check that delv handles REFUSED when chasing DS records

author Mark Andrews <marka@isc.org>

Tue, 7 Feb 2023 04:05:39 +0000 (15:05 +1100)

committer Arаm Sаrgsyаn <aram@isc.org>

Tue, 7 Feb 2023 10:41:21 +0000 (10:41 +0000)
author Mark Andrews <marka@isc.org>
Tue, 7 Feb 2023 04:05:39 +0000 (15:05 +1100)
committer Arаm Sаrgsyаn <aram@isc.org>
Tue, 7 Feb 2023 10:41:21 +0000 (10:41 +0000)
diff --git a/bin/tests/system/digdelv/clean.sh b/bin/tests/system/digdelv/clean.sh

index ed9ad87a5bc0f7f3e44a272067f286e87e788723..77e467a4990f86cc5482ebb6c4eafac0101e5f49 100644 (file)
--- a/bin/tests/system/digdelv/clean.sh
+++ b/bin/tests/system/digdelv/clean.sh
@@ -29,7 +29,9 @@ rm -f ./host.out.test*
  rm -f ./ns*/managed-keys.bind*
  rm -f ./ns*/named.lock
  rm -f ./ns2/dsset-example.
+rm -f ./ns2/dsset-example.tld.
  rm -f ./ns2/example.db ./ns2/K* ./ns2/keyid ./ns2/keydata
+rm -f ./ns2/example.tld.db
  rm -f ./nslookup.out.test*
-rm -f ./yamlget.out.*
  rm -f ./nsupdate.out.test*
+rm -f ./yamlget.out.*
diff --git a/bin/tests/system/digdelv/ns2/named.conf.in b/bin/tests/system/digdelv/ns2/named.conf.in

index 1391b7322c0a9753add9bc0e7a4c5369df36cc52..6a6c2b9fb71feb5b7c44867238802fca28655038 100644 (file)
--- a/bin/tests/system/digdelv/ns2/named.conf.in
+++ b/bin/tests/system/digdelv/ns2/named.conf.in
@@ -32,3 +32,8 @@ zone "example" {
         type primary;
         file "example.db";
  };
+
+zone "example.tld" {
+       type primary;
+       file "example.tld.db";
+};
diff --git a/bin/tests/system/digdelv/ns2/sign.sh b/bin/tests/system/digdelv/ns2/sign.sh

index c8564b283010cb96c39809a4f2bb0c8259e4bee4..782b7a1a24aa6426db313da8a0b8d7377f76429d 100644 (file)
--- a/bin/tests/system/digdelv/ns2/sign.sh
+++ b/bin/tests/system/digdelv/ns2/sign.sh
@@ -27,3 +27,6 @@ grep -Ev '^;' < "$ksk.key" | cut -f 7- -d ' ' > keydata
  
  keyfile_to_initial_keys "$ksk" > ../ns3/anchor.dnskey
  keyfile_to_initial_ds "$ksk" > ../ns3/anchor.ds
+
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.tld.)
+"$SIGNER" -Sz -f example.tld.db -o example.tld example.db.in > /dev/null 2>&1
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh

index 3debad3da83332230c5bc8b35352f372ce996425..9e82298f35b68e9bd49f87bcd49f220f11b7947e 100644 (file)
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -1396,6 +1396,14 @@ if [ -x "$DELV" ] ; then
      if [ $ret -ne 0 ]; then echo_i "failed"; fi
      status=$((status+ret))
    fi
+
+  n=$((n+1))
+  echo_i "check that delv handles REFUSED when chasing DS records ($n)"
+  delv_with_opts @10.53.0.2 +root xxx.example.tld A > delv.out.test$n 2>&1 || ret=1
+  grep ";; resolution failed: broken trust chain" delv.out.test$n > /dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
  else
    echo_i "$DELV is needed, so skipping these delv tests"
  fi
author	Mark Andrews <marka@isc.org>
	Tue, 7 Feb 2023 04:05:39 +0000 (15:05 +1100)
committer	Arаm Sаrgsyаn <aram@isc.org>
	Tue, 7 Feb 2023 10:41:21 +0000 (10:41 +0000)
bin/tests/system/digdelv/clean.sh		patch \| blob \| blame \| history
bin/tests/system/digdelv/ns2/named.conf.in		patch \| blob \| blame \| history
bin/tests/system/digdelv/ns2/sign.sh		patch \| blob \| blame \| history
bin/tests/system/digdelv/tests.sh		patch \| blob \| blame \| history