From 4d465e9c0c9890430b69c0899433906e1918625b Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 7 Feb 2023 15:05:39 +1100 Subject: [PATCH] check that delv handles REFUSED when chasing DS records --- bin/tests/system/digdelv/clean.sh | 4 +++- bin/tests/system/digdelv/ns2/named.conf.in | 5 +++++ bin/tests/system/digdelv/ns2/sign.sh | 3 +++ bin/tests/system/digdelv/tests.sh | 8 ++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/bin/tests/system/digdelv/clean.sh b/bin/tests/system/digdelv/clean.sh index ed9ad87a5bc..77e467a4990 100644 --- a/bin/tests/system/digdelv/clean.sh +++ b/bin/tests/system/digdelv/clean.sh @@ -29,7 +29,9 @@ rm -f ./host.out.test* rm -f ./ns*/managed-keys.bind* rm -f ./ns*/named.lock rm -f ./ns2/dsset-example. +rm -f ./ns2/dsset-example.tld. rm -f ./ns2/example.db ./ns2/K* ./ns2/keyid ./ns2/keydata +rm -f ./ns2/example.tld.db rm -f ./nslookup.out.test* -rm -f ./yamlget.out.* rm -f ./nsupdate.out.test* +rm -f ./yamlget.out.* diff --git a/bin/tests/system/digdelv/ns2/named.conf.in b/bin/tests/system/digdelv/ns2/named.conf.in index 1391b7322c0..6a6c2b9fb71 100644 --- a/bin/tests/system/digdelv/ns2/named.conf.in +++ b/bin/tests/system/digdelv/ns2/named.conf.in @@ -32,3 +32,8 @@ zone "example" { type primary; file "example.db"; }; + +zone "example.tld" { + type primary; + file "example.tld.db"; +}; diff --git a/bin/tests/system/digdelv/ns2/sign.sh b/bin/tests/system/digdelv/ns2/sign.sh index c8564b28301..782b7a1a24a 100644 --- a/bin/tests/system/digdelv/ns2/sign.sh +++ b/bin/tests/system/digdelv/ns2/sign.sh @@ -27,3 +27,6 @@ grep -Ev '^;' < "$ksk.key" | cut -f 7- -d ' ' > keydata keyfile_to_initial_keys "$ksk" > ../ns3/anchor.dnskey keyfile_to_initial_ds "$ksk" > ../ns3/anchor.ds + +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.tld.) +"$SIGNER" -Sz -f example.tld.db -o example.tld example.db.in > /dev/null 2>&1 diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index 3debad3da83..9e82298f35b 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -1396,6 +1396,14 @@ if [ -x "$DELV" ] ; then if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) fi + + n=$((n+1)) + echo_i "check that delv handles REFUSED when chasing DS records ($n)" + delv_with_opts @10.53.0.2 +root xxx.example.tld A > delv.out.test$n 2>&1 || ret=1 + grep ";; resolution failed: broken trust chain" delv.out.test$n > /dev/null || ret=1 + if [ $ret -ne 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + else echo_i "$DELV is needed, so skipping these delv tests" fi -- 2.47.3