xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/dns64/tests.sh (revision 32d1c65c71fbdb65a012e8392a62a757dd6853e9) 
1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14set -e
15
16. ../conf.sh
17
18status=0
19n=0
20
21rm -f dig.out.*
22
23DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
24
25for conf in conf/good*.conf; do
26  echo_i "checking that $conf is accepted ($n)"
27  ret=0
28  $CHECKCONF "$conf" || ret=1
29  n=$((n + 1))
30  if [ $ret != 0 ]; then echo_i "failed"; fi
31  status=$((status + ret))
32done
33
34for conf in conf/bad*.conf; do
35  echo_i "checking that $conf is rejected ($n)"
36  ret=0
37  $CHECKCONF "$conf" >/dev/null && ret=1
38  n=$((n + 1))
39  if [ $ret != 0 ]; then echo_i "failed"; fi
40  status=$((status + ret))
41done
42
43# Check the example. domain
44
45echo_i "checking non-excluded AAAA lookup works ($n)"
46ret=0
47$DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
48grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
49grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
50n=$((n + 1))
51if [ $ret != 0 ]; then echo_i "failed"; fi
52status=$((status + ret))
53
54echo_i "checking excluded only AAAA lookup works ($n)"
55ret=0
56$DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
57grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
58grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
59n=$((n + 1))
60if [ $ret != 0 ]; then echo_i "failed"; fi
61status=$((status + ret))
62
63echo_i "checking excluded AAAA and non-mapped A lookup works ($n)"
64ret=0
65$DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
66grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
67grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
68n=$((n + 1))
69if [ $ret != 0 ]; then echo_i "failed"; fi
70status=$((status + ret))
71
72echo_i "checking excluded only AAAA and mapped A lookup works ($n)"
73ret=0
74$DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
75grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
76grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n >/dev/null || ret=1
77n=$((n + 1))
78if [ $ret != 0 ]; then echo_i "failed"; fi
79status=$((status + ret))
80
81echo_i "checking default exclude acl ignores mapped A records (all mapped) ($n)"
82ret=0
83$DIG $DIGOPTS a-and-mapped.example. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1
84grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
85grep "2001:bbbb::1.2.3.5" dig.out.ns2.test$n >/dev/null || ret=1
86n=$((n + 1))
87if [ $ret != 0 ]; then echo_i "failed"; fi
88status=$((status + ret))
89
90echo_i "checking default exclude acl ignores mapped A records (some mapped) ($n)"
91ret=0
92$DIG $DIGOPTS a-and-aaaa-and-mapped.example. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1
93grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
94grep "2001:eeee::4" dig.out.ns2.test$n >/dev/null || ret=1
95grep "::ffff:1.2.3.4" dig.out.ns2.test$n >/dev/null && ret=1
96grep "::ffff:1.2.3.5" dig.out.ns2.test$n >/dev/null && ret=1
97n=$((n + 1))
98if [ $ret != 0 ]; then echo_i "failed"; fi
99status=$((status + ret))
100
101echo_i "checking default exclude acl works with AAAA only ($n)"
102ret=0
103$DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1
104grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
105grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
106n=$((n + 1))
107if [ $ret != 0 ]; then echo_i "failed"; fi
108status=$((status + ret))
109
110echo_i "checking default exclude acl A only lookup works ($n)"
111ret=0
112$DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.4 aaaa >dig.out.ns2.test$n || ret=1
113grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
114grep "2001:bbbb::102:305" dig.out.ns2.test$n >/dev/null || ret=1
115n=$((n + 1))
116if [ $ret != 0 ]; then echo_i "failed"; fi
117status=$((status + ret))
118
119echo_i "checking partially excluded only AAAA lookup works ($n)"
120ret=0
121$DIG $DIGOPTS partially-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
122grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
123grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
124grep "2001::3" dig.out.ns2.test$n >/dev/null || ret=1
125n=$((n + 1))
126if [ $ret != 0 ]; then echo_i "failed"; fi
127status=$((status + ret))
128
129echo_i "checking partially-excluded AAAA and non-mapped A lookup works ($n)"
130ret=0
131$DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
132grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
133grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
134grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
135n=$((n + 1))
136if [ $ret != 0 ]; then echo_i "failed"; fi
137status=$((status + ret))
138
139echo_i "checking partially-excluded only AAAA and mapped A lookup works ($n)"
140ret=0
141$DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
142grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
143grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
144grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
145n=$((n + 1))
146if [ $ret != 0 ]; then echo_i "failed"; fi
147status=$((status + ret))
148
149echo_i "checking AAAA only lookup works ($n)"
150ret=0
151$DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
152grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
153grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
154n=$((n + 1))
155if [ $ret != 0 ]; then echo_i "failed"; fi
156status=$((status + ret))
157
158echo_i "checking A only lookup works ($n)"
159ret=0
160$DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
161grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
162grep "2001:aaaa::102:305" dig.out.ns2.test$n >/dev/null || ret=1
163n=$((n + 1))
164if [ $ret != 0 ]; then echo_i "failed"; fi
165status=$((status + ret))
166
167echo_i "checking A and AAAA lookup works ($n)"
168ret=0
169$DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
170grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
171grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
172n=$((n + 1))
173if [ $ret != 0 ]; then echo_i "failed"; fi
174status=$((status + ret))
175
176echo_i "checking non-mapped A lookup works ($n)"
177ret=0
178$DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
179grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
180grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
181n=$((n + 1))
182if [ $ret != 0 ]; then echo_i "failed"; fi
183status=$((status + ret))
184
185echo_i "checking NODATA AAAA lookup works ($n)"
186ret=0
187$DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
188grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
189grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
190n=$((n + 1))
191if [ $ret != 0 ]; then echo_i "failed"; fi
192status=$((status + ret))
193
194echo_i "checking non-existent AAAA lookup works ($n)"
195ret=0
196$DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
197grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
198n=$((n + 1))
199if [ $ret != 0 ]; then echo_i "failed"; fi
200status=$((status + ret))
201
202echo_i "checking non-excluded AAAA via CNAME lookup works ($n)"
203ret=0
204$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
205grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
206grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
207n=$((n + 1))
208if [ $ret != 0 ]; then echo_i "failed"; fi
209status=$((status + ret))
210
211echo_i "checking excluded only AAAA via CNAME lookup works ($n)"
212ret=0
213$DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
214grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
215grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
216n=$((n + 1))
217if [ $ret != 0 ]; then echo_i "failed"; fi
218status=$((status + ret))
219
220echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works ($n)"
221ret=0
222$DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
223grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
224grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
225n=$((n + 1))
226if [ $ret != 0 ]; then echo_i "failed"; fi
227status=$((status + ret))
228
229echo_i "checking excluded only AAAA and mapped A via CNAME lookup works ($n)"
230ret=0
231$DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
232grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
233grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n >/dev/null || ret=1
234n=$((n + 1))
235if [ $ret != 0 ]; then echo_i "failed"; fi
236status=$((status + ret))
237
238echo_i "checking AAAA only via CNAME lookup works ($n)"
239ret=0
240$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
241grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
242grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
243n=$((n + 1))
244if [ $ret != 0 ]; then echo_i "failed"; fi
245status=$((status + ret))
246
247echo_i "checking A only via CNAME lookup works ($n)"
248ret=0
249$DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
250grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
251grep "2001:aaaa::102:305" dig.out.ns2.test$n >/dev/null || ret=1
252n=$((n + 1))
253if [ $ret != 0 ]; then echo_i "failed"; fi
254status=$((status + ret))
255
256echo_i "checking A and AAAA via CNAME lookup works ($n)"
257ret=0
258$DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
259grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
260grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
261n=$((n + 1))
262if [ $ret != 0 ]; then echo_i "failed"; fi
263status=$((status + ret))
264
265echo_i "checking non-mapped A via CNAME lookup works ($n)"
266ret=0
267$DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
268grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
269grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
270grep "CNAME	a-not-mapped.example." dig.out.ns2.test$n >/dev/null || ret=1
271n=$((n + 1))
272if [ $ret != 0 ]; then echo_i "failed"; fi
273status=$((status + ret))
274
275echo_i "checking NODATA AAAA via CNAME lookup works ($n)"
276ret=0
277$DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
278grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
279grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
280grep "CNAME	mx-only.example." dig.out.ns2.test$n >/dev/null || ret=1
281n=$((n + 1))
282if [ $ret != 0 ]; then echo_i "failed"; fi
283status=$((status + ret))
284
285echo_i "checking non-existent AAAA via CNAME lookup works ($n)"
286ret=0
287$DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
288grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
289grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
290n=$((n + 1))
291if [ $ret != 0 ]; then echo_i "failed"; fi
292status=$((status + ret))
293
294# Check the example. domain recursive only
295
296echo_i "checking non-excluded AAAA lookup works, recursive only ($n)"
297ret=0
298$DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
299grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
300grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
301n=$((n + 1))
302if [ $ret != 0 ]; then echo_i "failed"; fi
303status=$((status + ret))
304
305echo_i "checking excluded only AAAA lookup works, recursive only ($n)"
306ret=0
307$DIG $DIGOPTS excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
308grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
309grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
310n=$((n + 1))
311if [ $ret != 0 ]; then echo_i "failed"; fi
312status=$((status + ret))
313
314echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only ($n)"
315ret=0
316$DIG $DIGOPTS excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
317grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
318grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
319n=$((n + 1))
320if [ $ret != 0 ]; then echo_i "failed"; fi
321status=$((status + ret))
322
323echo_i "checking excluded only AAAA and mapped A lookup works, recursive only ($n)"
324ret=0
325$DIG $DIGOPTS excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
326grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
327grep "2001:bbbb::1.2.3.4" dig.out.ns2.test$n >/dev/null || ret=1
328n=$((n + 1))
329if [ $ret != 0 ]; then echo_i "failed"; fi
330status=$((status + ret))
331
332echo_i "checking partially excluded only AAAA lookup works, recursive only ($n)"
333ret=0
334$DIG $DIGOPTS partially-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
335grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
336grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
337grep "2001::3" dig.out.ns2.test$n >/dev/null || ret=1
338n=$((n + 1))
339if [ $ret != 0 ]; then echo_i "failed"; fi
340status=$((status + ret))
341
342echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only ($n)"
343ret=0
344$DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
345grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
346grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
347grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
348n=$((n + 1))
349if [ $ret != 0 ]; then echo_i "failed"; fi
350status=$((status + ret))
351
352echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only ($n)"
353ret=0
354$DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
355grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
356grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
357grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
358n=$((n + 1))
359if [ $ret != 0 ]; then echo_i "failed"; fi
360status=$((status + ret))
361
362echo_i "checking AAAA only lookup works, recursive only ($n)"
363ret=0
364$DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
365grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
366grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
367n=$((n + 1))
368if [ $ret != 0 ]; then echo_i "failed"; fi
369status=$((status + ret))
370
371echo_i "checking A only lookup works, recursive only ($n)"
372ret=0
373$DIG $DIGOPTS a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
374grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
375grep "2001:bbbb::102:305" dig.out.ns2.test$n >/dev/null || ret=1
376n=$((n + 1))
377if [ $ret != 0 ]; then echo_i "failed"; fi
378status=$((status + ret))
379
380echo_i "checking A and AAAA lookup works, recursive only ($n)"
381ret=0
382$DIG $DIGOPTS a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
383grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
384grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
385n=$((n + 1))
386if [ $ret != 0 ]; then echo_i "failed"; fi
387status=$((status + ret))
388
389echo_i "checking non-mapped A lookup works, recursive only ($n)"
390ret=0
391$DIG $DIGOPTS a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
392grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
393grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
394n=$((n + 1))
395if [ $ret != 0 ]; then echo_i "failed"; fi
396status=$((status + ret))
397
398echo_i "checking NODATA AAAA lookup works, recursive only ($n)"
399ret=0
400$DIG $DIGOPTS mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
401grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
402grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
403n=$((n + 1))
404if [ $ret != 0 ]; then echo_i "failed"; fi
405status=$((status + ret))
406
407echo_i "checking non-existent AAAA lookup works, recursive only ($n)"
408ret=0
409$DIG $DIGOPTS non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
410grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
411n=$((n + 1))
412if [ $ret != 0 ]; then echo_i "failed"; fi
413status=$((status + ret))
414
415echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only ($n)"
416ret=0
417$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
418grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
419grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
420n=$((n + 1))
421if [ $ret != 0 ]; then echo_i "failed"; fi
422status=$((status + ret))
423
424echo_i "checking excluded only AAAA via CNAME lookup works, recursive only ($n)"
425ret=0
426$DIG $DIGOPTS cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
427grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
428grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
429n=$((n + 1))
430if [ $ret != 0 ]; then echo_i "failed"; fi
431status=$((status + ret))
432
433echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only ($n)"
434ret=0
435$DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
436grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
437grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
438n=$((n + 1))
439if [ $ret != 0 ]; then echo_i "failed"; fi
440status=$((status + ret))
441
442echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only ($n)"
443ret=0
444$DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
445grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
446grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
447grep "2001:bbbb::102:304" dig.out.ns2.test$n >/dev/null || ret=1
448n=$((n + 1))
449if [ $ret != 0 ]; then echo_i "failed"; fi
450status=$((status + ret))
451
452echo_i "checking AAAA only via CNAME lookup works, recursive only ($n)"
453ret=0
454$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
455grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
456grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
457n=$((n + 1))
458if [ $ret != 0 ]; then echo_i "failed"; fi
459status=$((status + ret))
460
461echo_i "checking A only via CNAME lookup works, recursive only ($n)"
462ret=0
463$DIG $DIGOPTS cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
464grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
465grep "2001:bbbb::102:305" dig.out.ns2.test$n >/dev/null || ret=1
466n=$((n + 1))
467if [ $ret != 0 ]; then echo_i "failed"; fi
468status=$((status + ret))
469
470echo_i "checking A and AAAA via CNAME lookup works, recursive only ($n)"
471ret=0
472$DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
473grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
474grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
475n=$((n + 1))
476if [ $ret != 0 ]; then echo_i "failed"; fi
477status=$((status + ret))
478
479echo_i "checking non-mapped A via CNAME lookup works, recursive only ($n)"
480ret=0
481$DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
482grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
483grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
484grep "CNAME	a-not-mapped.example." dig.out.ns2.test$n >/dev/null || ret=1
485n=$((n + 1))
486if [ $ret != 0 ]; then echo_i "failed"; fi
487status=$((status + ret))
488
489echo_i "checking NODATA AAAA via CNAME lookup works, recursive only ($n)"
490ret=0
491$DIG $DIGOPTS cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
492grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
493grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
494grep "CNAME	mx-only.example." dig.out.ns2.test$n >/dev/null || ret=1
495n=$((n + 1))
496if [ $ret != 0 ]; then echo_i "failed"; fi
497status=$((status + ret))
498
499echo_i "checking non-existent AAAA via CNAME lookup works, recursive only ($n)"
500ret=0
501$DIG $DIGOPTS cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
502grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
503grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
504n=$((n + 1))
505if [ $ret != 0 ]; then echo_i "failed"; fi
506status=$((status + ret))
507
508# Check the example. domain recursive only w/o recursion
509
510echo_i "checking non-excluded AAAA lookup works, recursive only +norec ($n)"
511ret=0
512$DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
513grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
514grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
515n=$((n + 1))
516if [ $ret != 0 ]; then echo_i "failed"; fi
517status=$((status + ret))
518
519echo_i "checking excluded only AAAA lookup works, recursive only +norec ($n)"
520ret=0
521$DIG $DIGOPTS +norec excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
522grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
523grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
524grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
525n=$((n + 1))
526if [ $ret != 0 ]; then echo_i "failed"; fi
527status=$((status + ret))
528
529echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)"
530ret=0
531$DIG $DIGOPTS +norec excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
532grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
533grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
534grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
535n=$((n + 1))
536if [ $ret != 0 ]; then echo_i "failed"; fi
537status=$((status + ret))
538
539echo_i "checking excluded only AAAA and mapped A lookup works, recursive only +norec ($n)"
540ret=0
541$DIG $DIGOPTS +norec excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
542grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
543grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
544n=$((n + 1))
545if [ $ret != 0 ]; then echo_i "failed"; fi
546status=$((status + ret))
547
548echo_i "checking partially excluded only AAAA lookup works, recursive only +norec ($n)"
549ret=0
550$DIG $DIGOPTS +norec partially-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
551grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
552grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
553grep "2001:eeee:" dig.out.ns2.test$n >/dev/null || ret=1
554grep "2001::3" dig.out.ns2.test$n >/dev/null || ret=1
555n=$((n + 1))
556if [ $ret != 0 ]; then echo_i "failed"; fi
557status=$((status + ret))
558
559echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)"
560ret=0
561$DIG $DIGOPTS +norec partially-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
562grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
563grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
564grep "2001:eeee:" dig.out.ns2.test$n >/dev/null || ret=1
565grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
566n=$((n + 1))
567if [ $ret != 0 ]; then echo_i "failed"; fi
568status=$((status + ret))
569
570echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only +norec ($n)"
571ret=0
572$DIG $DIGOPTS +norec partially-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
573grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
574grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
575grep "2001:eeee:" dig.out.ns2.test$n >/dev/null || ret=1
576grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
577n=$((n + 1))
578if [ $ret != 0 ]; then echo_i "failed"; fi
579status=$((status + ret))
580
581echo_i "checking AAAA only lookup works, recursive only +norec ($n)"
582ret=0
583$DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
584grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
585grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
586n=$((n + 1))
587if [ $ret != 0 ]; then echo_i "failed"; fi
588status=$((status + ret))
589
590echo_i "checking A only lookup works, recursive only +norec ($n)"
591ret=0
592$DIG $DIGOPTS +norec a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
593grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
594grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
595n=$((n + 1))
596if [ $ret != 0 ]; then echo_i "failed"; fi
597status=$((status + ret))
598
599echo_i "checking A and AAAA lookup works, recursive only +norec ($n)"
600ret=0
601$DIG $DIGOPTS +norec a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
602grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
603grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
604n=$((n + 1))
605if [ $ret != 0 ]; then echo_i "failed"; fi
606status=$((status + ret))
607
608echo_i "checking non-mapped A lookup works, recursive only +norec ($n)"
609ret=0
610$DIG $DIGOPTS +norec a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
611grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
612grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
613n=$((n + 1))
614if [ $ret != 0 ]; then echo_i "failed"; fi
615status=$((status + ret))
616
617echo_i "checking NODATA AAAA lookup works, recursive only +norec ($n)"
618ret=0
619$DIG $DIGOPTS +norec mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
620grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
621grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
622n=$((n + 1))
623if [ $ret != 0 ]; then echo_i "failed"; fi
624status=$((status + ret))
625
626echo_i "checking non-existent AAAA lookup works, recursive only +norec ($n)"
627ret=0
628$DIG $DIGOPTS +norec non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
629grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
630n=$((n + 1))
631if [ $ret != 0 ]; then echo_i "failed"; fi
632status=$((status + ret))
633
634echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only +norec ($n)"
635ret=0
636$DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
637grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
638grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
639n=$((n + 1))
640if [ $ret != 0 ]; then echo_i "failed"; fi
641status=$((status + ret))
642
643echo_i "checking excluded only AAAA via CNAME lookup works, recursive only +norec ($n)"
644ret=0
645$DIG $DIGOPTS +norec cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
646grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
647grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
648grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
649n=$((n + 1))
650if [ $ret != 0 ]; then echo_i "failed"; fi
651status=$((status + ret))
652
653echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only +norec ($n)"
654ret=0
655$DIG $DIGOPTS +norec cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
656grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
657grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
658grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
659n=$((n + 1))
660if [ $ret != 0 ]; then echo_i "failed"; fi
661status=$((status + ret))
662
663echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only +norec ($n)"
664ret=0
665$DIG $DIGOPTS +norec cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
666grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
667grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
668grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
669n=$((n + 1))
670if [ $ret != 0 ]; then echo_i "failed"; fi
671status=$((status + ret))
672
673echo_i "checking AAAA only via CNAME lookup works, recursive only +norec ($n)"
674ret=0
675$DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
676grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
677grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
678n=$((n + 1))
679if [ $ret != 0 ]; then echo_i "failed"; fi
680status=$((status + ret))
681
682echo_i "checking A only via CNAME lookup works, recursive only +norec ($n)"
683ret=0
684$DIG $DIGOPTS +norec cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
685grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
686grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
687grep "CNAME	a-only.example." dig.out.ns2.test$n >/dev/null || ret=1
688n=$((n + 1))
689if [ $ret != 0 ]; then echo_i "failed"; fi
690status=$((status + ret))
691
692echo_i "checking A and AAAA via CNAME lookup works, recursive only +norec ($n)"
693ret=0
694$DIG $DIGOPTS +norec cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
695grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
696grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
697n=$((n + 1))
698if [ $ret != 0 ]; then echo_i "failed"; fi
699status=$((status + ret))
700
701echo_i "checking non-mapped A via CNAME lookup works, recursive only +norec ($n)"
702ret=0
703$DIG $DIGOPTS +norec cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
704grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
705grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
706grep "CNAME	a-not-mapped.example." dig.out.ns2.test$n >/dev/null || ret=1
707n=$((n + 1))
708if [ $ret != 0 ]; then echo_i "failed"; fi
709status=$((status + ret))
710
711echo_i "checking NODATA AAAA via CNAME lookup works, recursive only +norec ($n)"
712ret=0
713$DIG $DIGOPTS +norec cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
714grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
715grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
716grep "CNAME	mx-only.example." dig.out.ns2.test$n >/dev/null || ret=1
717n=$((n + 1))
718if [ $ret != 0 ]; then echo_i "failed"; fi
719status=$((status + ret))
720
721echo_i "checking non-existent AAAA via CNAME lookup works, recursive only +norec ($n)"
722ret=0
723$DIG $DIGOPTS +norec cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa >dig.out.ns2.test$n || ret=1
724grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
725grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
726n=$((n + 1))
727if [ $ret != 0 ]; then echo_i "failed"; fi
728status=$((status + ret))
729
730# Check the example. domain from non client
731
732echo_i "checking non-excluded AAAA from non-client lookup works ($n)"
733ret=0
734$DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
735grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
736grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
737n=$((n + 1))
738if [ $ret != 0 ]; then echo_i "failed"; fi
739status=$((status + ret))
740
741echo_i "checking excluded only AAAA from non-client lookup works ($n)"
742ret=0
743$DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
744grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
745grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
746n=$((n + 1))
747if [ $ret != 0 ]; then echo_i "failed"; fi
748status=$((status + ret))
749
750echo_i "checking excluded AAAA and non-mapped A from non-client lookup works ($n)"
751ret=0
752$DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
753grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
754grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
755n=$((n + 1))
756if [ $ret != 0 ]; then echo_i "failed"; fi
757status=$((status + ret))
758
759echo_i "checking excluded only AAAA and mapped A from non-client lookup works ($n)"
760ret=0
761$DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
762grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
763grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
764n=$((n + 1))
765if [ $ret != 0 ]; then echo_i "failed"; fi
766status=$((status + ret))
767
768echo_i "checking AAAA only from non-client lookup works ($n)"
769ret=0
770$DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
771grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
772grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
773n=$((n + 1))
774if [ $ret != 0 ]; then echo_i "failed"; fi
775status=$((status + ret))
776
777echo_i "checking A only from non-client lookup works ($n)"
778ret=0
779$DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
780grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
781grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
782n=$((n + 1))
783if [ $ret != 0 ]; then echo_i "failed"; fi
784status=$((status + ret))
785
786echo_i "checking A and AAAA from non-client lookup works ($n)"
787ret=0
788$DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
789grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
790grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
791n=$((n + 1))
792if [ $ret != 0 ]; then echo_i "failed"; fi
793status=$((status + ret))
794
795echo_i "checking non-mapped A from non-client lookup works ($n)"
796ret=0
797$DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
798grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
799grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
800n=$((n + 1))
801if [ $ret != 0 ]; then echo_i "failed"; fi
802status=$((status + ret))
803
804echo_i "checking NODATA AAAA from non-client lookup works ($n)"
805ret=0
806$DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
807grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
808grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
809n=$((n + 1))
810if [ $ret != 0 ]; then echo_i "failed"; fi
811status=$((status + ret))
812
813echo_i "checking non-existent AAAA from non-client lookup works ($n)"
814ret=0
815$DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
816grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
817n=$((n + 1))
818if [ $ret != 0 ]; then echo_i "failed"; fi
819status=$((status + ret))
820
821echo_i "checking non-excluded AAAA via CNAME from non-client lookup works ($n)"
822ret=0
823$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
824grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
825grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
826n=$((n + 1))
827if [ $ret != 0 ]; then echo_i "failed"; fi
828status=$((status + ret))
829
830echo_i "checking excluded only AAAA via CNAME from non-client lookup works ($n)"
831ret=0
832$DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
833grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
834grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
835n=$((n + 1))
836if [ $ret != 0 ]; then echo_i "failed"; fi
837status=$((status + ret))
838
839echo_i "checking excluded AAAA and non-mapped A via CNAME from non-client lookup works ($n)"
840ret=0
841$DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
842grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
843grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
844n=$((n + 1))
845if [ $ret != 0 ]; then echo_i "failed"; fi
846status=$((status + ret))
847
848echo_i "checking excluded only AAAA and mapped A via CNAME from non-client lookup works ($n)"
849ret=0
850$DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
851grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
852grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
853n=$((n + 1))
854if [ $ret != 0 ]; then echo_i "failed"; fi
855status=$((status + ret))
856
857echo_i "checking AAAA only via CNAME from non-client lookup works ($n)"
858ret=0
859$DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
860grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
861grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
862n=$((n + 1))
863if [ $ret != 0 ]; then echo_i "failed"; fi
864status=$((status + ret))
865
866echo_i "checking A only via CNAME from non-client lookup works ($n)"
867ret=0
868$DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
869grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
870grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
871n=$((n + 1))
872if [ $ret != 0 ]; then echo_i "failed"; fi
873status=$((status + ret))
874
875echo_i "checking A and AAAA via CNAME from non-client lookup works ($n)"
876ret=0
877$DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
878grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
879grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
880n=$((n + 1))
881if [ $ret != 0 ]; then echo_i "failed"; fi
882status=$((status + ret))
883
884echo_i "checking non-mapped A via CNAME from non-client lookup works ($n)"
885ret=0
886$DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
887grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
888grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
889grep "CNAME	a-not-mapped.example." dig.out.ns2.test$n >/dev/null || ret=1
890n=$((n + 1))
891if [ $ret != 0 ]; then echo_i "failed"; fi
892status=$((status + ret))
893
894echo_i "checking NODATA AAAA via CNAME from non-client lookup works ($n)"
895ret=0
896$DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
897grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
898grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
899grep "CNAME	mx-only.example." dig.out.ns2.test$n >/dev/null || ret=1
900n=$((n + 1))
901if [ $ret != 0 ]; then echo_i "failed"; fi
902status=$((status + ret))
903
904echo_i "checking non-existent AAAA via CNAME from non-client lookup works ($n)"
905ret=0
906$DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa >dig.out.ns2.test$n || ret=1
907grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
908grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
909n=$((n + 1))
910if [ $ret != 0 ]; then echo_i "failed"; fi
911status=$((status + ret))
912
913# Check the signed. domain
914
915echo_i "checking non-excluded AAAA lookup is signed zone works ($n)"
916ret=0
917$DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
918grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
919grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
920n=$((n + 1))
921if [ $ret != 0 ]; then echo_i "failed"; fi
922status=$((status + ret))
923
924echo_i "checking excluded only AAAA lookup is signed zone works ($n)"
925ret=0
926$DIG $DIGOPTS excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
927grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
928grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
929n=$((n + 1))
930if [ $ret != 0 ]; then echo_i "failed"; fi
931status=$((status + ret))
932
933echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works ($n)"
934ret=0
935$DIG $DIGOPTS excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
936grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
937grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
938n=$((n + 1))
939if [ $ret != 0 ]; then echo_i "failed"; fi
940status=$((status + ret))
941
942echo_i "checking excluded only AAAA and mapped A lookup is signed zone works ($n)"
943ret=0
944$DIG $DIGOPTS excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
945grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
946grep "2001:aaaa::102:304" dig.out.ns2.test$n >/dev/null || ret=1
947n=$((n + 1))
948if [ $ret != 0 ]; then echo_i "failed"; fi
949status=$((status + ret))
950
951echo_i "checking AAAA only lookup is signed zone works ($n)"
952ret=0
953$DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
954grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
955grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
956n=$((n + 1))
957if [ $ret != 0 ]; then echo_i "failed"; fi
958status=$((status + ret))
959
960echo_i "checking A only lookup is signed zone works ($n)"
961ret=0
962$DIG $DIGOPTS a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
963grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
964grep "2001:aaaa::102:305" dig.out.ns2.test$n >/dev/null || ret=1
965n=$((n + 1))
966if [ $ret != 0 ]; then echo_i "failed"; fi
967status=$((status + ret))
968
969echo_i "checking A and AAAA lookup is signed zone works ($n)"
970ret=0
971$DIG $DIGOPTS a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
972grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
973grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
974n=$((n + 1))
975if [ $ret != 0 ]; then echo_i "failed"; fi
976status=$((status + ret))
977
978echo_i "checking non-mapped A lookup is signed zone works ($n)"
979ret=0
980$DIG $DIGOPTS a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
981grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
982grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
983n=$((n + 1))
984if [ $ret != 0 ]; then echo_i "failed"; fi
985status=$((status + ret))
986
987echo_i "checking NODATA AAAA lookup is signed zone works ($n)"
988ret=0
989$DIG $DIGOPTS mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
990grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
991grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
992n=$((n + 1))
993if [ $ret != 0 ]; then echo_i "failed"; fi
994status=$((status + ret))
995
996echo_i "checking non-existent AAAA lookup is signed zone works ($n)"
997ret=0
998$DIG $DIGOPTS non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
999grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
1000n=$((n + 1))
1001if [ $ret != 0 ]; then echo_i "failed"; fi
1002status=$((status + ret))
1003
1004echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works ($n)"
1005ret=0
1006$DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1007grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1008grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1009n=$((n + 1))
1010if [ $ret != 0 ]; then echo_i "failed"; fi
1011status=$((status + ret))
1012
1013echo_i "checking excluded only AAAA via CNAME lookup is signed zone works ($n)"
1014ret=0
1015$DIG $DIGOPTS cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1016grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1017grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
1018n=$((n + 1))
1019if [ $ret != 0 ]; then echo_i "failed"; fi
1020status=$((status + ret))
1021
1022echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works ($n)"
1023ret=0
1024$DIG $DIGOPTS cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1025grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1026grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
1027n=$((n + 1))
1028if [ $ret != 0 ]; then echo_i "failed"; fi
1029status=$((status + ret))
1030
1031echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works ($n)"
1032ret=0
1033$DIG $DIGOPTS cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1034grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1035grep "2001:aaaa::102:304" dig.out.ns2.test$n >/dev/null || ret=1
1036n=$((n + 1))
1037if [ $ret != 0 ]; then echo_i "failed"; fi
1038status=$((status + ret))
1039
1040echo_i "checking AAAA only via CNAME lookup is signed zone works ($n)"
1041ret=0
1042$DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1043grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1044grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1045n=$((n + 1))
1046if [ $ret != 0 ]; then echo_i "failed"; fi
1047status=$((status + ret))
1048
1049echo_i "checking A only via CNAME lookup is signed zone works ($n)"
1050ret=0
1051$DIG $DIGOPTS cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1052grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1053grep "2001:aaaa::102:305" dig.out.ns2.test$n >/dev/null || ret=1
1054n=$((n + 1))
1055if [ $ret != 0 ]; then echo_i "failed"; fi
1056status=$((status + ret))
1057
1058echo_i "checking A and AAAA via CNAME lookup is signed zone works ($n)"
1059ret=0
1060$DIG $DIGOPTS cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1061grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1062grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
1063n=$((n + 1))
1064if [ $ret != 0 ]; then echo_i "failed"; fi
1065status=$((status + ret))
1066
1067echo_i "checking non-mapped A via CNAME lookup is signed zone works ($n)"
1068ret=0
1069$DIG $DIGOPTS cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1070grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1071grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
1072grep "CNAME	a-not-mapped.signed." dig.out.ns2.test$n >/dev/null || ret=1
1073n=$((n + 1))
1074if [ $ret != 0 ]; then echo_i "failed"; fi
1075status=$((status + ret))
1076
1077echo_i "checking NODATA AAAA via CNAME lookup is signed zone works ($n)"
1078ret=0
1079$DIG $DIGOPTS cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1080grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1081grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
1082grep "CNAME	mx-only.signed." dig.out.ns2.test$n >/dev/null || ret=1
1083n=$((n + 1))
1084if [ $ret != 0 ]; then echo_i "failed"; fi
1085status=$((status + ret))
1086
1087echo_i "checking non-existent AAAA via CNAME lookup is signed zone works ($n)"
1088ret=0
1089$DIG $DIGOPTS cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1090grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
1091grep "ANSWER: 1," dig.out.ns2.test$n >/dev/null || ret=1
1092n=$((n + 1))
1093if [ $ret != 0 ]; then echo_i "failed"; fi
1094status=$((status + ret))
1095
1096# Check the signed. domain
1097echo_i "checking non-excluded AAAA lookup is signed zone works with +dnssec ($n)"
1098ret=0
1099$DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1100grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1101grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1102n=$((n + 1))
1103if [ $ret != 0 ]; then echo_i "failed"; fi
1104status=$((status + ret))
1105
1106echo_i "checking excluded only AAAA lookup is signed zone works with +dnssec ($n)"
1107ret=0
1108$DIG $DIGOPTS +dnssec excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1109grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1110grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
1111n=$((n + 1))
1112if [ $ret != 0 ]; then echo_i "failed"; fi
1113status=$((status + ret))
1114
1115echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works with +dnssec ($n)"
1116ret=0
1117$DIG $DIGOPTS +dnssec excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1118grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1119grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
1120n=$((n + 1))
1121if [ $ret != 0 ]; then echo_i "failed"; fi
1122status=$((status + ret))
1123
1124echo_i "checking excluded only AAAA and mapped A lookup is signed zone works with +dnssec ($n)"
1125ret=0
1126$DIG $DIGOPTS +dnssec excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1127grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1128grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
1129n=$((n + 1))
1130if [ $ret != 0 ]; then echo_i "failed"; fi
1131status=$((status + ret))
1132
1133echo_i "checking AAAA only lookup is signed zone works with +dnssec ($n)"
1134ret=0
1135$DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1136grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1137grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1138n=$((n + 1))
1139if [ $ret != 0 ]; then echo_i "failed"; fi
1140status=$((status + ret))
1141
1142echo_i "checking A only lookup is signed zone works with +dnssec ($n)"
1143ret=0
1144$DIG $DIGOPTS +dnssec a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1145grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1146grep "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
1147n=$((n + 1))
1148if [ $ret != 0 ]; then echo_i "failed"; fi
1149status=$((status + ret))
1150
1151echo_i "checking A and AAAA lookup is signed zone works with +dnssec ($n)"
1152ret=0
1153$DIG $DIGOPTS +dnssec a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1154grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1155grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
1156n=$((n + 1))
1157if [ $ret != 0 ]; then echo_i "failed"; fi
1158status=$((status + ret))
1159
1160echo_i "checking non-mapped A lookup is signed zone works with +dnssec ($n)"
1161ret=0
1162$DIG $DIGOPTS +dnssec a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1163grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1164grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
1165n=$((n + 1))
1166if [ $ret != 0 ]; then echo_i "failed"; fi
1167status=$((status + ret))
1168
1169echo_i "checking NODATA AAAA lookup is signed zone works with +dnssec ($n)"
1170ret=0
1171$DIG $DIGOPTS +dnssec mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1172grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1173grep "ANSWER: 0" dig.out.ns2.test$n >/dev/null || ret=1
1174n=$((n + 1))
1175if [ $ret != 0 ]; then echo_i "failed"; fi
1176status=$((status + ret))
1177
1178echo_i "checking non-existent AAAA lookup is signed zone works with +dnssec ($n)"
1179ret=0
1180$DIG $DIGOPTS +dnssec non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1181grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
1182n=$((n + 1))
1183if [ $ret != 0 ]; then echo_i "failed"; fi
1184status=$((status + ret))
1185
1186echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works with +dnssec ($n)"
1187ret=0
1188$DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1189grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1190grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1191n=$((n + 1))
1192if [ $ret != 0 ]; then echo_i "failed"; fi
1193status=$((status + ret))
1194
1195echo_i "checking excluded only AAAA via CNAME lookup is signed zone works with +dnssec ($n)"
1196ret=0
1197$DIG $DIGOPTS +dnssec cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1198grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1199grep "2001:eeee::3" dig.out.ns2.test$n >/dev/null || ret=1
1200n=$((n + 1))
1201if [ $ret != 0 ]; then echo_i "failed"; fi
1202status=$((status + ret))
1203
1204echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)"
1205ret=0
1206$DIG $DIGOPTS +dnssec cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1207grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1208grep "2001:eeee::2" dig.out.ns2.test$n >/dev/null || ret=1
1209n=$((n + 1))
1210if [ $ret != 0 ]; then echo_i "failed"; fi
1211status=$((status + ret))
1212
1213echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works with +dnssec ($n)"
1214ret=0
1215$DIG $DIGOPTS +dnssec cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1216grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1217grep "2001:eeee::1" dig.out.ns2.test$n >/dev/null || ret=1
1218n=$((n + 1))
1219if [ $ret != 0 ]; then echo_i "failed"; fi
1220status=$((status + ret))
1221
1222echo_i "checking AAAA only via CNAME lookup is signed zone works with +dnssec ($n)"
1223ret=0
1224$DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1225grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1226grep "2001::2" dig.out.ns2.test$n >/dev/null || ret=1
1227n=$((n + 1))
1228if [ $ret != 0 ]; then echo_i "failed"; fi
1229status=$((status + ret))
1230
1231echo_i "checking A only via CNAME lookup is signed zone works with +dnssec ($n)"
1232ret=0
1233$DIG $DIGOPTS +dnssec cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1234grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1235grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
1236grep "2001:aaaa::102:305" dig.out.ns2.test$n >/dev/null && ret=1
1237n=$((n + 1))
1238if [ $ret != 0 ]; then echo_i "failed"; fi
1239status=$((status + ret))
1240
1241echo_i "checking A and AAAA via CNAME lookup is signed zone works with +dnssec ($n)"
1242ret=0
1243$DIG $DIGOPTS +dnssec cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1244grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1245grep "2001::1" dig.out.ns2.test$n >/dev/null || ret=1
1246n=$((n + 1))
1247if [ $ret != 0 ]; then echo_i "failed"; fi
1248status=$((status + ret))
1249
1250echo_i "checking non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)"
1251ret=0
1252$DIG $DIGOPTS +dnssec cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1253grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1254grep "ANSWER: 2" dig.out.ns2.test$n >/dev/null || ret=1
1255grep "CNAME	a-not-mapped.signed." dig.out.ns2.test$n >/dev/null || ret=1
1256n=$((n + 1))
1257if [ $ret != 0 ]; then echo_i "failed"; fi
1258status=$((status + ret))
1259
1260echo_i "checking NODATA AAAA via CNAME lookup is signed zone works with +dnssec ($n)"
1261ret=0
1262$DIG $DIGOPTS +dnssec cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1263grep "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1264grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
1265grep "CNAME	mx-only.signed." dig.out.ns2.test$n >/dev/null || ret=1
1266n=$((n + 1))
1267if [ $ret != 0 ]; then echo_i "failed"; fi
1268status=$((status + ret))
1269
1270echo_i "checking non-existent AAAA via CNAME lookup is signed zone works with +dnssec ($n)"
1271ret=0
1272$DIG $DIGOPTS +dnssec cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa >dig.out.ns2.test$n || ret=1
1273grep "status: NXDOMAIN" dig.out.ns2.test$n >/dev/null || ret=1
1274grep "ANSWER: 2," dig.out.ns2.test$n >/dev/null || ret=1
1275n=$((n + 1))
1276if [ $ret != 0 ]; then echo_i "failed"; fi
1277status=$((status + ret))
1278
1279echo_i "checking reverse mapping ($n)"
1280ret=0
1281$DIG $DIGOPTS -x 2001:aaaa::10.0.0.1 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1282grep -i "CNAME.1.0.0.10.IN-ADDR.ARPA.$" dig.out.ns2.test$n >/dev/null || ret=1
1283n=$((n + 1))
1284if [ $ret != 0 ]; then echo_i "failed"; fi
1285status=$((status + ret))
1286
1287list=$($DIG $DIGOPTS -b 10.53.0.6 @10.53.0.2 +short aaaa a-only.example | sort)
1288for a in $list; do
1289  ret=0
1290  echo_i "checking reverse mapping of $a ($n)"
1291  $DIG $DIGOPTS -x $a @10.53.0.2 >dig.out.ns2.test$n || ret=1
1292  grep -i "CNAME.5.3.2.1.IN-ADDR.ARPA." dig.out.ns2.test$n >/dev/null || ret=1
1293  n=$((n + 1))
1294  if [ $ret != 0 ]; then echo_i "failed"; fi
1295  status=$((status + ret))
1296done
1297
1298rev=$($ARPANAME 2001:aaaa::10.0.0.1)
1299regex='..\(.*.IP6.ARPA\)'
1300rev=$(expr "${rev}" : "${regex}")
1301fin=$(expr "${rev}" : "............${regex}")
1302while test "${rev}" != "${fin}"; do
1303  ret=0
1304  echo_i "checking $rev ($n)"
1305  $DIG $DIGOPTS $rev ptr @10.53.0.2 >dig.out.ns2.test$n || ret=1
1306  grep -i "status: NOERROR" dig.out.ns2.test$n >/dev/null || ret=1
1307  grep -i "ANSWER: 0," dig.out.ns2.test$n >/dev/null || ret=1
1308  n=$((n + 1))
1309  if [ $ret != 0 ]; then echo_i "failed"; fi
1310  status=$((status + ret))
1311  rev=$(expr "${rev}" : "${regex}")
1312done
1313
1314echo_i "checking dns64-server and dns64-contact ($n)"
1315ret=0
1316$DIG $DIGOPTS soa 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.a.a.1.0.0.2.ip6.arpa @10.53.0.2 >dig.out.ns2.test$n || ret=1
1317grep "SOA.dns64.example.net..hostmaster.example.net." dig.out.ns2.test$n >/dev/null || ret=1
1318n=$((n + 1))
1319if [ $ret != 0 ]; then echo_i "failed"; fi
1320status=$((status + ret))
1321
1322echo_i "checking TTL less than 600 from zone ($n)"
1323ret=0
1324#expect 500
1325$DIG $DIGOPTS aaaa ttl-less-than-600.example +rec @10.53.0.1 >dig.out.ns1.test$n || ret=1
1326grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1
1327n=$((n + 1))
1328if [ $ret != 0 ]; then echo_i "failed"; fi
1329status=$((status + ret))
1330
1331echo_i "checking TTL more than 600 from zone ($n)"
1332ret=0
1333#expect 700
1334$DIG $DIGOPTS aaaa ttl-more-than-600.example +rec @10.53.0.1 >dig.out.ns1.test$n || ret=1
1335grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1
1336n=$((n + 1))
1337if [ $ret != 0 ]; then echo_i "failed"; fi
1338status=$((status + ret))
1339
1340echo_i "checking TTL less than minimum from zone ($n)"
1341ret=0
1342#expect 1100
1343$DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec @10.53.0.1 >dig.out.ns1.test$n || ret=1
1344grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1
1345n=$((n + 1))
1346if [ $ret != 0 ]; then echo_i "failed"; fi
1347status=$((status + ret))
1348
1349echo_i "checking TTL limited to minimum from zone ($n)"
1350ret=0
1351#expect 1200
1352$DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec @10.53.0.1 >dig.out.ns1.test$n || ret=1
1353grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1
1354n=$((n + 1))
1355if [ $ret != 0 ]; then echo_i "failed"; fi
1356status=$((status + ret))
1357
1358echo_i "checking TTL less than 600 via cache ($n)"
1359ret=0
1360#expect 500
1361$DIG $DIGOPTS aaaa ttl-less-than-600.example +rec -b 10.53.0.2 @10.53.0.2 >dig.out.ns1.test$n || ret=1
1362grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1
1363n=$((n + 1))
1364if [ $ret != 0 ]; then echo_i "failed"; fi
1365status=$((status + ret))
1366
1367echo_i "checking TTL more than 600 via cache ($n)"
1368ret=0
1369#expect 700
1370$DIG $DIGOPTS aaaa ttl-more-than-600.example +rec -b 10.53.0.2 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1371grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1
1372n=$((n + 1))
1373if [ $ret != 0 ]; then echo_i "failed"; fi
1374status=$((status + ret))
1375
1376echo_i "checking TTL less than minimum via cache ($n)"
1377ret=0
1378#expect 1100
1379$DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1380grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1
1381n=$((n + 1))
1382if [ $ret != 0 ]; then echo_i "failed"; fi
1383status=$((status + ret))
1384
1385echo_i "checking TTL limited to minimum via cache ($n)"
1386ret=0
1387#expect 1200
1388$DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1389grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1
1390n=$((n + 1))
1391if [ $ret != 0 ]; then echo_i "failed"; fi
1392status=$((status + ret))
1393
1394echo_i "checking synthesis of AAAA from RPZ-remapped A ($n)"
1395ret=0
1396$DIG $DIGOPTS aaaa rpz.example +rec -b 10.53.0.7 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1397grep -i 'rpz.example.*IN.AAAA.2001:96::a0a:a0a' dig.out.ns2.test$n >/dev/null || ret=1
1398n=$((n + 1))
1399if [ $ret != 0 ]; then echo_i "failed"; fi
1400status=$((status + ret))
1401
1402echo_i "checking 'dig +dns64prefix' ($n)"
1403$DIG $DIGOPTS +dns64prefix @10.53.0.1 >dig.out.ns1.test$n || ret=1
1404grep '^2001:bbbb::/96$' dig.out.ns1.test$n >/dev/null || ret=1
1405test $(wc -l <dig.out.ns1.test$n) -eq 1 || ret=1
1406n=$((n + 1))
1407if [ $ret != 0 ]; then echo_i "failed"; fi
1408status=$((status + ret))
1409
1410copy_setports ns1/named.conf2.in ns1/named.conf
1411rndc_reload ns1 10.53.0.1
1412
1413echo_i "checking 'dig +dns64prefix' with multiple prefixes ($n)"
1414$DIG $DIGOPTS +dns64prefix @10.53.0.1 >dig.out.ns1.test$n || ret=1
1415grep '^2001:bbbb::/96$' dig.out.ns1.test$n >/dev/null || ret=1
1416grep '2001:aaaa::/64' dig.out.ns1.test$n >/dev/null || ret=1
1417test $(wc -l <dig.out.ns1.test$n) -eq 2 || ret=1
1418n=$((n + 1))
1419if [ $ret != 0 ]; then echo_i "failed"; fi
1420status=$((status + ret))
1421
1422copy_setports ns1/named.conf3.in ns1/named.conf
1423rndc_reload ns1 10.53.0.1
1424
1425echo_i "checking 'dig +dns64prefix' with no prefixes ($n)"
1426$DIG $DIGOPTS +dns64prefix @10.53.0.1 >dig.out.ns1.test$n || ret=1
1427test $(wc -l <dig.out.ns1.test$n) -eq 0 || ret=1
1428n=$((n + 1))
1429if [ $ret != 0 ]; then echo_i "failed"; fi
1430status=$((status + ret))
1431
1432echo_i "checking synthesis of AAAA from builtin ipv4only.arpa ($n)"
1433ret=0
1434$DIG $DIGOPTS aaaa ipv4only.arpa -b 10.53.0.7 @10.53.0.2 >dig.out.ns2.test$n || ret=1
1435grep -i 'ipv4only.arpa.*IN.AAAA.2001:96::c000:aa' dig.out.ns2.test$n >/dev/null || ret=1
1436grep -i 'ipv4only.arpa.*IN.AAAA.2001:96::c000:ab' dig.out.ns2.test$n >/dev/null || ret=1
1437n=$((n + 1))
1438if [ $ret != 0 ]; then echo_i "failed"; fi
1439status=$((status + ret))
1440
1441echo_i "checking reverse of dns64 mapped ipv4only.arpa addresses returns ipv4only.arpa ($n)"
1442ret=0
1443$DIG $DIGOPTS ptr -x 2001:96::192.0.0.170 -b 10.53.0.7 @10.53.0.2 >dig.out.170.ns2.test$n || ret=1
1444$DIG $DIGOPTS ptr -x 2001:96::192.0.0.171 -b 10.53.0.7 @10.53.0.2 >dig.out.171.ns2.test$n || ret=1
1445grep "ip6\.arpa\..*PTR.*ipv4only\.arpa\." dig.out.170.ns2.test$n >/dev/null || ret=1
1446grep "ip6\.arpa\..*PTR.*ipv4only\.arpa\." dig.out.171.ns2.test$n >/dev/null || ret=1
1447n=$((n + 1))
1448if [ $ret != 0 ]; then echo_i "failed"; fi
1449status=$((status + ret))
1450
1451echo_i "exit status: $status"
1452[ $status -eq 0 ] || exit 1
1453