tests.sh revision 86a85a3bbd3d4580982b2c02d9b4837bc6c2fae5
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# Permission to use, copy, modify, and/or distribute this software for any
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# purpose with or without fee is hereby granted, provided that the above
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence# PERFORMANCE OF THIS SOFTWARE.
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellington# test response policy zones (RPZ)
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffns2=$ns.2 # authoritative server whose records are rewritten
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrencens4=$ns.4 # another authoritative server that is rewritten
294ae26fb3e1376b4c34c6b8d15737e39cc2cb48Andreas Gustafssonwhile getopts "x" c; do
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonshift `expr $OPTIND - 1 || true`
75ec9bc9c7b4f2485647414330122e7b8e188097Andreas Gustafsson# really quit on control-C
f9df80f4348ef68043903efa08299480324f4823Michael GraffRNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p 9953 -s"
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer # Also default to -bX where X is the @value so that OS X will choose
f9df80f4348ef68043903efa08299480324f4823Michael Graff digcmd_args=`echo "+noadd +time=1 +tries=1 -p 5300 $*" | \
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff# set DIGNM=file name for dig output
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer while test -f $DIGNM; do
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer# (re)load the reponse policy zones with the rules in the file $TEST_FILE
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer echo "I:failed to update policy zone with $TEST_FILE"
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer # try to ensure that the server really has stopped
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer if test -z "$HAVE_CORE" -a -f ns$1/named.pid; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer if test -f ns$1/named.pid; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer if test -f ns$1/base.db; then
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer for NM in ns$1/bl*.db; do
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns$1
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer# $1=server and irrelevant args $2=error message
f9df80f4348ef68043903efa08299480324f4823Michael Graff $RNDCCMD $CKALIVE_IP status >/dev/null 2>&1 && return 0
f9df80f4348ef68043903efa08299480324f4823Michael Graff # restart the server to avoid stalling waiting for it to stop
f9df80f4348ef68043903efa08299480324f4823Michael Graff NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \
f9df80f4348ef68043903efa08299480324f4823Michael Graff setret "I:wrong $LABEL $NSDIR statistics of $GOT instead of $EXPECTED"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff# $1=message $2=optional test file name
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff sed -e 's/[ ]add[ ]/ delete /' $TEST_FILE | $NSUPDATE
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff ckalive $ns3 "I:failed; ns3 server crashed and restarted"
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# $1=dig args $2=other dig output file
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff NEED_TCP=`echo "$1" | sed -n -e 's/[Tt][Cc][Pp].*/TCP/p'`
8c55a67a6d185de7036e39da30561a5c1637d22bAndreas Gustafsson RESULT_TCP=`sed -n -e 's/.*Truncated, retrying in TCP.*/TCP/p' $DIGNM`
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff setret "I:'dig $1' wrong; no or unexpected truncation in $DIGNM"
f9df80f4348ef68043903efa08299480324f4823Michael Graff# check only that the server does not crash
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence# $1=target domain $2=optional query type
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff# check rewrite to NXDOMAIN
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence# $1=target domain $2=optional query type
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check rewrite to NODATA
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=target domain $2=optional query type
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence | sed -e 's/^[a-z].* IN CNAME /;xxx &/' >$DIGNM
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check rewrite to an address
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence# modify the output so that it is easily compared, but save the original line
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=IPv4 address $2=digcmd args $3=optional TTL
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff #ckalive "$2" "I:server crashed by 'dig $2'" || return 1
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'`
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\} *\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM`
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff setret "I:'dig $2' wrong; no address $ADDR record in $DIGNM"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff if test -n "$3" && test "$ADDR_TTL" -ne "$3"; then
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff setret "I:'dig $2' wrong; TTL=$ADDR_TTL instead of $3 in $DIGNM"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff# Check that a response is not rewritten
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# Use $ns1 instead of the authority for most test domains, $ns2 to prevent
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# spurious differences for `dig +norecurse`
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# $1=optional "TCP" remaining args for dig
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff ckresult "$*" ${DIGNM}_OK && clean_result ${DIGNM}_OK
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check against a 'here document'
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff# check dropped response
d68838693666ba930ec4143f848c18bff2bfc244Michael GraffDROPPED='^;; connection timed out; no servers could be reached'
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff# make prototype files to check against rewritten results
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange sub.a3-2.tld2 # 5 miss where DNAME might work
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnxdomain a4-2.tld2 # 6 rewrite based on CNAME target
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12 a4-1.sub1.tld2 # 9 A replacement
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12 a4-1.sub2.tld2 # 10 A replacement with wildcard
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12 nxc1.sub1.tld2 # 11 replace NXDOMAIN with CNAME
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 12.12.12.12 nxc2.sub1.tld2 # 12 replace NXDOMAIN with CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.4.4.1 a4-4.tld2 # 13 prefer 1st conflicting QNAME zone
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 57.57.57.57 a3-7.sub1.tld2 # 17 wildcard CNAME
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.16 a4-5-cname3.tld2 # 18 CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.17 a4-6-cname3.tld2 # 19 stop short in CNAME chain
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnochange a5-2.tld2 +norecurse # 20 check that RD=1 is required
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain c1.crash2.tld3 # 24 assert in rbtdb.c
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1.tld2 +dnssec # 25 simple DO=1 without signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1.tld2s +nodnssec # 26 simple DO=0 with signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1.tld2s +dnssec # 27 simple DO=1 with signatures
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnxdomain a0-1s-cname.tld2s +dnssec # 28 DNSSEC too early in CNAME chain
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1-scname.tld2 +dnssec # 29 DNSSEC on target in CNAME chain
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a0-1.tld2s srv +auth +dnssec # 30 no write for DNSSEC and no record
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonhere x.servfail <<'EOF' # 34 qname-wait-recurse yes
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonaddr 35.35.35.35 "x.servfail @$ns5" # 35 qname-wait-recurse no
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a3-2.tld2 # 2 no policy record so no change
55f3daa4ea84859f9753089831a950a4fd9678c3Brian Wellingtonnochange a4-1.tld2 # 3 obsolete PASSTHRU record style
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencenochange a4-2.tld2 -taaaa # 5 no A => no policy rewrite
f9df80f4348ef68043903efa08299480324f4823Michael Graffnochange a4-2.tld2 -ttxt # 6 no A => no policy rewrite
f9df80f4348ef68043903efa08299480324f4823Michael Graffnxdomain a4-2.tld2 -tany # 7 no A => no policy rewrite
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleyaddr 127.0.0.1 a5-1-2.tld2 # 11 prefer smallest policy address
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddr 127.0.0.1 a5-3.tld2 # 12 prefer first conflicting IP zone
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleynochange a5-4.tld2 +norecurse # 13 check that RD=1 is required for #14
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceaddr 14.14.14.14 a5-4.tld2 # 14 prefer QNAME to IP
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halleyaddr 127.0.0.17 "a4-4.tld2 -b $ns1" # 17 client-IP address trigger
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnxdomain a7-1.tld2 # 18 slave policy zone (RT34450)
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graffgoodsoa="rpz.tld2. hostmaster.ns.tld2. 2 3600 1200 604800 60"
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffsleep 1 # ensure that a clock tick has occured so that the reload takes effect
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graffgoodsoa="rpz.tld2. hostmaster.ns.tld2. 3 3600 1200 604800 60"
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence soa=`$DIG -p 5300 +short soa bl.tld2 @10.53.0.3 -b10.53.0.3`
24694ab18a48bcc9c50304bd8b7eb6b9c7650129Brian Wellingtonnxdomain a7-1.tld2 # 20 slave policy zone (RT34450)
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews# check that IP addresses for previous group were deleted from the radix tree
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson # these tests assume "min-ns-dots 0"
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington nochange a3-1.tld2 +dnssec # 2 this once caused problems
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington nxdomain a3-1.sub1.tld2 # 3 NXDOMAIN *.sub1.tld2 by NSDNAME
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington addr 12.12.12.12 a4-2.subsub.sub2.tld2 # 6 walled garden for *.sub2.tld2
efcd38346161b10d60368411cfb2c0d1c22b5fb1Brian Wellington nochange a3-2.tld2. # 7 exempt rewrite by name
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley nochange a0-1.tld2. # 8 exempt rewrite by address block
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley addr 12.12.12.12 a4-1.tld2 # 9 prefer QNAME policy to NSDNAME
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME
f9df80f4348ef68043903efa08299480324f4823Michael Graff nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash
f9df80f4348ef68043903efa08299480324f4823Michael Graff echo "I:NSDNAME not checked; named configured with --disable-rpz-nsdname"
f9df80f4348ef68043903efa08299480324f4823Michael Graff # these tests assume "min-ns-dots 0"
f9df80f4348ef68043903efa08299480324f4823Michael Graff nxdomain a3-1.tld2 # 1 NXDOMAIN for all of tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graff nochange a3-2.tld2. # 2 exempt rewrite by name
f9df80f4348ef68043903efa08299480324f4823Michael Graff nochange a0-1.tld2. # 3 exempt rewrite by address block
f9df80f4348ef68043903efa08299480324f4823Michael Graff nochange a3-1.tld4 # 4 different NS IP address
f9df80f4348ef68043903efa08299480324f4823Michael Graff start_group "walled garden NSIP rewrites" test4a
f9df80f4348ef68043903efa08299480324f4823Michael Graff addr 41.41.41.41 a3-1.tld2 # 1 walled garden for all of tld2
f2762b0d99a9f1cc43f57f713aa632f6abe37892Michael Graff addr 2041::41 'a3-1.tld2 AAAA' # 2 walled garden for all of tld2
f9df80f4348ef68043903efa08299480324f4823Michael Graff here a3-1.tld2 TXT <<'EOF' # 3 text message for all of tld2
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff echo "I:NSIP not checked; named configured with --disable-rpz-nsip"
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley# policies in ./test5 overridden by response-policy{} in ns3/named.conf
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynochange a3-3.tld2 # 3 bl-no-op obsolete for passthru
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynodata a3-5.tld2 # 5 bl-nodata zone recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynodata a3-5.tld2 +norecurse # 6 bl-nodata zone recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2 +norecurse @$ns5 # 8 bl-nodata global recursive-only no
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2s @$ns5 # 9 bl-nodata global break-dnssec
5eb8688b78ddf13d46cd52561301c35d24a5d52aBob Halleynxdomain a3-5.tld2s +dnssec @$ns5 # 10 bl-nodata global break-dnssec
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 58.58.58.58 a3-8.tld2 # 13 bl_wildcname
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 59.59.59.59 a3-9.sub9.tld2 # 14 bl_wildcname
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 12.12.12.12 a3-15.tld2 # 15 bl-garden via CNAME to a12.tld2
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellingtonaddr 127.0.0.16 a3-16.tld2 100 # 16 bl max-policy-ttl 100
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellingtonaddr 17.17.17.17 "a3-17.tld2 @$ns5" 90 # 17 ns5 bl max-policy-ttl 90
fe0e3c7707580da885bb6819e4f307986eb60cd0Brian Wellington# check that miscellaneous bugs are still absent
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington# This is not a bug, because any data leaked by writing 24.4.3.2.10.rpz-ip
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington# (or whatever) is available by publishing "foo A 10.2.3.4" and then
22057930cd2a71e1073781b650c7296739c869a6Brian Wellington# resolving foo.
5caab9f99d19ab9ebb0a0ba64c09c8de80e89e29Brian Wellington# superficial test for major performance bugs
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellingtonif test -n "$QPERF"; then
41faaa9b35bb5b3c72ca964e108ba398eaa63f3dBrian Wellington $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >/dev/null
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p 5300 >$PFILE
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson X=`sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \
d8705ff90a299e0aa9fc2b4286bc0a71cf221872Bob Halley sed -n -e 's/.*Queries per second: *\([0-9]*\).*/\1/p' ns5/$1.perf
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington # get qps with rpz
f9df80f4348ef68043903efa08299480324f4823Michael Graff # turn off rpz and measure qps again
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff PERCENT=`expr \( "$RPZ" \* 100 + \( $NORPZ / 2 \) \) / $NORPZ`
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff echo "I:$RPZ qps with RPZ is $PERCENT% of $NORPZ qps without RPZ"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff echo "I:$RPZ qps with rpz or $PERCENT% is below $MIN_PERCENT% of $NORPZ qps"
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff echo "I:$RPZ qps with RPZ or $PERCENT% of $NORPZ qps without RPZ is too high"
4556681e191b7c1654639895ce719d98f2822ee2Michael Graff echo "I:performance not checked; queryperf not available"
f9df80f4348ef68043903efa08299480324f4823Michael Graff# restart the main test RPZ server to see if that creates a core file
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test -z "$HAVE_CORE"; then
f9df80f4348ef68043903efa08299480324f4823Michael Graff test -z "$HAVE_CORE" || setret "I:found $HAVE_CORE; memory leak?"
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff# look for complaints from lib/dns/rpz.c and bin/name/query.c
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael GraffEMSGS=`egrep -l 'invalid rpz|rpz.*failed' ns*/named.run`
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test -n "$EMSGS"; then
f9df80f4348ef68043903efa08299480324f4823Michael Graff setret "I:error messages in $EMSGS starting with:"
f9df80f4348ef68043903efa08299480324f4823Michael Graff egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' -e 's/^/I: /'
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffecho "I:checking that ttl values are not zeroed when qtype is '*'"
f9df80f4348ef68043903efa08299480324f4823Michael Graff$DIG +noall +answer -p 5300 @$ns3 any a3-2.tld2 > dig.out.any
f9df80f4348ef68043903efa08299480324f4823Michael Graffttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any`
f9df80f4348ef68043903efa08299480324f4823Michael Graffif test ${ttl:=0} -eq 0; then setret I:failed; fi
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffecho "I:exit status: $status"