Merge branch 'each-win32-test-list' into 'master'

fix win32 system tests

See merge request isc-projects/bind9!1381

bin/dnssec/win32/cds.vcxproj.filters.in

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\dnssec-cds.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>

bin/dnssec/win32/cds.vcxproj.in

@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|@PLATFORM@">
+      <Configuration>Debug</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|@PLATFORM@">
+      <Configuration>Release</Configuration>
+      <Platform>@PLATFORM@</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{0EB1727E-2BBD-47A6-AD12-418F9DEB0531}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>cds</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <TargetName>dnssec-$(ProjectName)</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
+    <IntDir>.\$(Configuration)\</IntDir>
+    <TargetName>dnssec-$(ProjectName)</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
+    <ClCompile>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <BrowseInformation>true</BrowseInformation>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <StringPooling>true</StringPooling>
+      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
+      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
+      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\dnssec-cds.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

bin/dnssec/win32/cds.vcxproj.user

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+</Project>

bin/tests/system/addzone/tests.sh

@@ -667,7 +667,7 @@ echo_i "check delzone after reconfig failure ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 addzone 'inlineslave.example. IN { type slave; file "inlineslave.db"; masterfile-format text; masters { testmaster; }; };' > /dev/null 2>&1 || ret=1
 copy_setports ns3/named2.conf.in ns3/named.conf
-rndc_reconfgi ns3 10.53.0.3
+rndc_reconfig ns3 10.53.0.3
 $RNDCCMD 10.53.0.3 delzone inlineslave.example > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/cds/checktime.pl

@@ -9,13 +9,17 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-$target = shift;
+use strict;
+use warnings;
+
+my $target = shift;
+my $notbefore;
+my $inception;
 while (<>) {
-	$notbefore = $1 if m{^.* must not be signed before \d+ [(](\d+)[)]$};
-	$inception = $1 if m{^.* inception time \d+ [(](\d+)[)]$};
+	$notbefore = $1 if m{^.* must not be signed before \d+ [(](\d+)[)]};
+	$inception = $1 if m{^.* inception time \d+ [(](\d+)[)]};
 }
 die "missing notbefore time" unless $notbefore;
 die "missing inception time" unless $inception;
 my $delta = $inception - $notbefore;
-die "bad inception time $delta"
-	unless abs($delta - $target) < 3;
+die "bad inception time $delta" unless abs($delta - $target) < 3;

bin/tests/system/cds/setup.sh

@@ -38,7 +38,7 @@ id2=$id2
 EOF
 
 tac() {
-	perl -e 'print reverse <>' "$@"
+	$PERL -e 'print reverse <>' "$@"
 }
 
 convert() {

bin/tests/system/cds/tests.sh

@@ -51,7 +51,7 @@ check_stderr() {
 }
 
 check_stdout() {
-	cmp out.$n "${out:-empty}" >/dev/null && return
+	$DIFF out.$n "${out:-empty}" >/dev/null && return
 	echo_d "stdout did not match '$out'"
 	(	echo "wanted"
 		cat "$out"
@@ -127,10 +127,10 @@ name='in-place backup correct modification time'
 testcase 0 $PERL checkmtime.pl 7200 DS.inplace.bak
 
 name='in-place correct output'
-testcase 0 cmp DS.1 DS.inplace
+testcase 0 $DIFF DS.1 DS.inplace
 
 name='in-place backup unmodified'
-testcase 0 cmp DS.1 DS.inplace.bak
+testcase 0 $DIFF DS.1 DS.inplace.bak
 
 name='one mangled DS'
 err='found RRSIG by key'

bin/tests/system/clean.sh

@@ -13,9 +13,11 @@
 # Clean up after a specified system test.
 #
 
-SYSTEMTESTTOP=.
+SYSTEMTESTTOP="$(cd -P -- "$(dirname -- "$0")" && pwd -P)"
 . $SYSTEMTESTTOP/conf.sh
 
+export SYSTEMTESTTOP
+
 # See if the "-r" flag is present.  This will usually be set when all the tests
 # are run (e.g. from "runall.sh") and tells the script not to delete the
 # test.output file created by run.sh.  This is because the script running all

bin/tests/system/conf.sh.win32

@@ -37,7 +37,7 @@ ALTERNATIVE_ALGORITHM_NUMBER=8
 ALTERNATIVE_BITS=1280
 
 ARPANAME=$TOP/Build/$VSCONF/arpaname@EXEEXT@
-CDS=
+CDS=$TOP/Build/$VSCONF/dnssec-cds@EXEEXT@
 CHECKCONF=$TOP/Build/$VSCONF/named-checkconf@EXEEXT@
 CHECKDS="$PYTHON `cygpath -w $TOP/bin/python/dnssec-checkds.py`"
 CHECKZONE=$TOP/Build/$VSCONF/named-checkzone@EXEEXT@
@@ -56,7 +56,7 @@ KEYGEN=$TOP/Build/$VSCONF/dnssec-keygen@EXEEXT@
 KEYMGR="$PYTHON `cygpath -w $TOP/bin/python/dnssec-keymgr.py`"
 MDIG=$TOP/Build/$VSCONF/mdig@EXEEXT@
 NAMED=$TOP/Build/$VSCONF/named@EXEEXT@
-NSEC3HASH=
+NSEC3HASH=$TOP/Build/$VSCONF/nsec3hash@EXEEXT@
 NSLOOKUP=$TOP/Build/$VSCONF/nslookup@EXEEXT@
 NSUPDATE=$TOP/Build/$VSCONF/nsupdate@EXEEXT@
 NZD2NZF=$TOP/Build/$VSCONF/named-nzd2nzf@EXEEXT@
@@ -95,33 +95,39 @@ KRB5_CONFIG=NUL
 #
 # List of tests that use ports 5300 and 9953.  For this reason, these must
 # be run sequentially.
-SEQUENTIALDIRS="acl additional addzone autosign builtin \
-	 cacheclean case \
-	 checkconf @CHECKDS@ checknames checkzone cookie @COVERAGE@ \
-	 database digdelv dlv dlvauto dlz dlzexternal dname \
-	 dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa \
-	 ednscompliance emptyzones \
-	 fetchlimit filter-aaaa formerr forward geoip glue idna inline ixfr \
-	 keepalive @KEYMGR@ legacy limits logfileconfig masterfile \
-	 masterformat metadata mirror mkeys names notify nslookup nsupdate \
-	 nzd2nzf padding pending pipelined @PKCS11_TEST@ qmin \
-	 reclimit redirect resolver rndc rpz rrchecker rrl \
-	 rrsetorder rsabigexponent runtime sfcache smartsign sortlist \
-	 spf staticstub statistics statschannel stub tcp tkey tsig \
-	 tsiggss ttl unknown upforwd verify views wildcard xfer xferquota \
-	 zero zonechecks"
+SEQUENTIALDIRS="ecdsa eddsa @PKCS11_TEST@ tkey"
 
 # List of tests that use unique ports (other than 5300 and 9953). These
 # tests can be run in parallel.
 #
-# This symbol must be kept in step with the PARALLEL macro in Makefile.in
-PARALLELDIRS="allow-query catz rpzrecurse serve-stale"
+# XXX: Note that tests are not currently run in parallel on Windows, so it
+# isn't strictly necessary to maintain these as separate lists in this file,
+# but using the same variable names as in conf.sh.in may simplify keeping the
+# lists in sync.
+#
+# XXX: removed logfileconfig as it doesn't currently work on windows.
+PARALLELDIRS="acl additional addzone allow-query auth autosign \
+	builtin cacheclean case catz cds chain \
+	checkconf checknames checkzone \
+	@CHECKDS@ @COVERAGE@ @KEYMGR@ \
+	cookie database digdelv dlv dlz dlzexternal \
+	dns64 dnssec @DNSTAP@ dscp dsdigest dyndb \
+	ednscompliance emptyzones \
+	fetchlimit filter-aaaa formerr forward \
+	geoip glue idna inline integrity ixfr keepalive \
+	legacy limits masterfile masterformat metadata mirror mkeys \
+	names notify nslookup nsupdate nzd2nzf \
+	padding pending pipelined qmin \
+	reclimit redirect resolver rndc rootkeysentinel rpz rpzrecurse \
+	rrchecker rrl rrsetorder rsabigexponent runtime \
+	serve-stale sfcache smartsign sortlist \
+	spf staticstub statistics statschannel stub synthfromdnssec \
+	tcp tools tsig tsiggss ttl \
+	unknown upforwd verify views wildcard \
+	xfer xferquota zero zonechecks"
 
 SUBDIRS="$SEQUENTIALDIRS $PARALLELDIRS"
 
-# missing: chain integrity
-# extra: dname ednscompliance forward
-
 #Things that are different on Windows
 KILL="/bin/kill -f"
 DIFF="diff --strip-trailing-cr"

bin/tests/system/cookie/tests.sh

@@ -21,7 +21,7 @@ n=0
 getcookie() {
 	awk '$2 == "COOKIE:" {
 		print $3;
-	}' < $1
+	}' < $1 | tr -d '\r'
 }
 
 fullcookie() {
@@ -37,21 +37,21 @@ havetc() {
 for bad in bad*.conf
 do
 	n=`expr $n + 1`
-        echo_i "checking that named-checkconf detects error in $bad ($n)"
-        ret=0
-        $CHECKCONF $bad > /dev/null 2>&1 && ret=1
-        if [ $ret != 0 ]; then echo_i "failed"; fi
-        status=`expr $status + $ret`
+	echo_i "checking that named-checkconf detects error in $bad ($n)"
+	ret=0
+	$CHECKCONF $bad > /dev/null 2>&1 && ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=`expr $status + $ret`
 done
 
 for good in good*.conf
 do
 	n=`expr $n + 1`
-        echo_i "checking that named-checkconf detects accepts $good ($n)"
-        ret=0
-        $CHECKCONF $good > /dev/null 2>&1 || ret=1
-        if [ $ret != 0 ]; then echo_i "failed"; fi
-        status=`expr $status + $ret`
+	echo_i "checking that named-checkconf detects accepts $good ($n)"
+	ret=0
+	$CHECKCONF $good > /dev/null 2>&1 || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=`expr $status + $ret`
 done
 
 n=`expr $n + 1`

bin/tests/system/digdelv/tests.sh

@@ -10,6 +10,7 @@
 # information regarding copyright ownership.
 
 # shellcheck source=conf.sh
+SYSTEMTESTTOP=..
 . "$SYSTEMTESTTOP/conf.sh"
 
 set -e

bin/tests/system/dnssec/ns2/sign.sh

@@ -46,6 +46,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
 
 zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
 "$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" |
+tr -d '\r' |
 awk '
 tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
 	for (i = 1; i <= NF; i++ ) {

bin/tests/system/dnssec/tests.sh

@@ -10,6 +10,7 @@
 # information regarding copyright ownership.
 
 # shellcheck source=conf.sh
+SYSTEMTESTTOP=..
 . "$SYSTEMTESTTOP/conf.sh"
 
 set -e
@@ -1668,10 +1669,10 @@ echo_i "checking dnssec-signzone -N date ($n)"
 ret=0
 (
 cd signer || exit 1
-$SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
+TZ=UTC $SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
 ) || ret=1
 # shellcheck disable=SC2016
-now=$($PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];')
+now=$(TZ=UTC $PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];')
 serial=$(awk '/^;/ { next; } $4 == "SOA" { print $7 }' signer/signer.out.9)
 [ "$now" -eq "$serial" ] || ret=1
 n=$((n+1))
@@ -2688,7 +2689,7 @@ awk '{
 	for (i=7;i<=NF;i++) printf("%s", $i);
 	printf("\n");
 }' < ns1/dsset-algroll$TP > canonical2.$n || ret=1
-diff -b canonical1.$n canonical2.$n > /dev/null 2>&1 || ret=1
+$DIFF -b canonical1.$n canonical2.$n > /dev/null 2>&1 || ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
@@ -2735,7 +2736,7 @@ ret=0
 dig_with_answeropts +nottlid nosign.example ns @10.53.0.3 | \
         grep RRSIG | sed 's/[ 	][ 	]*/ /g' > dig.out.ns3.test$n 2>&1
 # the NS RRSIG should not be changed
-cmp -s nosign.before dig.out.ns3.test$n || ret=1
+$DIFF nosign.before dig.out.ns3.test$n > /dev/null|| ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))

bin/tests/system/fetchlimit/tests.sh

@@ -12,7 +12,7 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGCMD="$DIG @10.53.0.3 -p ${PORT} +tries=1 +time=1"
+DIGCMD="$DIG @10.53.0.3 -p ${PORT} +tcp +tries=1 +time=1"
 RNDCCMD="$RNDC -p ${CONTROLPORT} -s 10.53.0.3 -c ../common/rndc.conf"
 
 burst() {
@@ -112,9 +112,6 @@ quota=$5
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
 copy_setports ns3/named2.conf.in ns3/named.conf
 rndc_reconfig ns3 10.53.0.3
 
@@ -165,7 +162,7 @@ success=0
 touch ans4/norespond
 for try in 1 2 3 4 5; do
     burst b $try 400
-    $DIG @10.53.0.3 -p ${PORT}  a ${try}.example > dig.out.ns3.$try
+    $DIGCMD a ${try}.example > dig.out.ns3.$try
     stat 380 || exceeded=`expr $exceeded + 1`
     grep "status: NOERROR" dig.out.ns3.$try > /dev/null 2>&1 && \
             success=`expr $success + 1`

bin/tests/system/forward/tests.sh

@@ -142,7 +142,7 @@ echo "//" | $SENDCMD
 # resolution.
 $DIG $DIGOPTS txt.example7. txt @$f1 > dig.out.f1 || ret=1
 # The forwarder for the "example7" zone should only be queried once.
-sent=`sed -n '/sending packet to 10.53.0.6/,/^$/p' ns3/named.run | grep ";txt.example7.*IN.*TXT" | wc -l`
+sent=`tr -d '\r' < ns3/named.run | sed -n '/sending packet to 10.53.0.6/,/^$/p' | grep ";txt.example7.*IN.*TXT" | wc -l`
 if [ $sent -ne 1 ]; then ret=1; fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -150,7 +150,7 @@ status=`expr $status + $ret`
 echo_i "checking that priming queries are not forwarded"
 ret=0
 $DIG $DIGOPTS +noadd +noauth txt.example1. txt @10.53.0.7 > dig.out.f7 || ret=1
-sent=`sed -n '/sending packet to 10.53.0.1/,/^$/p' ns7/named.run | grep ";.*IN.*NS" | wc -l`
+sent=`tr -d '\r' < ns7/named.run | sed -n '/sending packet to 10.53.0.1/,/^$/p' | grep ";.*IN.*NS" | wc -l`
 [ $sent -eq 1 ] || ret=1
 sent=`grep "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run | wc -l`
 [ $sent -eq 0 ] || ret=1

bin/tests/system/ifconfig.bat

@@ -9,10 +9,13 @@ rem file, You can obtain one at http://mozilla.org/MPL/2.0/.
 rem ifconfig.bat
 rem Set up interface aliases for bind9 system tests.
 rem
-rem IPv4: 10.53.0.{1..8}			RFC 1918
-rem IPv6: fd92:7065:b8e:ffff::{1..8}		ULA
+rem IPv4: 10.53.0.{1..10}			RFC 1918
+rem       10.53.1.{0..2}
+rem       10.53.2.{0..2}
+rem IPv6: fd92:7065:b8e:ffff::{1..10}		ULA
+rem       fd92:7065:b8e:99ff::{1..2}
+rem       fd92:7065:b8e:ff::{1..2}
 rem
-
 echo Please adapt this script to your system
 rem remove the following line when the script is ready
 exit /b 1
@@ -30,5 +33,12 @@ echo on
 
 FOR %%I IN (1,2,3,4,5,6,7,8) DO (
 	netsh interface ipv4 add address name=Loopback 10.53.0.%%I 255.255.255.0
-	netsh interface ipv6 add address interface=Ethernet fd92:7065:b8e:ffff::%%I/64
+	netsh interface ipv6 add address interface=Loopback fd92:7065:b8e:ffff::%%I/64
+)
+FOR %%I IN (1,2) DO (
+	netsh interface ipv4 add address name=Loopback 10.53.1.%%I 255.255.255.0
+	netsh interface ipv4 add address name=Loopback 10.53.2.%%I 255.255.255.0
+
+	netsh interface ipv6 add address interface=Loopback fd92:7065:b8e:99ff::%%I/64
+	netsh interface ipv6 add address interface=Loopback fd92:7065:b8e:ff::%%I/64
 )

bin/tests/system/inline/tests.sh

@@ -635,7 +635,7 @@ echo_i "checking rndc freeze/thaw of dynamic inline zone ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 freeze dynamic > freeze.test$n 2>&1 || ret=1
 sleep 1
-awk '$2 == ";" && $3 == "serial" { printf("%d %s %s\n", $1 + 1, $2, $3); next; }
+awk '$2 == ";" && $3 ~ /serial/ { printf("%d %s %s\n", $1 + 1, $2, $3); next; }
      { print; }
      END { print "freeze1.dynamic. 0 TXT freeze1"; } ' ns3/dynamic.db > ns3/dynamic.db.new
 mv ns3/dynamic.db.new ns3/dynamic.db
@@ -665,7 +665,7 @@ echo_i "checking rndc freeze/thaw of server ($n)"
 ret=0
 $RNDCCMD 10.53.0.3 freeze > freeze.test$n 2>&1 || ret=1
 sleep 1
-awk '$2 == ";" && $3 == "serial" { printf("%d %s %s\n", $1 + 1, $2, $3); next; }
+awk '$2 == ";" && $3 ~ /serial/ { printf("%d %s %s\n", $1 + 1, $2, $3); next; }
      { print; }
      END { print "freeze2.dynamic. 0 TXT freeze2"; } ' ns3/dynamic.db > ns3/dynamic.db.new
 mv ns3/dynamic.db.new ns3/dynamic.db

bin/tests/system/keepalive/tests.sh

@@ -70,7 +70,7 @@ echo_i "checking re-configured value ($n)"
 ret=0
 n=`expr $n + 1`
 $RNDCCMD tcp-timeouts 300 300 300 200 > output
-diff -b output expected || ret=1
+$DIFF -b output expected || ret=1
 $DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n
 grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/legacy/ns1/named1.conf.in

@@ -21,6 +21,15 @@ options {
 	dnssec-validation yes;
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type master;
 	file "root.db";

bin/tests/system/legacy/tests.sh

@@ -196,10 +196,8 @@ grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
-$PERL $SYSTEMTESTTOP/stop.pl legacy ns1
-
+$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} legacy ns1
 copy_setports ns1/named2.conf.in ns1/named.conf
-
 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} legacy ns1
 
 n=`expr $n + 1`

bin/tests/system/masterformat/tests.sh

@@ -10,6 +10,7 @@
 # information regarding copyright ownership.
 
 # shellcheck source=conf.sh
+SYSTEMTESTTOP=..
 . "$SYSTEMTESTTOP/conf.sh"
 
 status=0
@@ -234,7 +235,7 @@ grep "added text" "dig.out.dynamic1.ns3.test$n" > /dev/null 2>&1 || ret=1
 dig_with_opts +comm @10.53.0.3 added.dynamic txt > "dig.out.dynamic2.ns3.test$n"
 grep "NXDOMAIN" "dig.out.dynamic2.ns3.test$n" > /dev/null 2>&1 || ret=1
 # using "rndc halt" ensures that we don't dump the zone file
-rndccmd 10.53.0.3 halt 2>&1 | sed 's/^/ns3 /' | cat_i
+$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --halt --port ${CONTROLPORT} rndc ns3
 restart
 for i in 0 1 2 3 4 5 6 7 8 9; do
     lret=0
@@ -260,7 +261,7 @@ END
 dig_with_opts @10.53.0.3 moretext.dynamic txt > "dig.out.dynamic1.ns3.test$n"
 grep "more text" "dig.out.dynamic1.ns3.test$n" > /dev/null 2>&1 || ret=1
 # using "rndc stop" will cause the zone file to flush before shutdown
-rndccmd 10.53.0.3 stop 2>&1 | sed 's/^/ns3 /' | cat_i
+$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rndc ns3
 rm ns3/*.jnl
 restart
 #shellcheck disable=SC2034

bin/tests/system/names/tests.sh

@@ -29,7 +29,7 @@ cat dig.compdis.test  |grep -v ';;' |sort > dig.compdis.sorted.test
 # the compression disabled message should be at least twice as large as with
 # compression disabled, but the content should be the same
 echo_i "Checking if responses are identical other than in message size"
-diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null
+$DIFF dig.compdis.sorted.test dig.compen.sorted.test >/dev/null
 ret=$?
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`

bin/tests/system/notify/tests.sh

@@ -63,6 +63,8 @@ awk '/x[0-9].*sending notify to/ {
 	if (last) {
 		delta = this - last;
 		print delta;
+
+		total += delta;
 		if (!maxdelta || delta > maxdelta) {
 			maxdelta = delta;
 		}
@@ -75,10 +77,12 @@ awk '/x[0-9].*sending notify to/ {
 	count++;
 }
 END {
-	print "mindelta:", mindelta
-	print "maxdelta:" maxdelta
+	average = total / count;
+	print "mindelta:", mindelta;
+	print "maxdelta:" maxdelta;
 	print "count:", count;
-	if (mindelta < 0.180) exit(1);
+	print "average:", average;
+	if (average < 0.180) exit(1);
 	if (count < 20) exit(1);
 }' ns2/named.run > awk.out.ns2.test$n || ret=1
 [ $ret = 0 ] || echo_i "failed"
@@ -221,7 +225,7 @@ do
 		txt > dig.out.c.ns5.test$n || ret=1
 	grep "test string" dig.out.b.ns5.test$n > /dev/null &&
 	grep "test string" dig.out.c.ns5.test$n > /dev/null &&
-        break
+	break
 	sleep 1
 done
 grep "test string" dig.out.b.ns5.test$n > /dev/null || ret=1

bin/tests/system/nsupdate/ns2/named.conf.in

@@ -22,6 +22,15 @@ options {
 	serial-query-rate 1; // workaround for KB AA-01213
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 key altkey {
 	algorithm hmac-md5;
 	secret "1234abcd8765";

bin/tests/system/pipelined/tests.sh

@@ -22,8 +22,8 @@ ret=0
 $PIPEQUERIES -p ${PORT} < input > raw || ret=1
 awk '{ print $1 " " $5 }' < raw > output
 sort < output > output-sorted
-diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
-diff ref output > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
+$DIFF ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
+$DIFF ref output > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -36,8 +36,8 @@ ret=0
 $MDIG $MDIGOPTS +noall +answer +vc -f input -b 10.53.0.4 @10.53.0.4 > raw.mdig
 awk '{ print $1 " " $5 }' < raw.mdig > output.mdig
 sort < output.mdig > output-sorted.mdig
-diff ref output-sorted.mdig || { ret=1 ; echo_i "diff sorted failed"; }
-diff ref output.mdig > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
+$DIFF ref output-sorted.mdig || { ret=1 ; echo_i "diff sorted failed"; }
+$DIFF ref output.mdig > /dev/null && { ret=1 ; echo_i "diff out of order failed"; }
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -45,7 +45,7 @@ echo_i "check keep-response-order"
 ret=0
 $PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1
 awk '{ print $1 " " $5 }' < rawb > outputb
-diff refb outputb || ret=1
+$DIFF refb outputb || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
@@ -53,7 +53,7 @@ echo_i "check keep-response-order using mdig"
 ret=0
 $MDIG $MDIGOPTS +noall +answer +vc -f inputb -b 10.53.0.7 @10.53.0.4 > rawb.mdig
 awk '{ print $1 " " $5 }' < rawb.mdig > outputb.mdig
-diff refb outputb.mdig || ret=1
+$DIFF refb outputb.mdig || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 

bin/tests/system/qmin/tests.sh

@@ -27,15 +27,15 @@ $DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.good. @10.53.0.5 > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.good. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
-cat << __EOF | diff ans2/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log - > /dev/null || ret=1
 ADDR icky.icky.icky.ptang.zoop.boing.good.
 ADDR ns3.good.
 ADDR ns3.good.
 ADDR a.bit.longer.ns.name.good.
 ADDR a.bit.longer.ns.name.good.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.good." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.good." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.good." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.good." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -49,15 +49,15 @@ $DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.bad. @10.53.0.5 > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.bad. 1 IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
-cat << __EOF | diff ans2/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log - > /dev/null || ret=1
 ADDR icky.icky.icky.ptang.zoop.boing.bad.
 ADDR ns3.bad.
 ADDR ns3.bad.
 ADDR a.bit.longer.ns.name.bad.
 ADDR a.bit.longer.ns.name.bad.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -72,15 +72,15 @@ sleep 5
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.slow. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
-cat << __EOF | diff ans2/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log - > /dev/null || ret=1
 ADDR icky.icky.icky.ptang.zoop.boing.slow.
 ADDR ns3.slow.
 ADDR ns3.slow.
 ADDR a.bit.longer.ns.name.slow.
 ADDR a.bit.longer.ns.name.slow.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.slow." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.slow." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.slow." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.slow." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -95,15 +95,15 @@ sleep 5
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.ugly. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
-cat << __EOF | diff ans2/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log - > /dev/null || ret=1
 ADDR icky.icky.icky.ptang.zoop.boing.ugly.
 ADDR ns3.ugly.
 ADDR ns3.ugly.
 ADDR a.bit.longer.ns.name.ugly.
 ADDR a.bit.longer.ns.name.ugly.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -118,7 +118,7 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.good. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.good.
 ADDR a.bit.longer.ns.name.good.
 ADDR ns2.good.
@@ -128,12 +128,12 @@ NS boing.good.
 NS good.
 NS zoop.boing.good.
 __EOF
-cat << __EOF | diff ans3/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans3/query.log - > /dev/null || ret=1
 NS zoop.boing.good.
 NS ptang.zoop.boing.good.
 NS icky.ptang.zoop.boing.good.
 __EOF
-cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans4/query.log - > /dev/null || ret=1
 NS icky.ptang.zoop.boing.good.
 NS icky.icky.ptang.zoop.boing.good.
 ADDR icky.icky.icky.ptang.zoop.boing.good.
@@ -151,7 +151,7 @@ $DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.bad. @10.53.0.6 > dig.out.test$n
 grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR ns2.bad.
 NS bad.
 NS boing.bad.
@@ -170,7 +170,7 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.bad. 1 IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.bad.
 ADDR a.bit.longer.ns.name.bad.
 ADDR icky.icky.icky.ptang.zoop.boing.bad.
@@ -180,8 +180,8 @@ ADDR ns3.bad.
 NS bad.
 NS boing.bad.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.bad." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -195,7 +195,7 @@ $DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.ugly. @10.53.0.6 > dig.out.test$n
 grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR ns2.ugly.
 NS boing.ugly.
 NS boing.ugly.
@@ -216,7 +216,7 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.ugly. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.ugly.
 ADDR a.bit.longer.ns.name.ugly.
 ADDR icky.icky.icky.ptang.zoop.boing.ugly.
@@ -227,8 +227,8 @@ NS boing.ugly.
 NS boing.ugly.
 NS ugly.
 __EOF
-echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | diff ans3/query.log - > /dev/null || ret=1
-echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | diff ans4/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | $DIFF ans3/query.log - > /dev/null || ret=1
+echo "ADDR icky.icky.icky.ptang.zoop.boing.ugly." | $DIFF ans4/query.log - > /dev/null || ret=1
 for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -251,7 +251,7 @@ sleep 5
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "icky.icky.icky.ptang.zoop.boing.slow. 1	IN A	192.0.2.1" dig.out.test$n > /dev/null || ret=1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.slow.
 ADDR a.bit.longer.ns.name.slow.
 ADDR ns2.slow.
@@ -261,12 +261,12 @@ NS boing.slow.
 NS slow.
 NS zoop.boing.slow.
 __EOF
-cat << __EOF | diff ans3/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans3/query.log - > /dev/null || ret=1
 NS zoop.boing.slow.
 NS ptang.zoop.boing.slow.
 NS icky.ptang.zoop.boing.slow.
 __EOF
-cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans4/query.log - > /dev/null || ret=1
 NS icky.ptang.zoop.boing.slow.
 NS icky.icky.ptang.zoop.boing.slow.
 ADDR icky.icky.icky.ptang.zoop.boing.slow.
@@ -285,7 +285,7 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa. 1 IN PTR nee.com." dig.out.test$n > /dev/null || ret=1
 sleep 1
 grep -v ADDR ans2/query.log > ans2/query.log.trimmed
-cat << __EOF | diff ans2/query.log.trimmed - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.trimmed - > /dev/null || ret=1
 NS 1.0.0.2.ip6.arpa.
 NS 8.f.4.0.1.0.0.2.ip6.arpa.
 NS 0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
@@ -307,7 +307,7 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "more.icky.icky.icky.ptang.zoop.boing.good. 1 IN	A 192.0.2.2" dig.out.test$n > /dev/null || ret=1
 sleep 1
 sort ans2/query.log > ans2/query.log.sorted
-cat << __EOF | diff ans2/query.log.sorted - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log.sorted - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.good.
 ADDR a.bit.longer.ns.name.good.
 ADDR ns2.good.
@@ -317,13 +317,13 @@ NS boing.good.
 NS good.
 NS zoop.boing.good.
 __EOF
-cat << __EOF | diff ans3/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans3/query.log - > /dev/null || ret=1
 NS zoop.boing.good.
 NS ptang.zoop.boing.good.
 NS icky.ptang.zoop.boing.good.
 __EOF
 # There's no NS icky.icky.icky.ptang.zoop.boing.good. query - we skipped it.
-cat << __EOF | diff ans4/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans4/query.log - > /dev/null || ret=1
 NS icky.ptang.zoop.boing.good.
 NS icky.icky.ptang.zoop.boing.good.
 ADDR more.icky.icky.icky.ptang.zoop.boing.good.
@@ -341,7 +341,7 @@ $DIG $DIGOPTS a.bit.longer.ns.name.fwd. @10.53.0.7 > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "a.bit.longer.ns.name.fwd. 1	IN	A	10.53.0.4" dig.out.test$n >/dev/null || ret=1
 sleep 1
-cat << __EOF | diff ans2/query.log - > /dev/null || ret=1
+cat << __EOF | $DIFF ans2/query.log - > /dev/null || ret=1
 ADDR a.bit.longer.ns.name.fwd.
 __EOF
 for ans in ans2; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done

bin/tests/system/redirect/tests.sh

@@ -53,11 +53,11 @@ echo_i "checking A zone redirect updates statistics ($n)"
 ret=0
 rm ns2/named.stats 2>/dev/null
 $RNDCCMD 10.53.0.2 stats || ret=1
-PRE=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns2/named.stats`
+PRE=`tr -d '\r' < ns2/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"`
 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1
 rm ns2/named.stats 2>/dev/null
 $RNDCCMD 10.53.0.2 stats || ret=1
-POST=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns2/named.stats`
+POST=`tr -d '\r' < ns2/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"`
 if [ `expr $POST - $PRE` != 1 ]; then ret=1; fi
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -351,8 +351,8 @@ status=`expr $status + $ret`
 echo_i "checking that redirect zones reload correctly"
 ret=0
 sleep 1 # ensure file mtime will have changed
-sed -e 's/0 0 0 0 0/1 0 0 0 0/' < ns2/example.db.in > ns2/example.db
-sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' < ns2/redirect.db.in > ns2/redirect.db
+tr -d '\r' < ns2/example.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' > ns2/example.db
+tr -d '\r' < ns2/redirect.db.in | sed -e 's/0 0 0 0 0/1 0 0 0 0/' -e 's/\.1$/.2/' > ns2/redirect.db
 rndc_reload ns2 10.53.0.2
 for i in 1 2 3 4 5 6 7 8 9; do
     tmp=0
@@ -383,8 +383,8 @@ echo_i "checking AAAA nxdomain-redirect works for nonexist ($n)"
 ret=0
 rm ns4/named.stats 2>/dev/null
 $RNDCCMD 10.53.0.4 stats || ret=1
-PRE_RED=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns4/named.stats`
-PRE_SUC=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"  ns4/named.stats`
+PRE_RED=`tr -d '\r' < ns4/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"`
+PRE_SUC=`tr -d '\r' < ns4/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"`
 $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1
 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
 grep "nonexist.	.*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1
@@ -396,8 +396,8 @@ echo_i "checking AAAA nxdomain-redirect updates statistics ($n)"
 ret=0
 rm ns4/named.stats 2>/dev/null
 $RNDCCMD 10.53.0.4 stats || ret=1
-POST_RED=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"  ns4/named.stats`
-POST_SUC=`sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"  ns4/named.stats`
+POST_RED=`tr -d '\r' < ns4/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p"`
+POST_SUC=`tr -d '\r' < ns4/named.stats | sed -n -e "s/[    ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p"`
 if [ `expr $POST_RED - $PRE_RED` != 1 ]; then ret=1; fi
 if [ `expr $POST_SUC - $PRE_SUC` != 1 ]; then ret=1; fi
 n=`expr $n + 1`

bin/tests/system/rndc/tests.sh

@@ -227,7 +227,7 @@ do
 	grep "addition 6" ns2/other.db > /dev/null && break
 	sleep 1
 done
-serial=`awk '$3 == "serial" {print $1}' ns2/other.db`
+serial=`awk '$3 ~ /serial/ {print $1}' ns2/other.db`
 newserial=`expr $serial + 1`
 sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new
 echo 'frozen TXT "frozen addition"' >> ns2/other.db.new
@@ -270,7 +270,7 @@ do
 	grep "addition 6" ns2/nil.db > /dev/null && break
 	sleep 1
 done
-serial=`awk '$3 == "serial" {print $1}' ns2/nil.db`
+serial=`awk '$3 ~ /serial/ {print $1}' ns2/nil.db`
 newserial=`expr $serial + 1`
 sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new
 echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new

bin/tests/system/rpz/ns1/named.conf.in

@@ -22,4 +22,13 @@ options {
 	minimal-responses no;
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {type master; file "root.db";};

bin/tests/system/rpz/ns4/named.conf.in

@@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 include "../trusted.conf";
 zone "." { type hint; file "hints"; };
 

bin/tests/system/rpz/tests.sh

@@ -358,7 +358,7 @@ addr () {
     digcmd $2 >$DIGNM
     #ckalive "$2" "server crashed by 'dig $2'" || return 1
     ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'`
-    ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\}[	 ]*\([0-9]*\)	IN	AA*	${ADDR_ESC}\$/\1/p" $DIGNM`
+    ADDR_TTL=`tr -d '\r' < $DIGNM | sed -n -e "s/^[-.a-z0-9]\{1,\}[	 ]*\([0-9]*\)	IN	AA*	${ADDR_ESC}\$/\1/p"`
     if test -z "$ADDR_TTL"; then
 	setret "'dig $2' wrong; no address $ADDR record in $DIGNM"
 	return 1
@@ -430,7 +430,7 @@ for mode in native dnsrps; do
       continue
     fi
     echo_i "attempting to configure servers with DNSRPS..."
-    $PERL $SYSTEMTESTTOP/stop.pl rpz
+    $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz
     $SHELL ./setup.sh -N -D $DEBUG
     for server in ns*; do
       resetstats $server
@@ -741,7 +741,7 @@ EOF
 
   # restart the main test RPZ server to see if that creates a core file
   if test -z "$HAVE_CORE"; then
-    $PERL $SYSTEMTESTTOP/stop.pl rpz ns3
+    $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
     restart 3
     HAVE_CORE=`find ns* -name '*core*' -print`
     test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"

bin/tests/system/rpzrecurse/ns4/named.conf.in

@@ -24,4 +24,13 @@ options {
 	dnssec-validation no;
 };
 
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "child.example.tld" { type master; file "child.example.db"; };

bin/tests/system/rpzrecurse/tests.sh

@@ -46,7 +46,7 @@ run_server() {
     TESTNAME=$1
 
     echo_i "stopping resolver"
-    $PERL $SYSTEMTESTTOP/stop.pl rpzrecurse ns2
+    $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpzrecurse ns2
 
     sleep 1
 
@@ -122,7 +122,7 @@ for mode in native dnsrps; do
       continue
     fi
     echo_i "attempting to configure servers with DNSRPS..."
-    $PERL $SYSTEMTESTTOP/stop.pl rpzrecurse
+    $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpzrecurse
     $SHELL ./setup.sh -N -D $DEBUG
     sed -n 's/^## //p' dnsrps.conf | cat_i
     if grep '^#fail' dnsrps.conf >/dev/null; then

bin/tests/system/rrl/tests.sh

@@ -82,7 +82,10 @@ burst () {
         DOMS="$DOMS $BURST_DOM"
     done
     ARGS="+nocookie +continue +time=1 +tries=1 -p ${PORT} $* @$ns2 $DOMS"
-    $MDIG $ARGS 2>&1 | tee -a full-$FILENAME | sed -n -e '/^;; AUTHORITY/,/^$/d'			\
+    $MDIG $ARGS 2>&1 |                                                  \
+        tr -d '\r' |                                                    \
+        tee -a full-$FILENAME |                                         \
+        sed -n -e '/^;; AUTHORITY/,/^$/d'			        \
 		-e '/^;; ADDITIONAL/,/^$/d'				\
 		-e 's/^[^;].*	\([^	 ]\{1,\}\)$/\1/p'		\
 		-e 's/;; flags.* tc .*/TC/p'				\
@@ -146,8 +149,9 @@ ckstats () {
     LABEL="$1"; shift
     TYPE="$1"; shift
     EXPECTED="$1"; shift
-    C=`sed -n -e "s/[	 ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p"  \
-	    ns2/named.stats | tail -1`
+    C=`tr -d '\r' < ns2/named.stats |
+        sed -n -e "s/[	 ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p" |
+        tail -1`
     C=`expr 0$C + 0`
     
     range "$C" $EXPECTED 1 ||

bin/tests/system/sfcache/ns1/root.db.in

@@ -20,3 +20,5 @@ a.root-servers.nil.	A	10.53.0.1
 
 example.		NS	ns2.example.
 ns2.example.		A	10.53.0.2
+example2.		NS	ns2.example2.
+ns2.example2.		A	10.53.0.2

bin/tests/system/sfcache/tests.sh

@@ -10,6 +10,7 @@
 # information regarding copyright ownership.
 
 # shellcheck source=conf.sh
+SYSTEMTESTTOP=..
 . "$SYSTEMTESTTOP/conf.sh"
 
 set -e
@@ -58,20 +59,20 @@ n=$((n+1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
-echo_i "disabling server to force non-dnssec SERVFAIL"
-"$PERL" "$SYSTEMTESTTOP/stop.pl" --use-rndc --port "${CONTROLPORT}" sfcache ns2
+echo_i "switching to non-dnssec SERVFAIL tests"
+ret=0
+rndc_with_opts 10.53.0.5 flush 2>&1 | sed 's/^/I:ns5 /'
+rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
 awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db
 echo_i "checking SERVFAIL is cached ($n)"
-ret=0
-dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
-rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
-# shellcheck disable=SC2034
+dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
 for i in 1 2 3 4 5 6 7 8 9 10; do
+    rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
+    sleep 1
     awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
     [ -s "sfcache.$n" ] && break
-    sleep 1
 done
-grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1
+grep "^; bar.example2/A" sfcache.$n > /dev/null || ret=1
 n=$((n+1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -79,17 +80,17 @@ status=$((status+ret))
 echo_i "checking SERVFAIL is returned from cache ($n)"
 ret=0
 nextpart ns5/named.run > /dev/null
-dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
 nextpart ns5/named.run > ns5/named.run.part$n
-grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1
+grep 'servfail cache hit bar.example2/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1
 n=$((n+1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
 echo_i "checking cache is bypassed with +cd query ($n)"
 ret=0
-dig_with_opts +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +cd bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
 nextpart ns5/named.run > ns5/named.run.part$n
 grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1
@@ -99,10 +100,10 @@ status=$((status+ret))
 
 echo_i "checking cache is used for subsequent +cd query ($n)"
 ret=0
-dig_with_opts +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +dnssec bar.example2. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
 grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
 nextpart ns5/named.run > ns5/named.run.part$n
-grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1
+grep 'servfail cache hit bar.example2/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1
 n=$((n+1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

bin/tests/system/statistics/tests.sh

@@ -69,9 +69,10 @@ echo_i "dumping initial stats for ns3 ($n)"
 rm -f ns3/named.stats
 $RNDCCMD -s 10.53.0.3 stats > /dev/null 2>&1
 [ -f ns3/named.stats ] || ret=1
-[ "$CYGWIN" ] || \
-nsock0nstat=`grep "UDP/IPv4 sockets active" ns3/named.stats | awk '{print $1}'`
-[ 0 -ne ${nsock0nstat:-0} ] || ret=1
+if [ ! "$CYGWIN" ]; then
+    nsock0nstat=`grep "UDP/IPv4 sockets active" ns3/named.stats | awk '{print $1}'`
+    [ 0 -ne ${nsock0nstat:-0} ] || ret=1
+fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 n=`expr $n + 1`

bin/tests/system/stop.pl

@@ -106,17 +106,22 @@ foreach my $name (@ns) {
 @ns = wait_for_servers(60, @ns);
 
 foreach my $name(@ans) {
-	stop_signal($name, "TERM");
+	stop_signal($name, "TERM", 1);
 }
 
 @ans = wait_for_servers(60, @ans);
 
 # Pass 3: SIGABRT
-foreach my $name (@ns, @ans) {
+foreach my $name (@ns) {
 	print "I:$test:$name didn't die when sent a SIGTERM\n";
 	stop_signal($name, "ABRT");
 	$errors = 1;
 }
+foreach my $name (@ans) {
+	print "I:$test:$name didn't die when sent a SIGTERM\n";
+	stop_signal($name, "ABRT", 1);
+	$errors = 1;
+}
 
 exit($errors);
 
@@ -184,11 +189,15 @@ sub server_died {
 }
 
 sub send_signal {
-	my ( $signal, $pid ) = @_;
+	my ( $signal, $pid, $ans ) = @_;
+
+	if (! defined $ans) {
+		$ans = 0;
+	}
 
 	my $result = 0;
 
-	if ($^O eq 'cygwin' || $^O eq 'msys') {
+	if (!$ans && ($^O eq 'cygwin' || $^O eq 'msys')) {
 		my $killout = `/bin/kill -f -$signal $pid 2>&1`;
 		chomp($killout);
 		$result = 1 if ($killout eq '');
@@ -200,7 +209,10 @@ sub send_signal {
 
 # Stop a server by sending a signal to it.
 sub stop_signal {
-	my ( $server, $signal ) = @_;
+	my ( $server, $signal, $ans ) = @_;
+	if (! defined $ans) {
+		$ans = 0;
+	}
 
 	my $pid_file = server_pid_file($server);
 	my $pid = read_pid($pid_file);
@@ -208,7 +220,7 @@ sub stop_signal {
 	return unless defined($pid);
 
 	# Send signal to the server, and bail out if signal can't be sent
-	if (send_signal($signal, $pid) != 1) {
+	if (send_signal($signal, $pid, $ans) != 1) {
 		server_died($server, $signal);
 		return;
 	}

bin/tests/system/synthfromdnssec/tests.sh

@@ -10,6 +10,7 @@
 # information regarding copyright ownership.
 
 # shellcheck source=conf.sh
+SYSTEMTESTTOP=..
 . "$SYSTEMTESTTOP/conf.sh"
 
 set -e

bin/tests/system/ttl/clean.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-. ../conf.sh
+. $SYSTEMTESTTOP/conf.sh
 
 rm -f ./dig.out.*
 rm -f ./*/named.conf

bin/tests/system/ttl/setup.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-. ../conf.sh
+. $SYSTEMTESTTOP/conf.sh
 
 $SHELL clean.sh
 copy_setports ns1/named.conf.in ns1/named.conf

bin/tests/system/ttl/tests.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-. ../conf.sh
+. $SYSTEMTESTTOP/conf.sh
 
 dig_with_options() { "$DIG" +noadd +nosea +nostat +noquest +nocomm +nocmd -p "${PORT}" "$@"; }
 

util/copyrights

@@ -126,6 +126,9 @@
 ./bin/dnssec/dnssec-verify.html			HTML	DOCBOOK
 ./bin/dnssec/dnssectool.c			C	2000,2001,2003,2004,2005,2007,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019
 ./bin/dnssec/dnssectool.h			C	2000,2001,2003,2004,2007,2008,2009,2010,2011,2012,2014,2015,2016,2017,2018,2019
+./bin/dnssec/win32/cds.vcxproj.filters.in	X	2019
+./bin/dnssec/win32/cds.vcxproj.in		X	2019
+./bin/dnssec/win32/cds.vcxproj.user		X	2019
 ./bin/dnssec/win32/dnssectool.vcxproj.filters.in	X	2013,2015,2018,2019
 ./bin/dnssec/win32/dnssectool.vcxproj.in	X	2013,2014,2015,2016,2017,2018,2019
 ./bin/dnssec/win32/dnssectool.vcxproj.user	X	2013,2018,2019

win32utils/Configure

@@ -70,6 +70,8 @@ my @projectlist = ("..\\bin\\check\\win32\\checkconf.vcxproj",
                    "..\\bin\\dig\\win32\\host.vcxproj.filters",
                    "..\\bin\\dig\\win32\\nslookup.vcxproj",
                    "..\\bin\\dig\\win32\\nslookup.vcxproj.filters",
+                   "..\\bin\\dnssec\\win32\\cds.vcxproj",
+                   "..\\bin\\dnssec\\win32\\cds.vcxproj.filters",
                    "..\\bin\\dnssec\\win32\\dnssectool.vcxproj",
                    "..\\bin\\dnssec\\win32\\dnssectool.vcxproj.filters",
                    "..\\bin\\dnssec\\win32\\dsfromkey.vcxproj",

win32utils/bind9.sln.in

@@ -284,6 +284,14 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "signzone", "..\bin\dnssec\w
 		{2CB7DC75-023B-4AA3-AF3A-AE5046A4EE70} = {2CB7DC75-023B-4AA3-AF3A-AE5046A4EE70}
 	EndProjectSection
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cds", "..\bin\dnssec\win32\cds.vcxproj", "{0EB1727E-2BBD-47A6-AD12-418F9DEB0531}"
+	ProjectSection(ProjectDependencies) = postProject
+		{A3F71D12-F38A-4C77-8D87-8E8854CA74A1} = {A3F71D12-F38A-4C77-8D87-8E8854CA74A1}
+		{3840E563-D180-4761-AA9C-E6155F02EAFF} = {3840E563-D180-4761-AA9C-E6155F02EAFF}
+		{5FEBFD4E-CCB0-48B9-B733-E15EEB85C16A} = {5FEBFD4E-CCB0-48B9-B733-E15EEB85C16A}
+		{2CB7DC75-023B-4AA3-AF3A-AE5046A4EE70} = {2CB7DC75-023B-4AA3-AF3A-AE5046A4EE70}
+	EndProjectSection
+EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "keyfromlabel", "..\bin\dnssec\win32\keyfromlabel.vcxproj", "{17455DC6-5FBB-47C3-8F44-7DB574A188D3}"
 	ProjectSection(ProjectDependencies) = postProject
 		{A3F71D12-F38A-4C77-8D87-8E8854CA74A1} = {A3F71D12-F38A-4C77-8D87-8E8854CA74A1}