tests.sh revision dafcb997e390efa4423883dafd100c975c4095d6
#
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.43 2004/03/05 05:00:09 marka Exp $
status=0
n=0
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo "I:checking that zone transfer worked ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking positive validation ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking positive wildcard validation ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking negative validation ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking negative wildcard validation ($n)"
ret=0
n=`expr $n + 1`
# Check the insecure.example domain
echo "I:checking 1-server insecurity proof ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking 1-server negative insecurity proof ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking 1-server negative insecurity proof with SOA hack ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
# Check the secure.example domain
echo "I:checking multi-stage positive validation ($n)"
ret=0
n=`expr $n + 1`
# Check the bogus domain
echo "I:checking failed validation ($n)"
ret=0
n=`expr $n + 1`
# Try validating with a bad trusted key.
# This should fail.
echo "I:checking that validation fails with a misconfigured trusted key ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking that negative validation fails with a misconfigured trusted key ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking that insecurity proofs fail with a misconfigured trusted key ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking that validation fails when key record is missing ($n)"
ret=0
n=`expr $n + 1`
# Check the insecure.secure.example domain (insecurity proof)
echo "I:checking 2-server insecurity proof ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
# Check a negative response in insecure.secure.example
echo "I:checking 2-server insecurity proof with a negative answer ($n)"
ret=0
|| ret=1
|| ret=1
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking 2-server insecurity proof with a negative answer and SOA hack ($n)"
ret=0
|| ret=1
|| ret=1
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
# Check that the query for a security root is successful and has ad set
echo "I:checking security root query ($n)"
ret=0
n=`expr $n + 1`
# Check that the setting the cd bit works
echo "I:checking cd bit on a positive answer ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking cd bit on a negative answer ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking cd bit on a query that should fail ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking cd bit on an insecurity proof ($n)"
ret=0
# Note - these are looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking cd bit on a negative insecurity proof ($n)"
ret=0
# Note - these are looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking that validation of an ANY query works ($n)"
ret=0
# 2 records in the zone, 1 NXT, 3 SIGs
n=`expr $n + 1`
echo "I:checking that validation of a query returning a CNAME works ($n)"
ret=0
# the CNAME & its sig, the TXT and its SIG
n=`expr $n + 1`
echo "I:checking that validation of a query returning a DNAME works ($n)"
ret=0
# The DNAME & its sig, the TXT and its SIG, and the synthesized CNAME.
# It would be nice to test that the CNAME is being synthesized by the
# recursive server and not cached, but I don't know how.
n=`expr $n + 1`
echo "I:checking that validation of an ANY query returning a CNAME works ($n)"
ret=0
# The CNAME, NXT, and their SIGs
n=`expr $n + 1`
echo "I:checking that validation of an ANY query returning a DNAME works ($n)"
ret=0
n=`expr $n + 1`
echo "I:checking that positive validation in a privately secure zone works ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking that negative validation in a privately secure zone works ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking that lookups succeed after disabling a algorithm works ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking privately secure to nxdomain works ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
echo "I:checking privately secure wilcard to nxdomain works ($n)"
ret=0
# Note - this is looking for failure, hence the &&
n=`expr $n + 1`
# Run a minimal update test if possible. This is really just
# a regression test for RT #2399; more tests should be added.
then
echo "I:running DNSSEC update test"
else
echo "I:The DNSSEC update test requires the Net::DNS library." >&2
fi
echo "I:exit status: $status"
exit $status