From: Mark Andrews <marka@isc.org>
Date: Mon, 3 Jun 2019 01:44:18 +0000 (+1000)
Subject: check that example/DS is not fetched when validating a.example
X-Git-Tag: v9.15.3~11^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4293a2f4bfc87b8188d69c46e2457d07ca2f5776;p=thirdparty%2Fbind9.git

check that example/DS is not fetched when validating a.example
---

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 6253c99d9a9..a871bb79753 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -184,6 +184,15 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 
+echo_i "checking that 'example/DS' from the referral was used in previous validation ($n)"
+ret=0
+grep "query 'example/DS/IN' approved" ns1/named.run > /dev/null && ret=1
+grep "fetch: example/DS" ns4/named.run > /dev/null && ret=1
+grep "validating example/DS: starting" ns4/named.run > /dev/null || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 if [ -x ${DELV} ] ; then
    ret=0
    echo_i "checking positive validation NSEC using dns_client ($n)"