Handle dig timing out gracefully in autosign

(cherry picked from commit 445ec7cc0fe42bcdd09f054484cfe4661636086e)

diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index b90ae169f1ac297207e02bead968c3d06cbf3a71..5839612a44415e56c1435b633ecbadc88656b98f 100755 (executable)
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -193,7 +193,7 @@ echo_ic "resigned after the active KSK is deleted - stage 1: Verify that DNSKEY"
 echo_ic "is initially signed with a KSK and not a ZSK. ($n)"
 ret=0
 
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n || ret=1
 
 zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
   | $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}')
@@ -230,7 +230,7 @@ echo_i "check that zone with active and inactive ZSK and active KSK is properly"
 echo_ic "resigned after the active ZSK is deleted - stage 1: Verify that zone"
 echo_ic "is initially signed with a ZSK and not a KSK. ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n || ret=1
 kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n \
   | $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}')
 grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 " dig.out.ns3.test$n >/dev/null || ret=1
@@ -422,7 +422,7 @@ echo_i "dumping zone files"
 
 now="$(TZ=UTC date +%Y%m%d%H%M%S)"
 check_expiry() (
-  $DIG $DIGOPTS AXFR oldsigs.example @10.53.0.3 >dig.out.test$n
+  $DIG $DIGOPTS AXFR oldsigs.example @10.53.0.3 >dig.out.test$n || return 1
   nearest_expiration="$(awk '$4 == "RRSIG" { print $9 }' <dig.out.test$n | sort -n | head -1)"
   if [ "$nearest_expiration" -le "$now" ]; then
     echo_i "failed: $nearest_expiration <= $now"
@@ -1100,7 +1100,7 @@ newserial=$oldserial
 try=0
 while [ $oldserial -eq $newserial -a $try -lt 42 ]; do
   newserial=$($DIG $DIGOPTS +short soa prepub.example @10.53.0.3 \
-    | awk '$0 !~ /SOA/ {print $3}')
+    | awk '$0 !~ /SOA/ {print $3}' || true)
   sleep 1
   try=$((try + 1))
 done
@@ -1409,8 +1409,8 @@ status=$((status + ret))
 
 echo_i "test CDS and CDNSKEY auto generation ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n || ret=1
+$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n || ret=1
 grep -i "sync.example.*in.cds.*[1-9][0-9]* " dig.out.ns3.cdstest$n >/dev/null || ret=1
 grep -i "sync.example.*in.cdnskey.*257 " dig.out.ns3.cdnskeytest$n >/dev/null || ret=1
 n=$((n + 1))
@@ -1419,9 +1419,9 @@ status=$((status + ret))
 
 echo_i "test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 sync.example dnskey >dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n
+$DIG $DIGOPTS @10.53.0.3 sync.example dnskey >dig.out.ns3.dnskeytest$n || ret=1
+$DIG $DIGOPTS @10.53.0.3 sync.example cdnskey >dig.out.ns3.cdnskeytest$n || ret=1
+$DIG $DIGOPTS @10.53.0.3 sync.example cds >dig.out.ns3.cdstest$n || ret=1
 lines=$(awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l)
 test ${lines:-0} -eq 2 || ret=1
 lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l)
@@ -1434,9 +1434,9 @@ status=$((status + ret))
 
 echo_i "test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey >dig.out.ns3.dnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey >dig.out.ns3.cdnskeytest$n
-$DIG $DIGOPTS @10.53.0.3 kskonly.example cds >dig.out.ns3.cdstest$n
+$DIG $DIGOPTS @10.53.0.3 kskonly.example dnskey >dig.out.ns3.dnskeytest$n || ret=1
+$DIG $DIGOPTS @10.53.0.3 kskonly.example cdnskey >dig.out.ns3.cdnskeytest$n || ret=1
+$DIG $DIGOPTS @10.53.0.3 kskonly.example cds >dig.out.ns3.cdstest$n || ret=1
 lines=$(awk '$4 == "RRSIG" && $5 == "DNSKEY" {print}' dig.out.ns3.dnskeytest$n | wc -l)
 test ${lines:-0} -eq 1 || ret=1
 lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.ns3.cdnskeytest$n | wc -l)
@@ -1482,7 +1482,7 @@ status=$((status + ret))
 
 echo_i "check that zone with inactive KSK and active ZSK is properly autosigned ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk2.example >dig.out.ns3.test$n || ret=1
 
 zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
   | $DSFROMKEY -A -2 -f - inacksk2.example | awk '{ print $4}')
@@ -1500,7 +1500,7 @@ status=$((status + ret))
 
 echo_i "check that zone with inactive ZSK and active KSK is properly autosigned ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk2.example >dig.out.ns3.test$n || ret=1
 grep "SOA ${DEFAULT_ALGORITHM_NUMBER} 2" dig.out.ns3.test$n >/dev/null || ret=1
 n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -1514,7 +1514,7 @@ echo_ic "resigned after the active KSK is deleted - stage 2: Verify that DNSKEY"
 echo_ic "is now signed with the ZSK. ($n)"
 ret=0
 
-$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inacksk3.example >dig.out.ns3.test$n || ret=1
 
 zskid=$(awk '$4 == "DNSKEY" && $5 == 256 { print }' dig.out.ns3.test$n \
   | $DSFROMKEY -A -2 -f - inacksk3.example | awk '{ print $4}')
@@ -1542,7 +1542,7 @@ echo_i "check that zone with active and inactive ZSK and active KSK is properly"
 echo_ic "resigned after the active ZSK is deleted - stage 2: Verify that zone"
 echo_ic "is now signed with the KSK. ($n)"
 ret=0
-$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n
+$DIG $DIGOPTS @10.53.0.3 axfr inaczsk3.example >dig.out.ns3.test$n || ret=1
 kskid=$(awk '$4 == "DNSKEY" && $5 == 257 { print }' dig.out.ns3.test$n \
   | $DSFROMKEY -2 -f - inaczsk3.example | awk '{ print $4}')
 grep "CNAME ${DEFAULT_ALGORITHM_NUMBER} 3 [0-9]* [0-9]* [0-9]* ${kskid} " dig.out.ns3.test$n >/dev/null || ret=1
@@ -1737,7 +1737,7 @@ ret=0
 zone=optout-with-ent
 hash=JTR8R6AVFULU0DQH9I6HNN2KUK5956EL
 # check that NSEC3 for ENT is present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n || ret=1
 grep "status: NOERROR" dig.out.pre.ns2.test$n >/dev/null || ret=1
 grep "ANSWER: 0, AUTHORITY: 4, " dig.out.pre.ns2.test$n >/dev/null || ret=1
 grep "^${hash}.${zone}." dig.out.pre.ns2.test$n >/dev/null || ret=1
@@ -1749,8 +1749,8 @@ grep "^${hash}.${zone}." dig.out.pre.ns2.test$n >/dev/null || ret=1
   echo send
 ) | $NSUPDATE
 # check that NSEC3 for ENT is still present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.mid.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.pre.ns2.test$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.mid.ns2.test$n || ret=1
 grep "status: NOERROR" dig.out.mid.ns2.test$n >/dev/null || ret=1
 grep "ANSWER: 0, AUTHORITY: 4, " dig.out.mid.ns2.test$n >/dev/null || ret=1
 grep "^${hash}.${zone}." dig.out.mid.ns2.test$n >/dev/null || ret=1
@@ -1762,11 +1762,11 @@ grep "^${hash}.${zone}." dig.out.mid.ns2.test$n >/dev/null || ret=1
   echo send
 ) | $NSUPDATE
 # check that NSEC3 for ENT is gone present
-$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.post.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 a "ent.${zone}" >dig.out.post.ns2.test$n || ret=1
 grep "status: NXDOMAIN" dig.out.post.ns2.test$n >/dev/null || ret=1
 grep "ANSWER: 0, AUTHORITY: 4, " dig.out.post.ns2.test$n >/dev/null || ret=1
 grep "^${hash}.${zone}." dig.out.post.ns2.test$n >/dev/null && ret=1
-$DIG $DIGOPTS @10.53.0.2 axfr "${zone}" >dig.out.axfr.ns2.test$n
+$DIG $DIGOPTS @10.53.0.2 axfr "${zone}" >dig.out.axfr.ns2.test$n || ret=1
 grep "^${hash}.${zone}." dig.out.axfr.ns2.test$n >/dev/null && ret=1
 n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi