tests.sh revision 3398334b3acda24b086957286288ca9852662b12
DIGOPTS=
"+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" # Check the example. domain echo "I:checking that zone transfer worked ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive validation NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive validation NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive validation OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive wildcard validation NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive wildcard validation NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking positive wildcard validation OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NXDOMAIN NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NXDOMAIN NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NXDOMAIN OPTOUT ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NODATA NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NODATA NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative validation NODATA OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative wildcard validation NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative wildcard validation NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking negative wildcard validation OPTOUT ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server insecurity proof NSEC ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server insecurity proof NSEC3 ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server insecurity proof OPTOUT ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof NSEC ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof NSEC3 ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof OPTOUT ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof with SOA hack NSEC ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof with SOA hack NSEC3 ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 1-server negative insecurity proof with SOA hack OPTOUT ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC/NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC/NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC/OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC3/NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC3/NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation NSEC3/OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation OPTOUT/NSEC ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation OPTOUT/NSEC3 ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking multi-stage positive validation OPTOUT/OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking empty NODATA OPTOUT ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking failed validation ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi # Try validating with a bad trusted key. echo "I:checking that validation fails with a misconfigured trusted key ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that negative validation fails with a misconfigured trusted key ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that insecurity proofs fail with a misconfigured trusted key ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation fails when key record is missing ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 2-server insecurity proof ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 2-server insecurity proof with a negative answer ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking 2-server insecurity proof with a negative answer and SOA hack ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi # Check that the query for a security root is successful and has ad set echo "I:checking security root query ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi # Check that the setting the cd bit works echo "I:checking cd bit on a positive answer ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking cd bit on a negative answer ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking cd bit on a query that should fail ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking cd bit on an insecurity proof ($n)" # Note - these are looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking cd bit on a negative insecurity proof ($n)" # Note - these are looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation of an ANY query works ($n)" # 2 records in the zone, 1 NXT, 3 SIGs if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation of a query returning a CNAME works ($n)" # the CNAME & its sig, the TXT and its SIG if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation of a query returning a DNAME works ($n)" # The DNAME & its sig, the TXT and its SIG, and the synthesized CNAME. # It would be nice to test that the CNAME is being synthesized by the # recursive server and not cached, but I don't know how. if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation of an ANY query returning a CNAME works ($n)" # The CNAME, NXT, and their SIGs if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that validation of an ANY query returning a DNAME works ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that positive validation in a privately secure zone works ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that negative validation in a privately secure zone works ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that lookups succeed after disabling a algorithm works ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking privately secure to nxdomain works ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking privately secure wildcard to nxdomain works ($n)" # Note - this is looking for failure, hence the && if [
$ret !=
0 ];
then echo "I:failed";
fi # grand parent and there is not a secure delegation from secure.example # algorithm which the validation does not support. echo "I:checking dnssec-lookaside-validation works ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that we can load a rfc2535 signed zone ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi echo "I:checking that we can transfer a rfc2535 signed zone ($n)" if [
$ret !=
0 ];
then echo "I:failed";
fi # Run a minimal update test if possible. This is really just # a regression test for RT #2399; more tests should be added. echo "I:running DNSSEC update test" echo "I:The DNSSEC update test requires the Net::DNS library." >&
2