upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add nsupdate timeout tests

Browse source 
* nsupdate should take 12 seconds (one try and three retries with
  3 second timeout for each), UDP mode
* nsupdate -u 4 -r 1 should take 8 seconds (one try and one retry with
  4 second timeout for each), UDP mode
* nsupdate -u 0 -t 8 -r 1 should also take 8 seconds, UDP mode
* nsupdate -u 4 -t 30 -r 1 should also take 8 seconds, as -u takes
  precedence over -t, UDP mode
* nsupdate -t 8 -v should also take 8 seconds, TCP mode

(cherry picked from commit 5ce2ed0688)
This commit is contained in:
Aram Sargsyan 2022-12-28 15:55:43 +00:00
parent 347222ad82
commit 9597a3aaca
2 changed files with 171 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/tests/system/nsupdate/ans4/ans.pl
View file

@ -31,6 +31,8 @@ if (!$localport) { $localport = 5300; }
my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr",
LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!";
my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr",
LocalPort => $localport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!";
print "listening on $server_addr:$localport.\n";
@ -49,6 +51,7 @@ for (;;) {
$rin = '';
vec($rin, fileno($udpsock), 1) = 1;
vec($rin, fileno($tcpsock), 1) = 1;
select($rout = $rin, undef, undef, undef);
@ -56,5 +59,7 @@ for (;;) {
printf "UDP request\n";
my $buf;
$udpsock->recv($buf, 512);
} elsif (vec($rout, fileno($tcpsock), 1)) {
printf "TCP request\n";
}
}

250
bin/tests/system/nsupdate/tests.sh
View file

@ -738,7 +738,7 @@ grep "TXT.*everywhere" dig.out.2.test$n > /dev/null || ret=1
n=$((n + 1))
ret=0
echo_i "check 'grant' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
key hmac-sha256:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
@ -752,7 +752,7 @@ grep "added" dig.out.ns9.test$n > /dev/null || ret=1
n=$((n + 1))
ret=0
echo_i "check 'deny' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
key hmac-sha256:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
@ -1033,7 +1033,7 @@ grep "bad name" nsupdate.out4-$n > /dev/null && ret=1
n=$((n + 1))
echo_i "check adding of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update add child.delegation.test. 3600 NS foo.example.net.
@ -1048,7 +1048,7 @@ grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
n=$((n + 1))
echo_i "check deleting of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
@ -1062,13 +1062,13 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
n=$((n + 1))
echo_i "check that adding too many records is blocked ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone too-big.test.
update add r1.too-big.test 3600 IN TXT r1.too-big.test
send
EOF
grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: SERVFAIL" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
@ -1076,15 +1076,97 @@ grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null ||
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover ($n)"
$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1
echo_i "check whether valid addresses are used for primary failover (UDP with defaults) ($n)"
t1=$($PERL -e 'print time()')
$NSUPDATE <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1
t2=`$PERL -e 'print time()'`
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
# Check that default timeout value is respected, there should be 4 tries with 3 seconds each.
test $elapsed -lt 12 && ret=1
test $elapsed -gt 15 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout) ($n)"
t1=$($PERL -e 'print time()')
$NSUPDATE -u 4 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
test $elapsed -lt 8 && ret=1
test $elapsed -gt 12 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover (UDP with -t timeout) ($n)"
t1=$($PERL -e 'print time()')
$NSUPDATE -u 0 -t 8 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each.
test $elapsed -lt 8 && ret=1
test $elapsed -gt 12 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover (UDP with -u udptimeout -t timeout) ($n)"
t1=$($PERL -e 'print time()')
$NSUPDATE -u 4 -t 30 -r 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
# Check that given timeout value is respected, there should be 2 tries with 4 seconds each, as -u takes precedence over -t.
test $elapsed -lt 8 && ret=1
test $elapsed -gt 12 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover (TCP with -t timeout) ($n)"
t1=$($PERL -e 'print time()')
$NSUPDATE -t 8 -v <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
t2=`$PERL -e 'print time()'`
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
elapsed=$((t2 - t1))
# Check that given timeout value is respected, there should be 1 try with 8 seconds.
test $elapsed -lt 8 && ret=1
test $elapsed -gt 12 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@ -1148,39 +1230,39 @@ grep "syntax error" nsupdate.out > /dev/null && ret=1
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 -6 ($n)"
$NSUPDATE -4 -6 <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -4 -6 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
grep "only one of -4 and -6 allowed" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "only one of -4 and -6 allowed" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 with an IPv6 server address ($n)"
$NSUPDATE -4 <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -4 <<END > nsupdate.out.test$n 2>&1 && ret=1
server fd92:7065:b8e:ffff::2 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "address family not supported" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check that TKEY in a update is rejected ($n)"
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
send
END
grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: NOERROR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@ -1250,7 +1332,7 @@ grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
# specify zone to override the default of adding to parent zone
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@ -1269,7 +1351,7 @@ echo_i "check that CDS with mismatched algorithm to DNSSEC multisigner zone is n
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 14 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@ -1289,7 +1371,7 @@ $DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 14 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
@ -1308,7 +1390,7 @@ echo_i "check that CDS to DNSSEC multisigner zone is allowed ($n)"
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 13 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@ -1323,7 +1405,7 @@ echo_i "check that CDNSKEY to DNSSEC multisigner zone is allowed ($n)"
$DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 13 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
@ -1335,12 +1417,12 @@ retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1
n=$((n + 1))
ret=0
echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in NSEC3PARAM 1 0 151 -
END
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@ -1351,13 +1433,13 @@ echo_i "check nsupdate retries with another server on REFUSED response ($n)"
# that's what we're testing for. (failure is still expected, however,
# because the address lookup for the primary doesn't use the overridden
# resolv.conf file).
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out.test$n 2>&1 && ret=1
zone example
update add a 3600 IN A 1.2.3.4
send
EOF
grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1
grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1
grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1
grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@ -1396,7 +1478,7 @@ else
echo_i "check krb5-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1414,7 +1496,7 @@ EOF
echo_i "check krb5-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1422,7 +1504,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.7
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1432,7 +1514,7 @@ EOF
echo_i "check krb5-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1450,7 +1532,7 @@ EOF
echo_i "check krb5-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1458,7 +1540,7 @@ EOF
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1468,7 +1550,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1486,7 +1568,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1494,7 +1576,7 @@ EOF
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 5.3.2.1.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1504,7 +1586,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs match SRV ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1522,7 +1604,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no listed types match (SRV & TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1542,7 +1624,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match RDATA (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1550,7 +1632,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1560,7 +1642,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match TYPE (TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1568,7 +1650,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN TXT a-txt-record
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com TXT > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1581,7 +1663,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1598,7 +1680,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1606,7 +1688,7 @@ EOF
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@ -1620,7 +1702,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1637,7 +1719,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1645,7 +1727,7 @@ EOF
update delete many.any.self-ptr.in-addr.arpa
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@ -1659,7 +1741,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1676,7 +1758,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1684,7 +1766,7 @@ EOF
update delete many.srv.self-srv.example.com SRV
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.srv.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@ -1698,7 +1780,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1715,7 +1797,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@ -1723,7 +1805,7 @@ EOF
update delete many.any.self-srv.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@ -1734,7 +1816,7 @@ EOF
echo_i "check krb5-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
@ -1752,7 +1834,7 @@ EOF
echo_i "check krb5-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
@ -1760,7 +1842,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.8
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n
grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1770,7 +1852,7 @@ EOF
echo_i "check ms-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@ -1788,7 +1870,7 @@ EOF
echo_i "check ms-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@ -1796,7 +1878,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.9
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1806,7 +1888,7 @@ EOF
echo_i "check ms-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@ -1824,7 +1906,7 @@ EOF
echo_i "check ms-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@ -1832,7 +1914,7 @@ EOF
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1842,7 +1924,7 @@ EOF
echo_i "check ms-subdomain-self-rhs match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1860,7 +1942,7 @@ EOF
echo_i "check ms-subdomain-self-rhs no-match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1868,7 +1950,7 @@ EOF
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 5.3.2.1.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1878,7 +1960,7 @@ EOF
echo_i "check ms-subdomain-self-rhs match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1896,7 +1978,7 @@ EOF
echo_i "check ms-subdomain-self-rhs no-match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1904,7 +1986,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 _yyy.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@ -1917,7 +1999,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1934,7 +2016,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1942,7 +2024,7 @@ EOF
update delete many.srv.self-srv.example.com SRV
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.srv.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@ -1956,7 +2038,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1973,7 +2055,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -1981,7 +2063,7 @@ EOF
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@ -1995,7 +2077,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2012,7 +2094,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2020,7 +2102,7 @@ EOF
update delete many.any.self-ptr.in-addr.arpa
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@ -2034,7 +2116,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2051,7 +2133,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2059,7 +2141,7 @@ EOF
update delete many.any.self-srv.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@ -2070,7 +2152,7 @@ EOF
echo_i "check ms-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2088,7 +2170,7 @@ EOF
echo_i "check ms-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@ -2096,7 +2178,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.10
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }