From: Michał Kępień Date: Mon, 21 May 2018 06:00:44 +0000 (+0200) Subject: Prevent false negatives in rootkeysentinel system test X-Git-Tag: v9.13.0~1^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6327c54c4bc0712b6c7ab7ef0e8adc9768e66ed3;p=thirdparty%2Fbind9.git Prevent false negatives in rootkeysentinel system test --- diff --git a/bin/tests/system/rootkeysentinel/tests.sh b/bin/tests/system/rootkeysentinel/tests.sh index a36ec57f7cb..d22f9b78e5c 100644 --- a/bin/tests/system/rootkeysentinel/tests.sh +++ b/bin/tests/system/rootkeysentinel/tests.sh @@ -95,6 +95,7 @@ newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel ye $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 @@ -113,6 +114,7 @@ newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel ye $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${bad}.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1 @@ -124,6 +126,7 @@ newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-se $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1 @@ -135,6 +138,7 @@ newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sen $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1 @@ -206,6 +210,7 @@ newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1 @@ -217,6 +222,7 @@ newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${bad}.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1 @@ -228,6 +234,7 @@ newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-se $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1 @@ -239,6 +246,7 @@ newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sen $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1