $RETVAL -gt 0 ] && { [[ $validator != ldns-verify-zone* ]] || { [[ $skipreasons != *nsec3* ]] && [[ $skipreasons != *optout* ]]; }; }
		then
			echo $validator reported error, full zone content:
			echo ---
			cat $TFILE
			echo --- end of zone content
		fi
		echo
	done
	
	rm -f $TFILE
done
Commit	Line	Data
cf4d037d	1	#!/usr/bin/env bash
15a35f44	2	for zone in $(grep 'zone ' named.conf \| cut -f2 -d\" \| grep -v '^\(example.com\\|nztest.com\\|insecure.dnssec-parent.com\)$')
fc0bbb94	3	do
922bba7f	4	TFILE=$(mktemp tmp.XXXXXXXXXX)
60ff7e5a	5	drill -p $port axfr $zone @$nameserver \| ldns-read-zone -z -u CDS -u CDNSKEY > $TFILE
c5791798	6	for validator in "ldns-verify-zone -V2" validns jdnssec-verifyzone named-checkzone
fc0bbb94	7	do
c5791798 PD	8	if [ "$validator" = "validns" ] && [ "$zone" = "." ]
	9	then
	10	continue
	11	fi
fc0bbb94	12	echo --- $validator $zone
e62ba1c9 PD	13	if [ "$validator" = "named-checkzone" ]
	14	then
	15	named-checkzone -i local $zone $TFILE 2>&1 \| grep -v 'addnode: NSEC node already exists'
	16	else
55b3da69 KM	17	if [ ! -e ${testsdir}/${testname}/allow-missing ] \|\| [[ $(type -P "$validator") ]]
	18	then
	19	$validator $TFILE 2>&1
	20	else
	21	#fake output for missing validators
	22	if [ "$validator" = "jdnssec-verifyzone" ]
	23	then
	24	echo zone verified.
	25	fi
	26	fi
e62ba1c9	27	fi
fc0bbb94 PD	28	RETVAL=$?
fc0bbb94 PD	29	echo RETVAL: $RETVAL
8ded0828	30	if [ $RETVAL -gt 0 ] && { [[ $validator != ldns-verify-zone* ]] \|\| { [[ $skipreasons != nsec3 ]] && [[ $skipreasons != optout ]]; }; }
fc0bbb94 PD	31	then
	32	echo $validator reported error, full zone content:
	33	echo ---
	34	cat $TFILE
	35	echo --- end of zone content
	36	fi
	37	echo
	38	done
	39
	40	rm -f $TFILE
	41	done