n=$((n + 1))
ret=0
echo_i "check 'grant' in deny name + grant subdomain ($n)"
-$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
key hmac-sha256:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
n=$((n + 1))
ret=0
echo_i "check 'deny' in deny name + grant subdomain ($n)"
-$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
key hmac-sha256:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
n=$((n + 1))
echo_i "check adding of delegating NS records processing ($n)"
ret=0
-$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update add child.delegation.test. 3600 NS foo.example.net.
n=$((n + 1))
echo_i "check deleting of delegating NS records processing ($n)"
ret=0
-$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
n=$((n + 1))
echo_i "check that adding too many records is blocked ($n)"
ret=0
-$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone too-big.test.
update add r1.too-big.test 3600 IN TXT r1.too-big.test
send
EOF
-grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
+grep "update failed: SERVFAIL" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
n=$((n + 1))
ret=0
-echo_i "check whether valid addresses are used for primary failover ($n)"
-$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1
+echo_i "check whether valid addresses are used for primary failover (UDP with defaults) ($n)"
+t1=$($PERL -e 'print time()')
+$NSUPDATE <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
-grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1
-grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1
+t2=`$PERL -e 'print time()'`
+grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
+elapsed=$((t2 - t1))
+# Check that default timeout value is respected, there should be 4 tries with 3 seconds each.
+test $elapsed -lt 12 && ret=1
+test $elapsed -gt 15 && ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+n=$((n + 1))
+ret=0
+echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout) ($n)"
+t1=$($PERL -e 'print time()')
+$NSUPDATE -u 4 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
+server 10.53.0.4 ${PORT}
+zone unreachable.
+update add unreachable. 600 A 192.0.2.1
+send
+END
+t2=`$PERL -e 'print time()'`
+grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
+elapsed=$((t2 - t1))
+# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
+test $elapsed -lt 8 && ret=1
+test $elapsed -gt 12 && ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+n=$((n + 1))
+ret=0
+echo_i "check whether valid addresses are used for primary failover (UDP with -t timeout) ($n)"
+t1=$($PERL -e 'print time()')
+$NSUPDATE -u 0 -t 8 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
+server 10.53.0.4 ${PORT}
+zone unreachable.
+update add unreachable. 600 A 192.0.2.1
+send
+END
+t2=`$PERL -e 'print time()'`
+grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
+elapsed=$((t2 - t1))
+# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
+test $elapsed -lt 8 && ret=1
+test $elapsed -gt 12 && ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+n=$((n + 1))
+ret=0
+echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout -t timeout) ($n)"
+t1=$($PERL -e 'print time()')
+$NSUPDATE -u 4 -t 30 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
+server 10.53.0.4 ${PORT}
+zone unreachable.
+update add unreachable. 600 A 192.0.2.1
+send
+END
+t2=`$PERL -e 'print time()'`
+grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
+elapsed=$((t2 - t1))
+# Check that given timeout value is respected, there should be 2 tries with 4 seconds each, as -u takes precedence over -t.
+test $elapsed -lt 8 && ret=1
+test $elapsed -gt 12 && ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+n=$((n + 1))
+ret=0
+echo_i "check whether valid addresses are used for primary failover (TCP with -t timeout) ($n)"
+t1=$($PERL -e 'print time()')
+$NSUPDATE -t 8 -v <<END > nsupdate.out.test$n 2>&1 && ret=1
+server 10.53.0.4 ${PORT}
+zone unreachable.
+update add unreachable. 600 A 192.0.2.1
+send
+END
+t2=`$PERL -e 'print time()'`
+grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
+elapsed=$((t2 - t1))
+# Check that given timeout value is respected, there should be 1 try with 8 seconds.
+test $elapsed -lt 8 && ret=1
+test $elapsed -gt 12 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 -6 ($n)"
-$NSUPDATE -4 -6 <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -4 -6 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
-grep "only one of -4 and -6 allowed" nsupdate.out-$n > /dev/null 2>&1 || ret=1
+grep "only one of -4 and -6 allowed" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 with an IPv6 server address ($n)"
-$NSUPDATE -4 <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -4 <<END > nsupdate.out.test$n 2>&1 && ret=1
server fd92:7065:b8e:ffff::2 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
-grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1
+grep "address family not supported" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check that TKEY in a update is rejected ($n)"
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
send
END
-grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
-grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
+grep "UPDATE, status: NOERROR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
+grep "UPDATE, status: FORMERR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
# specify zone to override the default of adding to parent zone
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 14 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 14 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 13 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
$DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 13 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
n=$((n + 1))
ret=0
echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"
-$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in NSEC3PARAM 1 0 151 -
END
-grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
+grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
# that's what we're testing for. (failure is still expected, however,
# because the address lookup for the primary doesn't use the overridden
# resolv.conf file).
-$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1
+$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out.test$n 2>&1 && ret=1
zone example
update add a 3600 IN A 1.2.3.4
send
EOF
-grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1
-grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1
+grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1
+grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
echo_i "check krb5-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update add foo.example.com 3600 IN A 10.53.0.7
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check krb5-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check krb5-subdomain-self-rhs match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs no-match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 5.3.2.1.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check krb5-subdomain-self-rhs match SRV ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs no listed types match (SRV & TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs no-match RDATA (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check krb5-subdomain-self-rhs no-match TYPE (TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update add _yyy.self-srv.example.com 3600 IN TXT a-txt-record
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com TXT > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update delete many.any.self-ptr.in-addr.arpa
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update delete many.srv.self-srv.example.com SRV
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.srv.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
echo_i "check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
update delete many.any.self-srv.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
echo_i "check krb5-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
echo_i "check krb5-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
update add foo.example.com 3600 IN A 10.53.0.8
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n
grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check ms-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
echo_i "check ms-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
update add foo.example.com 3600 IN A 10.53.0.9
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check ms-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
echo_i "check ms-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check ms-subdomain-self-rhs match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs no-match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 5.3.2.1.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
echo_i "check ms-subdomain-self-rhs match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs no-match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 _yyy.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update delete many.srv.self-srv.example.com SRV
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.srv.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update delete many.any.self-ptr.in-addr.arpa
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update delete many.any.self-srv.example.com
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
echo_i "check ms-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
+ $NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
echo_i "check ms-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
- $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+ $NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
update add foo.example.com 3600 IN A 10.53.0.10
send
EOF
- grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
+ grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
projects / thirdparty / bind9.git / commitdiff
