if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+ echo_i "prime wildcard NODATA 2 NSEC after data response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ dig_with_opts a.wild-2-nsec-afterdata.example. @10.53.0.${ns} TXT > dig.out.txt.ns${ns}.test$n || ret=1
+ check_ad_flag $ad dig.out.txt.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.txt.ns${ns}.test$n || ret=1
+ check_nosynth_soa example. dig.out.txt.ns${ns}.test$n || ret=1
+ check_auth_count 6 dig.out.txt.ns${ns}.test$n || ret=1
+ [ $ns -eq 2 ] && sed 's/^a\./b./' dig.out.txt.ns${ns}.test$n > wildnodata2nsecafterdata.out
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+
echo_i "prime insecure negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
dig_with_opts a.insecure.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+ echo_i "prime insecure wildcard NODATA 2 NSEC after data response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ dig_with_opts a.wild-2-nsec-afterdata.insecure.example. @10.53.0.${ns} TXT > dig.out.txt.ns${ns}.test$n || ret=1
+ check_ad_flag no dig.out.txt.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.txt.ns${ns}.test$n || ret=1
+ check_nosynth_soa insecure.example. dig.out.txt.ns${ns}.test$n || ret=1
+ check_auth_count 6 dig.out.txt.ns${ns}.test$n || ret=1
+ [ $ns -eq 2 ] && sed 's/^a\./b./' dig.out.txt.ns${ns}.test$n > insecure.wildnodata2nsecafterdata.out
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+
echo_i "prime minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
dig_with_opts nxdomain.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+ echo_i "check synthesized wildcard NODATA 2 NSEC after data response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ # Use AAAA to avoid cached qname minimisation _.wild-2-nsec-afterdata.example A record
+ dig_with_opts b.wild-2-nsec-afterdata.example. @10.53.0.${ns} AAAA > dig.out.a.ns${ns}.test$n || ret=1
+ check_ad_flag $ad dig.out.a.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.a.ns${ns}.test$n || ret=1
+ check_nosynth_aaaa b.wild-2-nsec-afterdata.example. dig.out.a.ns${ns}.test$n || ret=1
+ #
+ nextpart ns1/named.run > /dev/null
+ dig_with_opts b.wild-2-nsec-afterdata.example. @10.53.0.${ns} TLSA > dig.out.ns${ns}.test$n || ret=1
+ check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+ if [ ${synth} = yes ]
+ then
+ check_synth_soa example. dig.out.ns${ns}.test$n || ret=1
+ nextpart ns1/named.run | grep b.wild-2-nsec-afterdata.example/TLSA > /dev/null && ret=1
+ else
+ check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1
+ nextpart ns1/named.run | grep b.wild-2-nsec-afterdata.example/TLSA > /dev/null || ret=1
+ fi
+ digcomp wildnodata2nsecafterdata.out dig.out.ns${ns}.test$n || ret=1
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+
echo_i "check insecure NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
nextpart ns1/named.run > /dev/null
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+ echo_i "check insecure wildcard NODATA 2 NSEC after data response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ nextpart ns1/named.run > /dev/null
+ dig_with_opts b.wild-2-nsec-afterdata.insecure.example. @10.53.0.${ns} AAAA > dig.out.a.ns${ns}.test$n || ret=1
+ check_ad_flag no dig.out.a.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.a.ns${ns}.test$n || ret=1
+ check_nosynth_aaaa b.wild-2-nsec-afterdata.insecure.example. dig.out.a.ns${ns}.test$n || ret=1
+ #
+ dig_with_opts b.wild-2-nsec-afterdata.insecure.example. @10.53.0.${ns} TLSA > dig.out.ns${ns}.test$n || ret=1
+ check_ad_flag no dig.out.ns${ns}.test$n || ret=1
+ check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+ check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1
+ digcomp insecure.wildnodata2nsecafterdata.out dig.out.ns${ns}.test$n || ret=1
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
+
echo_i "check minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
nextpart ns1/named.run > /dev/null
do
case $synthesized in
NXDOMAIN) count=1;;
- no-data) count=4;;
+ no-data) count=5;;
wildcard) count=2;;
esac
echo_i "check 'rndc stats' output for 'synthesized a ${synthesized} response' (synth-from-dnssec ${description};) ($n)"
do
case $synthesized in
SynthNXDOMAIN) count=1;;
- SynthNODATA) count=4;;
+ SynthNODATA) count=5;;
SynthWILDCARD) count=2;;
esac
do
case $synthesized in
SynthNXDOMAIN) count=1;;
- SynthNODATA) count=4;;
+ SynthNODATA) count=5;;
SynthWILDCARD) count=2;;
esac
projects / thirdparty / bind9.git / commitdiff
