--- /dev/null
+#!/bin/sh -e
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+. ../../conf.sh
+
+zone=tc-test-signed
+infile=tc-test-signed.db.in
+zonefile=tc-test-signed.db
+
+# The signing algorithm and key sizes used here are NOT arbitrary - they have
+# been carefully chosen to ensure that the signed referral response checked in
+# the test will be around 512 bytes in size with glue records excluded. Please
+# keep this in mind when updating signing algorithms used in system tests.
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+cat "$infile" "$keyname.key" > "$zonefile"
+
+$SIGNER -P -o $zone $zonefile > /dev/null
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; CAUTION: Contents of this zone were carefully crafted so that the responses
+; to the queries used in the "glue" system test have a very specific size.
+; Editing this zone is not recommended as it may break the relevant checks.
+
+$TTL 300
+@ IN SOA ns hostmaster (
+ 1
+ 3600
+ 1800
+ 1814400
+ 3600
+ )
+ NS a
+a A 10.53.0.1
+
+subdomain-a NS 0123456789.subdomain-a
+ NS 0123456.subdomain-a
+ NS 0123.subdomain-a
+
+0123456789.subdomain-a A 10.53.0.1
+0123456.subdomain-a A 10.53.0.1
+0123.subdomain-a A 10.53.0.1
+
+subdomain-aaaa NS 0123456789.subdomain-aaaa
+ NS 0123456.subdomain-aaaa
+ NS 0123.subdomain-aaaa
+
+0123456789.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+0123456.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+0123.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+
+subdomain-both NS 0123456789.subdomain-both
+ NS 0123456.subdomain-both
+ NS 0123.subdomain-both
+ NS 0.subdomain-both
+
+0123456789.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+0123456.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+0123.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+0.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; CAUTION: Contents of this zone were carefully crafted so that the responses
+; to the queries used in the "glue" system test have a very specific size.
+; Editing this zone is not recommended as it may break the relevant checks.
+
+$TTL 300
+@ IN SOA ns hostmaster (
+ 1
+ 3600
+ 1800
+ 1814400
+ 3600
+ )
+ NS a
+a A 10.53.0.1
+
+subdomain-a NS abcdefghijklmnopqrstuvwxyz.subdomain-a
+ NS bcdefghijklmnopqrstuvwxyz.subdomain-a
+ NS cdefghijklmnopqrstuvwxyz.subdomain-a
+ NS defghijklmnopqrstuvwxyz.subdomain-a
+ NS efghijklmnopqrstuvwxyz.subdomain-a
+ NS fghijklmnopqrstuvwxyz.subdomain-a
+ NS ghijklmnopqrstuvwxyz.subdomain-a
+ NS hijklmnopqrstuvwxyz.subdomain-a
+ NS ijklmnopqrstuvwxyz.subdomain-a
+ NS jklmnopqrstuvwxyz.subdomain-a
+ NS klmnopqrstuvwxyz.subdomain-a
+ NS lmnopqrstuvwxyz.subdomain-a
+ NS mnopqrstuvwxyz.subdomain-a
+
+abcdefghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+bcdefghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+cdefghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+defghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+efghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+fghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+ghijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+hijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+ijklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+jklmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+klmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+lmnopqrstuvwxyz.subdomain-a A 10.53.0.1
+mnopqrstuvwxyz.subdomain-a A 10.53.0.1
+
+subdomain-aaaa NS abcdefghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS bcdefghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS cdefghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS defghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS efghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS fghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS ghijklmnopqrstuvwxyz.subdomain-aaaa
+ NS hijklmnopqrstuvwxyz.subdomain-aaaa
+ NS ijklmnopqrstuvwxyz.subdomain-aaaa
+ NS jklmnopqrstuvwxyz.subdomain-aaaa
+ NS klmnopqrstuvwxyz.subdomain-aaaa
+ NS lmnopqrstuvwxyz.subdomain-aaaa
+ NS mnopqrstuvwxyz.subdomain-aaaa
+
+abcdefghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+bcdefghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+cdefghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+defghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+efghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+fghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+ghijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+hijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+ijklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+jklmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+klmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+lmnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+mnopqrstuvwxyz.subdomain-aaaa AAAA fd92:7065:b8e:ffff::1
+
+subdomain-both NS abcdefghijklmnopqrstuvwxyz.subdomain-both
+ NS bcdefghijklmnopqrstuvwxyz.subdomain-both
+ NS cdefghijklmnopqrstuvwxyz.subdomain-both
+ NS defghijklmnopqrstuvwxyz.subdomain-both
+ NS efghijklmnopqrstuvwxyz.subdomain-both
+ NS fghijklmnopqrstuvwxyz.subdomain-both
+ NS ghijklmnopqrstuvwxyz.subdomain-both
+ NS hijklmnopqrstuvwxyz.subdomain-both
+ NS ijklmnopqrstuvwxyz.subdomain-both
+ NS jklmnopqrstuvwxyz.subdomain-both
+ NS klmnopqrstuvwxyz.subdomain-both
+ NS lmnopqrstuvwxyz.subdomain-both
+ NS mnopqrstuvwxyz.subdomain-both
+
+abcdefghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+bcdefghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+cdefghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+defghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+efghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+fghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+ghijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
+hijklmnopqrstuvwxyz.subdomain-both A 10.53.0.1
+ AAAA fd92:7065:b8e:ffff::1
if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+n=$((n+1))
+echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-a.tc-test-unsigned. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing truncation for unsigned referrals close to UDP packet size limit (AAAA glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-aaaa.tc-test-unsigned. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-both.tc-test-unsigned. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing truncation for signed referrals close to UDP packet size limit (A glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-a.tc-test-signed. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing truncation for signed referrals close to UDP packet size limit (AAAA glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-aaaa.tc-test-signed. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "testing truncation for signed referrals close to UDP packet size limit (A+AAAA glue) ($n)"
+ret=0
+dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-both.tc-test-signed. > dig.out.$n || ret=1
+grep -q "flags:[^;]* tc" dig.out.$n || ret=1
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1