xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/masterformat/tests.sh (revision 9689912e6b171cbda866ec33f15ae94a04e2c02d) 
1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14set -e
15
16# shellcheck source=conf.sh
17. ../conf.sh
18
19status=0
20n=1
21
22israw() {
23  # shellcheck disable=SC2016
24  $PERL -e 'binmode STDIN;
25             read(STDIN, $input, 8);
26             ($style, $version) = unpack("NN", $input);
27             exit 1 if ($style != 2 || $version > 1);' <"$1" || return $?
28}
29
30isfull() {
31  # there should be no whitespace at the beginning of a line
32  if grep '^[ 	][ 	]*' "$1" >/dev/null 2>&1; then
33    return 1
34  else
35    return 0
36  fi
37}
38
39rawversion() {
40  # shellcheck disable=SC2016
41  $PERL -e 'binmode STDIN;
42             read(STDIN, $input, 8);
43             if (length($input) < 8) { print "not raw\n"; exit 0; };
44             ($style, $version) = unpack("NN", $input);
45             print ($style == 2 || $style == 3 ? "$version\n" :
46		"not raw\n");' <"$1"
47}
48
49sourceserial() {
50  # shellcheck disable=SC2016
51  $PERL -e 'binmode STDIN;
52             read(STDIN, $input, 20);
53             if (length($input) < 20) { print "UNSET\n"; exit; };
54             ($format, $version, $dumptime, $flags, $sourceserial) =
55                     unpack("NNNNN", $input);
56             if ($format != 2 || $version <  1) { print "UNSET\n"; exit; };
57             if ($flags & 02) {
58                     print $sourceserial . "\n";
59             } else {
60                     print "UNSET\n";
61             }' <"$1"
62}
63
64stomp() {
65  # shellcheck disable=SC2016
66  $PERL -e 'open(my $file, "+<", $ARGV[0]);
67              binmode $file;
68              seek($file, $ARGV[1], 0);
69              for (my $i = 0; $i < $ARGV[2]; $i++) {
70                      print $file pack("C", $ARGV[3]);
71              }
72              close($file);' "$@"
73}
74
75restart() {
76  sleep 1
77  start_server --noclean --restart --port "${PORT}" ns3
78}
79
80dig_with_opts() {
81  "$DIG" +tcp +noauth +noadd +nosea +nostat +noquest +nocomm +nocmd -p "${PORT}" "$@"
82}
83
84rndccmd() {
85  "$RNDC" -c ../_common/rndc.conf -p "${CONTROLPORT}" -s "$@"
86}
87
88status=0
89
90echo_i "checking that files in raw format loaded ($n)"
91ret=0
92set -- 1 2 3
93for zone in example example-explicit example-compat; do
94  for server in "$@"; do
95    for qname in ns mx a aaaa cname dname txt rrsig nsec \
96      dnskey ds cdnskey cds; do
97      qtype="$qname"
98      dig_with_opts @10.53.0.${server} -q ${qname}.${zone}. -t ${qtype}
99      echo
100    done >dig.out.${zone}.${server}.test${n}
101    for qname in private-dnskey private-cdnskey; do
102      qtype=$(expr "$qname" : '.*-\(.*\)')
103      dig_with_opts @10.53.0.${server} -q ${qname}.${zone}. -t ${qtype}
104    done >>dig.out.${zone}.${server}.test${n}
105  done
106  digcomp dig.out.${zone}.1.test${n} dig.out.${zone}.2.test${n} || ret=1
107  if [ "$zone" = "example" ]; then
108    set -- 1 2
109    digcomp dig.out.${zone}.1.test${n} dig.out.${zone}.3.test${n} || ret=1
110  fi
111done
112n=$((n + 1))
113[ $ret -eq 0 ] || echo_i "failed"
114status=$((status + ret))
115
116echo_i "checking raw format versions ($n)"
117ret=0
118israw ns1/example.db.raw || ret=1
119israw ns1/example.db.raw1 || ret=1
120israw ns1/example.db.compat || ret=1
121[ "$(rawversion ns1/example.db.raw)" -eq 1 ] || ret=1
122[ "$(rawversion ns1/example.db.raw1)" -eq 1 ] || ret=1
123[ "$(rawversion ns1/example.db.compat)" -eq 0 ] || ret=1
124n=$((n + 1))
125[ $ret -eq 0 ] || echo_i "failed"
126status=$((status + ret))
127
128echo_i "checking source serial numbers ($n)"
129ret=0
130[ "$(sourceserial ns1/example.db.raw)" = "UNSET" ] || ret=1
131[ "$(sourceserial ns1/example.db.serial.raw)" = "3333" ] || ret=1
132n=$((n + 1))
133[ $ret -eq 0 ] || echo_i "failed"
134status=$((status + ret))
135
136echo_i "waiting for transfers to complete"
137for _attempt in 0 1 2 3 4 5 6 7 8 9; do
138  test -f ns2/transfer.db.raw -a -f ns2/transfer.db.txt && break
139  sleep 1
140done
141
142echo_i "checking that secondary was saved in raw format by default ($n)"
143ret=0
144israw ns2/transfer.db.raw || ret=1
145n=$((n + 1))
146[ $ret -eq 0 ] || echo_i "failed"
147status=$((status + ret))
148
149echo_i "checking that secondary was saved in text format when configured ($n)"
150ret=0
151israw ns2/transfer.db.txt && ret=1
152isfull ns2/transfer.db.txt && ret=1
153n=$((n + 1))
154[ $ret -eq 0 ] || echo_i "failed"
155status=$((status + ret))
156
157echo_i "checking that secondary was saved in 'full' style when configured ($n)"
158ret=0
159isfull ns2/transfer.db.full >/dev/null 2>&1 || ret=1
160n=$((n + 1))
161[ $ret -eq 0 ] || echo_i "failed"
162status=$((status + ret))
163
164echo_i "checking that secondary formerly in text format is now raw ($n)"
165for _attempt in 0 1 2 3 4 5 6 7 8 9; do
166  ret=0
167  israw ns2/formerly-text.db >/dev/null 2>&1 || ret=1
168  [ "$(rawversion ns2/formerly-text.db)" -eq 1 ] || ret=1
169  [ $ret -eq 0 ] && break
170  sleep 1
171done
172n=$((n + 1))
173[ $ret -eq 0 ] || echo_i "failed"
174status=$((status + ret))
175
176echo_i "checking that under-limit rdatasets loaded ($n)"
177for _attempt in 0 1 2 3 4 5 6 7 8 9; do
178  ret=0
179  for rrcount in 500-txt 1000-txt 2000-txt; do
180    $DIG +tcp txt "${rrcount}.under-limit" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
181    grep "status: NOERROR" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
182  done
183  [ $ret -eq 0 ] && break
184  sleep 1
185done
186n=$((n + 1))
187[ $ret -eq 0 ] || echo_i "failed"
188status=$((status + ret))
189
190echo_i "checking that under-limit rdatasets transfered ($n)"
191for _attempt in 0 1 2 3 4 5 6 7 8 9; do
192  ret=0
193  for rrcount in 500-txt 1000-txt 2000-txt; do
194    $DIG +tcp txt "${rrcount}.under-limit" @10.53.0.2 -p "${PORT}" >"dig.out.ns2.$rrcount.test$n"
195    grep "status: NOERROR" "dig.out.ns2.$rrcount.test$n" >/dev/null || ret=1
196  done
197  [ $ret -eq 0 ] && break
198  sleep 1
199done
200n=$((n + 1))
201[ $ret -eq 0 ] || echo_i "failed"
202status=$((status + ret))
203
204echo_i "checking that under-limit-kasp dnskeys loaded ($n)"
205for _attempt in 0 1 2 3 4 5 6 7 8 9; do
206  ret=0
207
208  $DIG +tcp +dnssec dnskey "under-limit-kasp" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.dnskey.test$n"
209  grep "status: NOERROR" "dig.out.ns1.dnskey.test$n" >/dev/null || ret=1
210  grep "RRSIG" "dig.out.ns1.dnskey.test$n" >/dev/null || ret=1
211  [ $ret -eq 0 ] && break
212  sleep 1
213done
214n=$((n + 1))
215[ $ret -eq 0 ] || echo_i "failed"
216status=$((status + ret))
217
218echo_i "checking that under-limit-kasp rdatasets loaded ($n)"
219for _attempt in 0 1 2 3 4 5 6 7 8 9; do
220  ret=0
221  for rrcount in 500-txt 1000-txt 2000-txt; do
222    $DIG +tcp +dnssec txt "${rrcount}.under-limit-kasp" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
223    grep "status: NOERROR" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
224    grep "RRSIG" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
225  done
226  [ $ret -eq 0 ] && break
227  sleep 1
228done
229n=$((n + 1))
230[ $ret -eq 0 ] || echo_i "failed"
231status=$((status + ret))
232
233echo_i "checking that under-limit-kasp rdatasets transfered ($n)"
234for _attempt in 0 1 2 3 4 5 6 7 8 9; do
235  ret=0
236  for rrcount in 500-txt 1000-txt 2000-txt; do
237    $DIG +tcp +dnssec txt "${rrcount}.under-limit-kasp" @10.53.0.2 -p "${PORT}" >"dig.out.ns2.$rrcount.test$n"
238    grep "status: NOERROR" "dig.out.ns2.$rrcount.test$n" >/dev/null || ret=1
239  done
240  [ $ret -eq 0 ] && break
241  sleep 1
242done
243n=$((n + 1))
244[ $ret -eq 0 ] || echo_i "failed"
245status=$((status + ret))
246
247echo_i "checking that below-limit rdatasets loaded ($n)"
248for _attempt in 0 1 2 3 4 5 6 7 8 9; do
249  ret=0
250  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt; do
251    $DIG +tcp txt "${rrcount}.below-limit" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
252    grep "status: NOERROR" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
253  done
254  [ $ret -eq 0 ] && break
255  sleep 1
256done
257n=$((n + 1))
258[ $ret -eq 0 ] || echo_i "failed"
259status=$((status + ret))
260
261echo_i "checking that below-limit rdatasets not transfered ($n)"
262for _attempt in 0 1 2 3 4 5 6 7 8 9; do
263  ret=0
264  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt; do
265    $DIG +tcp txt "${rrcount}.below-limit" @10.53.0.2 -p "${PORT}" >"dig.out.ns2.$rrcount.test$n"
266    grep "status: SERVFAIL" "dig.out.ns2.$rrcount.test$n" >/dev/null || ret=1
267  done
268  [ $ret -eq 0 ] && break
269  sleep 1
270done
271n=$((n + 1))
272[ $ret -eq 0 ] || echo_i "failed"
273status=$((status + ret))
274
275echo_i "checking that below-limit-kasp rdatasets loaded ($n)"
276for _attempt in 0 1 2 3 4 5 6 7 8 9; do
277  ret=0
278  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt; do
279    $DIG +tcp +dnssec txt "${rrcount}.below-limit-kasp" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
280    grep "status: NOERROR" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
281    grep "RRSIG" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
282  done
283  [ $ret -eq 0 ] && break
284  sleep 1
285done
286n=$((n + 1))
287[ $ret -eq 0 ] || echo_i "failed"
288status=$((status + ret))
289
290echo_i "checking that below-limit-kasp rdatasets not transfered ($n)"
291for _attempt in 0 1 2 3 4 5 6 7 8 9; do
292  ret=0
293  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt; do
294    $DIG +tcp +dnssec txt "${rrcount}.below-limit-kasp" @10.53.0.2 -p "${PORT}" >"dig.out.ns2.$rrcount.test$n"
295    grep "status: SERVFAIL" "dig.out.ns2.$rrcount.test$n" >/dev/null || ret=1
296  done
297  [ $ret -eq 0 ] && break
298  sleep 1
299done
300n=$((n + 1))
301[ $ret -eq 0 ] || echo_i "failed"
302status=$((status + ret))
303
304echo_i "checking that above-limit rdatasets not loaded ($n)"
305for _attempt in 0 1 2 3 4 5 6 7 8 9; do
306  ret=0
307  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt 2100-txt; do
308    $DIG +tcp txt "${rrcount}.above-limit" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
309    grep "status: SERVFAIL" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
310  done
311  [ $ret -eq 0 ] && break
312  sleep 1
313done
314n=$((n + 1))
315[ $ret -eq 0 ] || echo_i "failed"
316status=$((status + ret))
317
318# Check that the corresponding log message about exceeding the limit is present.
319msg="error adding '2100-txt.above-limit/TXT' in 'above-limit/IN' (zone): too many records (must not exceed 2050)"
320wait_for_log 10 "$msg" ns1/named.run || ret=1
321if [ $ret != 0 ]; then echo_i "failed"; fi
322status=$((status + ret))
323# Prepare for any further checking of the logs later on.
324nextpart ns1/named.run >/dev/null
325
326echo_i "checking that kasp-max-records-per-type rdatasets loaded ($n)"
327for _attempt in 0 1 2 3 4 5 6 7 8 9; do
328  ret=0
329  for rrtype in soa dnskey ns; do
330    $DIG +tcp +dnssec $rrtype "kasp-max-records-per-type" @10.53.0.4 -p "${PORT}" >"dig.out.ns4.$rrtype.test$n"
331    grep "status: NOERROR" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
332    grep "RRSIG" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
333  done
334  [ $ret -eq 0 ] && break
335  sleep 1
336done
337n=$((n + 1))
338[ $ret -eq 0 ] || echo_i "failed"
339status=$((status + ret))
340
341echo_i "checking that kasp-max-records-per-type-dnskey rdatasets not signed ($n)"
342for _attempt in 0 1 2 3 4 5 6 7 8 9; do
343  ret=0
344  for rrtype in soa dnskey ns; do
345    $DIG +tcp +dnssec $rrtype "kasp-max-records-per-type-dnskey" @10.53.0.4 -p "${PORT}" >"dig.out.ns4.$rrtype.test$n"
346    grep "status: NOERROR" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
347    grep "RRSIG" "dig.out.ns4.$rrtype.test$n" >/dev/null && ret=1
348  done
349  [ $ret -eq 0 ] && break
350  sleep 1
351done
352n=$((n + 1))
353[ $ret -eq 0 ] || echo_i "failed"
354status=$((status + ret))
355
356echo_i "checking that kasp-max-types-per-name rdatasets loaded ($n)"
357for _attempt in 0 1 2 3 4 5 6 7 8 9; do
358  ret=0
359  for rrtype in soa dnskey ns; do
360    $DIG +tcp +dnssec $rrtype "kasp-max-types-per-name" @10.53.0.4 -p "${PORT}" >"dig.out.ns4.$rrtype.test$n"
361    grep "status: NOERROR" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
362    grep "RRSIG" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
363  done
364  [ $ret -eq 0 ] && break
365  sleep 1
366done
367n=$((n + 1))
368[ $ret -eq 0 ] || echo_i "failed"
369status=$((status + ret))
370
371# Update zone with nsupdate.
372echo_i "add new type to zone and check that it fails ($n)"
373ret=0
374(
375  echo zone kasp-max-types-per-name.
376  echo server 10.53.0.4 "$PORT"
377  echo update add kasp-max-types-per-name. 300 TXT KAPUTT
378  echo send
379) | $NSUPDATE && ret=1
380n=$((n + 1))
381[ $ret -eq 0 ] || echo_i "failed"
382status=$((status + ret))
383
384echo_i "checking that kasp-max-types-per-name rdatasets loaded ($n)"
385for _attempt in 0 1 2 3 4 5 6 7 8 9; do
386  ret=0
387  for rrtype in soa dnskey ns txt; do
388    $DIG +tcp +dnssec $rrtype "kasp-max-types-per-name" @10.53.0.4 -p "${PORT}" >"dig.out.ns4.$rrtype.test$n"
389    grep "status: NOERROR" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
390    grep "KAPUTT" "dig.out.ns4.$rrtype.test$n" >/dev/null && ret=1
391  done
392  [ $ret -eq 0 ] && break
393  sleep 1
394done
395n=$((n + 1))
396[ $ret -eq 0 ] || echo_i "failed"
397status=$((status + ret))
398
399# Reconfigure ns4
400echo_i "reconfigure ns4"
401stop_server ns4
402copy_setports ns4/named2.conf.in ns4/named.conf
403# Recompile zone
404$CHECKZONE -D -F raw -o ns4/kasp.db.raw kasp-max-types-per-name ns4/template.db >/dev/null 2>&1
405start_server --noclean --restart --port "${PORT}" ns4
406
407echo_i "checking that kasp-max-types-per-name rdatasets not loaded ($n)"
408for _attempt in 0 1 2 3 4 5 6 7 8 9; do
409  ret=0
410  for rrtype in soa dnskey ns; do
411    $DIG +tcp +dnssec $rrtype "kasp-max-types-per-name" @10.53.0.4 -p "${PORT}" >"dig.out.ns4.$rrtype.test$n"
412    grep "status: SERVFAIL" "dig.out.ns4.$rrtype.test$n" >/dev/null || ret=1
413  done
414  [ $ret -eq 0 ] && break
415  sleep 1
416done
417n=$((n + 1))
418[ $ret -eq 0 ] || echo_i "failed"
419status=$((status + ret))
420
421echo_i "checking that 255 types are loaded ($n)"
422for _attempt in 0 1 2 3 4 5 6 7 8 9; do
423  ret=0
424  $DIG +tcp TXT "m.255types" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.test$n"
425  grep "status: NOERROR" "dig.out.ns1.test$n" >/dev/null || ret=1
426  [ $ret -eq 0 ] && break
427  sleep 1
428done
429n=$((n + 1))
430[ $ret -eq 0 ] || echo_i "failed"
431status=$((status + ret))
432
433echo_i "checking that 255 types types are not transfered ($n)"
434for _attempt in 0 1 2 3 4 5 6 7 8 9; do
435  $DIG +tcp TXT "m.255types" @10.53.0.2 -p "${PORT}" >"dig.out.ns2.test$n"
436  grep "status: SERVFAIL" "dig.out.ns2.test$n" >/dev/null || ret=1
437  [ $ret -eq 0 ] && break
438  sleep 1
439done
440n=$((n + 1))
441[ $ret -eq 0 ] || echo_i "failed"
442status=$((status + ret))
443
444echo_i "checking format transitions: text->raw->text ($n)"
445ret=0
446$CHECKZONE -D -f text -F text -o baseline.txt example.nil ns1/example.db >/dev/null
447$CHECKZONE -D -f text -F raw -o raw.1 example.nil baseline.txt >/dev/null
448$CHECKZONE -D -f raw -F text -o text.1 example.nil raw.1 >/dev/null
449cmp -s baseline.txt text.1 || ret=0
450n=$((n + 1))
451[ $ret -eq 0 ] || echo_i "failed"
452status=$((status + ret))
453
454echo_i "checking raw format loading with journal file rollforward ($n)"
455ret=0
456$NSUPDATE <<END >/dev/null || status=1
457server 10.53.0.3 ${PORT}
458ttl 600
459update add newtext.dynamic IN TXT "added text"
460update delete aaaa.dynamic
461send
462END
463dig_with_opts @10.53.0.3 newtext.dynamic txt >"dig.out.dynamic1.ns3.test$n"
464grep "added text" "dig.out.dynamic1.ns3.test$n" >/dev/null 2>&1 || ret=1
465dig_with_opts +comm @10.53.0.3 added.dynamic txt >"dig.out.dynamic2.ns3.test$n"
466grep "NXDOMAIN" "dig.out.dynamic2.ns3.test$n" >/dev/null 2>&1 || ret=1
467# using "rndc halt" ensures that we don't dump the zone file
468stop_server --use-rndc --halt --port ${CONTROLPORT} ns3
469restart
470check_added_text() {
471  dig_with_opts @10.53.0.3 newtext.dynamic txt >"dig.out.dynamic3.ns3.test$n" || return 1
472  grep "added text" "dig.out.dynamic3.ns3.test$n" >/dev/null || return 1
473  return 0
474}
475retry_quiet 10 check_added_text || ret=1
476dig_with_opts +comm @10.53.0.3 added.dynamic txt >"dig.out.dynamic4.ns3.test$n"
477grep "NXDOMAIN" "dig.out.dynamic4.ns3.test$n" >/dev/null 2>&1 || ret=1
478n=$((n + 1))
479[ $ret -eq 0 ] || echo_i "failed"
480status=$((status + ret))
481
482echo_i "checking raw format file dumps correctly ($n)"
483ret=0
484$NSUPDATE <<END >/dev/null || status=1
485server 10.53.0.3 ${PORT}
486ttl 600
487update add moretext.dynamic IN TXT "more text"
488send
489END
490dig_with_opts @10.53.0.3 moretext.dynamic txt >"dig.out.dynamic1.ns3.test$n"
491grep "more text" "dig.out.dynamic1.ns3.test$n" >/dev/null 2>&1 || ret=1
492# using "rndc stop" will cause the zone file to flush before shutdown
493stop_server --use-rndc --port ${CONTROLPORT} ns3
494rm ns3/*.jnl
495restart
496#shellcheck disable=SC2034
497for _attempt in 0 1 2 3 4 5 6 7 8 9; do
498  lret=0
499  dig_with_opts +comm @10.53.0.3 moretext.dynamic txt >"dig.out.dynamic2.ns3.test$n"
500  grep "more text" "dig.out.dynamic2.ns3.test$n" >/dev/null 2>&1 || lret=1
501  [ $lret -eq 0 ] && break
502done
503[ $lret -eq 1 ] && ret=1
504n=$((n + 1))
505[ $ret -eq 0 ] || echo_i "failed"
506status=$((status + ret))
507
508echo_i "checking raw format zone is scheduled for resigning (compilezone) ($n)"
509ret=0
510rndccmd 10.53.0.1 zonestatus signed >rndc.out 2>&1 || ret=1
511grep 'next resign' rndc.out >/dev/null 2>&1 || ret=1
512n=$((n + 1))
513[ $ret -eq 0 ] || echo_i "failed"
514status=$((status + ret))
515
516echo_i "checking raw format zone is scheduled for resigning (signzone) ($n)"
517ret=0
518rndccmd 10.53.0.1 freeze signed >rndc.out 2>&1 || ret=1
519(
520  cd ns1 || exit 1
521  $SIGNER -S -O raw -f signed.db.raw -o signed signed.db >/dev/null
522)
523rndc_reload ns1 10.53.0.1 signed
524rndccmd 10.53.0.1 zonestatus signed >rndc.out 2>&1 || ret=1
525grep 'next resign' rndc.out >/dev/null 2>&1 || ret=1
526n=$((n + 1))
527[ $ret -eq 0 ] || echo_i "failed"
528status=$((status + ret))
529
530echo_i "checking that below-limit-kasp rdatasets loaded after re-sign and re-start ($n)"
531ret=0
532stop_server ns1
533start_server --noclean --restart --port "${PORT}" ns1
534
535for _attempt in 0 1 2 3 4 5 6 7 8 9; do
536  ret=0
537  for rrcount in 500-txt 1000-txt 2000-txt 2050-txt; do
538    $DIG +tcp +dnssec txt "${rrcount}.below-limit-kasp" @10.53.0.1 -p "${PORT}" >"dig.out.ns1.$rrcount.test$n"
539    grep "status: NOERROR" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
540    grep "RRSIG" "dig.out.ns1.$rrcount.test$n" >/dev/null || ret=1
541  done
542  [ $ret -eq 0 ] && break
543  sleep 1
544done
545n=$((n + 1))
546[ $ret -eq 0 ] || echo_i "failed"
547status=$((status + ret))
548
549echo_i "exit status: $status"
550[ $status -eq 0 ] || exit 1
551