3
# Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
3
# Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
5
5
# Permission to use, copy, modify, and/or distribute this software for any
6
6
# purpose with or without fee is hereby granted, provided that the above
14
14
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15
15
# PERFORMANCE OF THIS SOFTWARE.
17
# $Id: tests.sh,v 1.12.18.16 2011-07-26 04:41:48 marka Exp $
17
# $Id: tests.sh,v 1.12.18.27 2012/02/07 00:34:20 each Exp $
20
20
. $SYSTEMTESTTOP/conf.sh
635
635
echo "I:checking that revoked key is present ($n)"
637
id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < rev.key`
638
id=`expr $id + 128 % 65536`
639
638
$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
640
639
grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1
645
644
echo "I:checking that revoked key self-signs ($n)"
647
id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < rev.key`
648
id=`expr $id + 128 % 65536`
649
647
$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
650
648
grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
929
927
$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
930
grep '; key id =.*'"$oldid"'$' dig.out.ns1.test$n > /dev/null && ret=1
928
grep '; key id = '"$oldid"'$' dig.out.ns1.test$n > /dev/null && ret=1
932
930
if [ $ret != 0 ]; then echo "I:failed"; fi
933
931
status=`expr $status + $ret`
947
945
$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || lret=1
948
grep '; key id =.*'"$id"'$' dig.out.ns2.test$n > /dev/null || lret=1
946
grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null || lret=1
949
947
$DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || lret=1
950
948
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || lret=1
963
961
# this confirms that key events are never scheduled more than
964
962
# a given number of seconds into the future, and that the last
965
# event scheduled is precisely that far in the future.
963
# event scheduled is within 10 seconds of expected interval.
966
964
check_interval () {
967
965
awk '/next key event/ {print $2 ":" $9}' $1/named.run |
971
969
x = ($6+ $5*60000 + $4*3600000) - ($3+ $2*60000 + $1*3600000);
972
# abs(x) < 500 ms treat as 'now'
973
if (x < 500 && x > -500)
970
# abs(x) < 1000 ms treat as 'now'
971
if (x < 1000 && x > -1000)
975
973
# convert to seconds
996
994
if [ $ret != 0 ]; then echo "I:failed"; fi
997
995
status=`expr $status + $ret`
997
echo "I:forcing full sign with unreadable keys ($n)"
999
chmod 0 ns1/K.+*+*.key ns1/K.+*+*.private || ret=1
1000
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 sign . 2>&1 | sed 's/^/I:ns1 /'
1001
$DIG $DIGOPTS . @10.53.0.1 dnskey > dig.out.ns1.test$n || ret=1
1002
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
1004
if [ $ret != 0 ]; then echo "I:failed"; fi
1005
status=`expr $status + $ret`
1007
echo "I:test turning on auto-dnssec during reconfig ($n)"
1009
# first create a zone that doesn't have auto-dnssec
1011
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone reconf.example '{ type master; file "reconf.example.db"; };' 2>&1 | sed 's/^/I:ns3 /'
1012
rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
1013
[ "$rekey_calls" -eq 0 ] || ret=1
1014
# ...then we add auto-dnssec and reconfigure
1016
echo 'zone reconf.example { type master; file "reconf.example.db"; allow-update { any; }; auto-dnssec maintain; };' > $nzf
1017
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /'
1018
for i in 0 1 2 3 4 5 6 7 8 9; do
1020
rekey_calls=`grep "zone reconf.example.*next key event" ns3/named.run | wc -l`
1021
[ "$rekey_calls" -gt 0 ] || lret=1
1022
if [ "$lret" = 0 ]; then break; fi
1026
if [ "$lret" != 0 ]; then ret=$lret; fi
1027
if [ $ret != 0 ]; then echo "I:failed"; fi
1028
status=`expr $status + $ret`
999
1030
echo "I:exit status: $status"