add more tests

diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf
index eb07ba4c2fb8d6a564218af0154b6e64823cd5c4..b8739071b4772e9b6f6d27a7847679fc495ce6d7 100644 (file)
--- a/testdata/ede.tdir/ede.conf
+++ b/testdata/ede.tdir/ede.conf
@@ -13,9 +13,14 @@ server:
 
        module-config: "respip validator iterator"
 
+       access-control: 127.0.0.2/32 refuse
+
        local-zone: hopsa.kidee. always_refuse
        local-data: "hopsa.kidee. TXT hela hola"
 
+       localzone: nlnetlabs.nl transparant
+       local-data: "hopsa.nlnetlabs.nl. TXT hela hola"
+
        local-zone: uva.nl. always_null
 
        local-zone: example.com redirect

diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test
index aeec9b20a38876bb4c31559999c6f037f6508d83..fc5a781ee60087aef8bdbeee350252c219caf582 100644 (file)
--- a/testdata/ede.tdir/ede.test
+++ b/testdata/ede.tdir/ede.test
@@ -7,12 +7,13 @@
 . ../common.sh
 get_random_port 2
 UNBOUND_PORT=$RND_PORT
-FWD_PORT=$(($RND_PORT + 1))
+UNBOUND_PORT2=$(($RND_PORT + 1))
 echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
-echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+echo "UNBOUND_PORT=2=$UNBOUND_PORT2" >> .tpkg.var.test
 
 # rewrite config file with created ports
 sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > ub.conf
+sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf
 
 # start unbound in the background
 PRE="../.."
@@ -20,6 +21,11 @@ $PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
 UNBOUND_PID=$!
 echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
 
+# start "authoritative unbound" in the background
+$PRE/unbound -d -c ub.conf > unbound.log 2>&1 &
+UNBOUND_PID2=$!
+echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test
+
 
 # query with bad edns keepalive
 dig @127.0.0.1 -p $UNBOUND_PORT +tcp +ednsopt=11:010203 > keepalive.txt
@@ -72,9 +78,9 @@ then
 fi
 
 # RPZ always_refuse
-dig @127.0.0.1 -p $UNBOUND_PORT hopsa.kidee. A > always_refuse_forged.txt
+dig @127.0.0.1 -p $UNBOUND_PORT hopsa.kidee. A > always_refuse.txt
 
-if ! grep -q "OPT=15: 00 04" always_refuse_forged.txt
+if ! grep -q "OPT=15: 00 04" always_refuse.txt
 then
        echo "local-zone always_null must have EDE blocked code"
        exit 1
@@ -92,5 +98,30 @@ then
        exit 1
 fi
 
+# local data forged answer
+dig @127.0.0.1 -p $UNBOUND_PORT hopsa.nlnetlabs.nl TXT
+
+# ACL refused, EDE prohibited
+dig @127.0.0.1 -b 127.0.0.2 example.com > refused.txt
+
+if ! grep -q "OPT=15: 00 12" refused.txt
+then
+       echo "ACL refused does not give EDE prohibited"
+       exit 1
+fi
+
+
+
+# DNSSEC indeterminate
+
+# ZONE KEY TOEVOEGEN AAN UNBOUND
+# SIGNEN MET LDNS SIGNER
+# MAKE ZONE RECORD WITH EXPIRED AND NOT INCEPTED RECORD
+# zone aanmaken met auth-zone op een tweede unbound
+
+
+
+
 # teardown
-kill_pid $UNBOUND_PID
\ No newline at end of file
+kill_pid $UNBOUND_PID
+kill_pid $UNBOUND_PID2
\ No newline at end of file