1*00b67f09SDavid van Moolenbroek# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 4*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 5*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 6*00b67f09SDavid van Moolenbroek# 7*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 8*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 9*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 10*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 11*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 12*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 13*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 14*00b67f09SDavid van Moolenbroek 15*00b67f09SDavid van Moolenbroek# Id 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 18*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 19*00b67f09SDavid van Moolenbroekfailed () { 20*00b67f09SDavid van Moolenbroek cat verify.out.$n | sed 's/^/D:/'; 21*00b67f09SDavid van Moolenbroek echo "I:failed"; 22*00b67f09SDavid van Moolenbroek status=1; 23*00b67f09SDavid van Moolenbroek} 24*00b67f09SDavid van Moolenbroek 25*00b67f09SDavid van Moolenbroekn=0 26*00b67f09SDavid van Moolenbroekstatus=0 27*00b67f09SDavid van Moolenbroek 28*00b67f09SDavid van Moolenbroekfor file in zones/*.good 29*00b67f09SDavid van Moolenbroekdo 30*00b67f09SDavid van Moolenbroek n=`expr $n + 1` 31*00b67f09SDavid van Moolenbroek zone=`expr "$file" : 'zones/\(.*\).good'` 32*00b67f09SDavid van Moolenbroek echo "I:checking supposedly good zone: $zone ($n)" 33*00b67f09SDavid van Moolenbroek ret=0 34*00b67f09SDavid van Moolenbroek case $zone in 35*00b67f09SDavid van Moolenbroek zsk-only.*) only=-z;; 36*00b67f09SDavid van Moolenbroek ksk-only.*) only=-z;; 37*00b67f09SDavid van Moolenbroek *) only=;; 38*00b67f09SDavid van Moolenbroek esac 39*00b67f09SDavid van Moolenbroek $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 || ret=1 40*00b67f09SDavid van Moolenbroek [ $ret = 0 ] || failed 41*00b67f09SDavid van Moolenbroekdone 42*00b67f09SDavid van Moolenbroek 43*00b67f09SDavid van Moolenbroekfor file in zones/*.bad 44*00b67f09SDavid van Moolenbroekdo 45*00b67f09SDavid van Moolenbroek n=`expr $n + 1` 46*00b67f09SDavid van Moolenbroek zone=`expr "$file" : 'zones/\(.*\).bad'` 47*00b67f09SDavid van Moolenbroek echo "I:checking supposedly bad zone: $zone ($n)" 48*00b67f09SDavid van Moolenbroek ret=0 49*00b67f09SDavid van Moolenbroek dumpit=0 50*00b67f09SDavid van Moolenbroek case $zone in 51*00b67f09SDavid van Moolenbroek zsk-only.*) only=-z;; 52*00b67f09SDavid van Moolenbroek ksk-only.*) only=-z;; 53*00b67f09SDavid van Moolenbroek *) only=;; 54*00b67f09SDavid van Moolenbroek esac 55*00b67f09SDavid van Moolenbroek expect1= expect2= 56*00b67f09SDavid van Moolenbroek case $zone in 57*00b67f09SDavid van Moolenbroek *.dnskeyonly) 58*00b67f09SDavid van Moolenbroek expect1="DNSKEY is not signed" 59*00b67f09SDavid van Moolenbroek ;; 60*00b67f09SDavid van Moolenbroek *.expired) 61*00b67f09SDavid van Moolenbroek expect1="signature has expired" 62*00b67f09SDavid van Moolenbroek expect2="No self-signed .*DNSKEY found" 63*00b67f09SDavid van Moolenbroek ;; 64*00b67f09SDavid van Moolenbroek *.ksk-expired) 65*00b67f09SDavid van Moolenbroek expect1="signature has expired" 66*00b67f09SDavid van Moolenbroek expect2="No self-signed .*DNSKEY found" 67*00b67f09SDavid van Moolenbroek ;; 68*00b67f09SDavid van Moolenbroek *.out-of-zone-nsec|*.below-bottom-of-zone-nsec) 69*00b67f09SDavid van Moolenbroek expect1="unexpected NSEC RRset at" 70*00b67f09SDavid van Moolenbroek ;; 71*00b67f09SDavid van Moolenbroek *.nsec.broken-chain) 72*00b67f09SDavid van Moolenbroek expect1="Bad NSEC record for.*, next name mismatch" 73*00b67f09SDavid van Moolenbroek ;; 74*00b67f09SDavid van Moolenbroek *.bad-bitmap) 75*00b67f09SDavid van Moolenbroek expect1="bit map mismatch" 76*00b67f09SDavid van Moolenbroek ;; 77*00b67f09SDavid van Moolenbroek *.missing-empty) 78*00b67f09SDavid van Moolenbroek expect1="Missing NSEC3 record for"; 79*00b67f09SDavid van Moolenbroek ;; 80*00b67f09SDavid van Moolenbroek unsigned) 81*00b67f09SDavid van Moolenbroek expect1="Zone contains no DNSSEC keys" 82*00b67f09SDavid van Moolenbroek ;; 83*00b67f09SDavid van Moolenbroek *.extra-nsec3) 84*00b67f09SDavid van Moolenbroek expect1="Expected and found NSEC3 chains not equal"; 85*00b67f09SDavid van Moolenbroek ;; 86*00b67f09SDavid van Moolenbroek *) 87*00b67f09SDavid van Moolenbroek dumpit=1 88*00b67f09SDavid van Moolenbroek ;; 89*00b67f09SDavid van Moolenbroek esac 90*00b67f09SDavid van Moolenbroek $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 && ret=1 91*00b67f09SDavid van Moolenbroek grep "${expect1:-.}" verify.out.$n > /dev/null || ret=1 92*00b67f09SDavid van Moolenbroek grep "${expect2:-.}" verify.out.$n > /dev/null || ret=1 93*00b67f09SDavid van Moolenbroek [ $ret = 0 ] || failed 94*00b67f09SDavid van Moolenbroek [ $dumpit = 1 ] && cat verify.out.$n 95*00b67f09SDavid van Moolenbroekdone 96*00b67f09SDavid van Moolenbroekexit $status 97