Check 'rndc stats' output for 'covering nsec returned'

diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh
index 872d02bc95c98a5e9ba04888833b1a6954d695fc..b02e421536ee3c2f8eaf71be5c73a08610e92d5c 100644 (file)
--- a/bin/tests/system/synthfromdnssec/clean.sh
+++ b/bin/tests/system/synthfromdnssec/clean.sh
@@ -15,6 +15,7 @@ rm -f ./*/named.memstats
 rm -f ./*/named.conf
 rm -f ./*/named.run
 rm -f ./*/named.run.prev
+rm -f ./*/named.stats
 rm -f ./dig.out.*
 rm -f ./ns1/K*+*+*.key
 rm -f ./ns1/K*+*+*.private

diff --git a/bin/tests/system/synthfromdnssec/ns1/named.conf.in b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
index 072c7d208a836fafe01da492e52a81f5e2930e92..192979965fa82f64bd4acc66dfeefa9d9ddf8a4d 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
@@ -24,6 +24,15 @@ options {
        dnssec-validation yes;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type primary;
        file "root.db.signed";

diff --git a/bin/tests/system/synthfromdnssec/ns2/named.conf.in b/bin/tests/system/synthfromdnssec/ns2/named.conf.in
index b130d305d33989284adffacba68f6761f57e6dca..ffb32b9ae1878d65caa0b68da2ba9e089eee60fb 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in
@@ -24,6 +24,15 @@ options {
        dnssec-validation yes;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type hint;
        file "root.hints";

diff --git a/bin/tests/system/synthfromdnssec/ns3/named.conf.in b/bin/tests/system/synthfromdnssec/ns3/named.conf.in
index 5a8fbd671834dea6b9daed9d3411319edbaab9b8..fcc44a2d8a53f72341aec22e57b16b1035ef5c81 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns3/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns3/named.conf.in
@@ -24,6 +24,15 @@ options {
        dnssec-validation yes;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type hint;
        file "root.hints";

diff --git a/bin/tests/system/synthfromdnssec/ns4/named.conf.in b/bin/tests/system/synthfromdnssec/ns4/named.conf.in
index 042c6cf0b6290e4850d52622017581733cfa6d2b..32e4845c355f4072423306d912df2637013a9b28 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns4/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns4/named.conf.in
@@ -25,6 +25,15 @@ options {
        synth-from-dnssec no;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type hint;
        file "root.hints";

diff --git a/bin/tests/system/synthfromdnssec/ns5/named.conf.in b/bin/tests/system/synthfromdnssec/ns5/named.conf.in
index 90b83a643210b705955eb166d1d5e17367e37fef..0dc554aa0e4a8822f01c4c313de433ca5a843f6f 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns5/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns5/named.conf.in
@@ -25,6 +25,15 @@ options {
        synth-from-dnssec yes;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type hint;
        file "root.hints";

diff --git a/bin/tests/system/synthfromdnssec/ns6/named.conf.in b/bin/tests/system/synthfromdnssec/ns6/named.conf.in
index f6c137d05e77c9df9528d566b2a0dcad2284ff39..0b2c712a0034d616f8726cd17a74bf5aa7aafb19 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns6/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns6/named.conf.in
@@ -25,6 +25,15 @@ options {
        synth-from-dnssec yes;
 };
 
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
        type hint;
        file "root.hints";

diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh
index 4b4ea83b56eba3c312367dce132302a16e1d4c0a..0970a07255d7a37f0aee2c09858a785883726f9b 100644 (file)
--- a/bin/tests/system/synthfromdnssec/tests.sh
+++ b/bin/tests/system/synthfromdnssec/tests.sh
@@ -12,6 +12,8 @@
 # shellcheck source=conf.sh
 . ../conf.sh
 
+RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
+
 set -e
 
 status=0
@@ -385,6 +387,24 @@ do
     n=$((n+1))
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
+
+    echo_i "check 'rndc stats' output for 'covering nsec returned' (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    ${RNDCCMD} 10.53.0.${ns} stats 2>&1 | sed 's/^/ns6 /' | cat_i
+    # 2 views, _bind should always be '0 covering nsec returned'
+    count=$(grep "covering nsec returned" ns${ns}/named.stats | wc -l)
+    test $count = 2 || ret=1
+    zero=$(grep " 0 covering nsec returned" ns${ns}/named.stats | wc -l)
+    if [ ${synth} = yes ]
+    then
+       test $zero = 1 || ret=1
+    else
+       test $zero = 2 || ret=1
+    fi
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
 done
 
 echo_i "check redirect response (+dnssec) (synth-from-dnssec <default>;) ($n)"