Check dig's exist status

(cherry picked from commit 701ad350f8)
2026-05-28 04:34:54 -04:00 · 2023-09-04 15:16:42 +10:00 · 2023-09-04 15:16:42 +10:00 · c6cfc75a96
commit c6cfc75a96
parent 29b8fd8f11
11 changed files with 172 additions and 164 deletions
--- a/bin/tests/system/builtin/tests.sh
+++ b/bin/tests/system/builtin/tests.sh
@ -183,35 +183,35 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
 n=$((n + 1))
 ret=0
 echo_i "Checking that default version works for query ($n)"
-$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n
+$DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n || ret=1
 grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that custom version works for query ($n)"
-$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n
+$DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n || ret=1
 grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that default hostname works for query ($n)"
-$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n
+$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n || ret=1
 grep "^\"$HOST_NAME\"$" dig.out.ns1.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that custom hostname works for query ($n)"
-$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n
+$DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n || ret=1
 grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that default server-id is none for query ($n)"
-$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n
+$DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n || ret=1
 grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
 grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
@ -219,28 +219,28 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi
 n=$((n + 1))
 ret=0
 echo_i "Checking that server-id hostname works for query ($n)"
-$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n
+$DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n || ret=1
 grep "^\"$HOST_NAME\"$" dig.out.ns2.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)"
-$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n
+$DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n || ret=1
 grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that custom server-id works for query ($n)"
-$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n
+$DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n || ret=1
 grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

 n=$((n + 1))
 ret=0
 echo_i "Checking that custom server-id works for EDNS name server ID request ($n)"
-$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n
+$DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n || ret=1
 grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi

--- a/bin/tests/system/cacheclean/tests.sh
+++ b/bin/tests/system/cacheclean/tests.sh
@ -252,7 +252,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "check expire option returned from primary zone ($n)"
 ret=0
-$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire
+$DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire || ret=1
 grep EXPIRE: dig.out.expire > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -260,7 +260,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "check expire option returned from secondary zone ($n)"
 ret=0
-$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire
+$DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire || ret=1
 grep EXPIRE: dig.out.expire > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
--- a/bin/tests/system/case/tests.sh
+++ b/bin/tests/system/case/tests.sh
@ -31,13 +31,13 @@ echo_i "waiting for zone transfer to complete ($n)"
 ret=0
 for i in 1 2 3 4 5 6 7 8 9
 do
-	$DIG $DIGOPTS soa example. @10.53.0.2 > dig.ns2.test$n
+	$DIG $DIGOPTS soa example. @10.53.0.2 > dig.ns2.test$n || true
 	grep SOA dig.ns2.test$n > /dev/null && break
 	sleep 1
 done
 for i in 1 2 3 4 5 6 7 8 9
 do
-	$DIG $DIGOPTS soa dynamic. @10.53.0.2 > dig.ns2.test$n
+	$DIG $DIGOPTS soa dynamic. @10.53.0.2 > dig.ns2.test$n || true
 	grep SOA dig.ns2.test$n > /dev/null && break
 	sleep 1
 done
@ -45,7 +45,7 @@ done
 n=$((n + 1))
 echo_i "testing case preserving responses - no acl ($n)"
 ret=0
-$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n || ret=1
 grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
 grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1
 test $ret -eq 0 || echo_i "failed"
@ -56,12 +56,12 @@ echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)"
 ret=0

 # check that we preserve zone case for non-matching query (10.53.0.1)
-$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS mx example. -b 10.53.0.1 @10.53.0.1 > dig.ns1.test$n || ret=1
 grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1
 grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1

 # check that we don't preserve zone case for match (10.53.0.2)
-$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS mx example. -b 10.53.0.2 @10.53.0.2 > dig.ns2.test$n || ret=1
 grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1
 grep "mail.example" dig.ns2.test$n > /dev/null || ret=1

@ -71,7 +71,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)"
 ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n || ret=1
 digcomp dig.ns1.test$n dynamic.good || ret=1

 test $ret -eq 0 || echo_i "failed"
@ -80,7 +80,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)"
 ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n || ret=1
 digcomp dig.ns2.test$n dynamic.good || ret=1

 test $ret -eq 0 || echo_i "failed"
@ -94,7 +94,7 @@ zone dynamic
 update add dYNAMIc 0 SOA mname1. . 2000042408 20 20 1814400 3600
 send
 EOF
-$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n || ret=1
 digcomp dig.ns1.test$n postupdate.good || ret=1

 test $ret -eq 0 || echo_i "failed"
@ -111,7 +111,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "check SOA owner case is transferred to secondary ($n)"
 ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n || ret=1
 digcomp dig.ns2.test$n postupdate.good || ret=1

 test $ret -eq 0 || echo_i "failed"
@ -126,7 +126,7 @@ zone dynamic
 update add Ns1.DyNaMIC. 300 IN A 10.53.0.1
 send
 EOF
-$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n || ret=1
 digcomp dig.ns1.test$n postns1.good || ret=1

 test $ret -eq 0 || echo_i "failed"
@ -143,7 +143,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "check A owner case is transferred to secondary ($n)"
 ret=0
-$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n
+$DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n || ret=1
 digcomp dig.ns2.test$n postns1.good || ret=1
 status=$((status + ret))

--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@ -1152,7 +1152,7 @@ status=$((status+ret))
 n=$((n+1))
 echo_i "checking that dom8.example. is not AXFR accessible from 10.53.0.1 ($n)"
 ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n || ret=1
 grep "Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -1160,7 +1160,7 @@ status=$((status+ret))
 n=$((n+1))
 echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)"
 ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n || ret=1
 grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -1199,7 +1199,7 @@ status=$((status+ret))
 n=$((n+1))
 echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.1 ($n)"
 ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.1 > dig.out.test$n || ret=1
 grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -1207,7 +1207,7 @@ status=$((status+ret))
 n=$((n+1))
 echo_i "checking that dom8.example. is AXFR accessible from 10.53.0.2 ($n)"
 ret=0
-dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n
+dig_with_opts @10.53.0.2 axfr dom8.example. -b 10.53.0.2 > dig.out.test$n || ret=1
 grep -v "Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@ -60,7 +60,7 @@ done
 n=$((n + 1))
 echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)"
 ret=0
-$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n
+$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n || ret=1
 grep COOKIE: dig.out.test$n > /dev/null && ret=1
 grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -69,7 +69,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)"
 ret=0
-$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
+$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n || ret=1
 grep COOKIE: dig.out.test$n > /dev/null || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -78,7 +78,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking COOKIE token is returned to empty COOKIE option ($n)"
 ret=0
-$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
+$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n || ret=1
 grep COOKIE: dig.out.test$n > /dev/null || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -87,7 +87,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking COOKIE is not returned when answer-cookie is false ($n)"
 ret=0
-$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n
+$DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n || ret=1
 grep COOKIE: dig.out.test$n > /dev/null && ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -96,7 +96,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking response size without COOKIE ($n)"
 ret=0
-$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n || ret=1
 havetc dig.out.test$n || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -104,7 +104,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking response size without valid COOKIE ($n)"
 ret=0
-$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n || ret=1
 havetc dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -113,9 +113,9 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking response size with COOKIE ($n)"
 ret=0
-$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l
+$DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l || ret=1
 cookie=$(getcookie dig.out.test$n.l)
-$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n || ret=1
 havetc dig.out.test$n && ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -124,7 +124,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking response size with COOKIE recursive ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n || ret=1
 havetc dig.out.test$n && ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -133,7 +133,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking COOKIE is learnt for TCP retry ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n || ret=1
 linecount=$(getcookie dig.out.test$n | wc -l)
 if [ $linecount != 3 ]; then ret=1; fi
 checkfull=$(getcookie dig.out.test$n | fullcookie)
@ -152,7 +152,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking require-server-cookie default (no) ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n || ret=1
 grep BADCOOKIE dig.out.test$n > /dev/null && ret=1
 linecount=$(getcookie dig.out.test$n | wc -l)
 if [ $linecount != 2 ]; then ret=1; fi
@ -162,7 +162,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking require-server-cookie yes ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n || ret=1
 grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1
 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
@ -174,7 +174,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking +qr +showbadcookie ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n || ret=1
 noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
 badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
 server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
@ -191,7 +191,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking +showbadcookie ($n)"
 ret=0
-$DIG $DIGOPTS +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n
+$DIG $DIGOPTS +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n || ret=1
 noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l)
 badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l)
 server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l)
@ -208,7 +208,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking require-server-cookie yes with rate-limit ($n)"
 ret=0
-$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n
+$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n || ret=1
 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1
 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
 linecount=$(getcookie dig.out.test$n | wc -l)
@ -260,7 +260,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "get NS4 cookie for cross server checking ($n)"
 ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 ns4cookie=$(getcookie dig.out.test$n)
 test -n "$ns4cookie" || ret=1
@ -270,7 +270,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "get NS5 cookie for cross server checking ($n)"
 ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 ns5cookie=$(getcookie dig.out.test$n)
 test -n "$ns5cookie" || ret=1
@ -280,7 +280,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "get NS6 cookie for cross server checking ($n)"
 ret=0
-$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n
+$DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 ns6cookie=$(getcookie dig.out.test$n)
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -289,7 +289,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS4 cookie on NS5 (expect success) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -298,7 +298,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -307,7 +307,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS5 cookie on NS4 (expect success) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -316,7 +316,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -325,7 +325,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -334,7 +334,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "test NS6 cookie on NS5 (expect success) ($n)"
 ret=0
-$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n
+$DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n || ret=1
 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1
 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -345,28 +345,28 @@ echo_i "check that test server is correctly configured ($n)"
 ret=0
 pat="; COOKIE: ................................ (good)"
 #UDP
-$DIG $DIGOPTS @10.53.0.9 +notcp tld > dig.out.test$n.1
+$DIG $DIGOPTS @10.53.0.9 +notcp tld > dig.out.test$n.1 || ret=1
 grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
 grep "$pat" dig.out.test$n.1 > /dev/null || ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.1 > /dev/null || ret=1
 grep 'A.10\.53\.0\.10' dig.out.test$n.1 > /dev/null && ret=1
 grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1

-$DIG $DIGOPTS @10.53.0.9 +notcp tcponly.tld > dig.out.test$n.2
+$DIG $DIGOPTS @10.53.0.9 +notcp tcponly.tld > dig.out.test$n.2 || ret=1
 grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
 grep "; COOKIE:" dig.out.test$n.2 > /dev/null && ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
 grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null  || ret=1
 grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1

-$DIG $DIGOPTS @10.53.0.9 +notcp nocookie.tld > dig.out.test$n.3
+$DIG $DIGOPTS @10.53.0.9 +notcp nocookie.tld > dig.out.test$n.3 || ret=1
 grep "status: NOERROR" dig.out.test$n.3 > /dev/null || ret=1
 grep "; COOKIE:" dig.out.test$n.3 > /dev/null && ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.3 > /dev/null || ret=1
 grep 'A.10\.53\.0\.10' dig.out.test$n.3 > /dev/null  || ret=1
 grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.1 > /dev/null && ret=1

-$DIG $DIGOPTS @10.53.0.9 +notcp withtsig.tld > dig.out.test$n.4
+$DIG $DIGOPTS @10.53.0.9 +notcp withtsig.tld > dig.out.test$n.4 || ret=1
 grep "status: NOERROR" dig.out.test$n.4 > /dev/null || ret=1
 grep "; COOKIE:" dig.out.test$n.4 > /dev/null && ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.4 > /dev/null || ret=1
@ -374,7 +374,7 @@ grep 'A.10\.53\.0\.10' dig.out.test$n.4 > /dev/null || ret=1
 grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.4 > /dev/null || ret=1

 #TCP
-$DIG $DIGOPTS @10.53.0.9 +tcp tld > dig.out.test$n.5
+$DIG $DIGOPTS @10.53.0.9 +tcp tld > dig.out.test$n.5 || ret=1
 grep "status: NOERROR" dig.out.test$n.5 > /dev/null || ret=1
 grep "$pat" dig.out.test$n.5 > /dev/null || ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.5 > /dev/null || ret=1
@ -411,13 +411,13 @@ ret=0
 msg="missing expected cookie from"
 pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
 # prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
+$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1 || ret=1
 grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
 rndc_dumpdb ns1
 grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
 # spoofed response contains 10.53.0.10
 nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 tcponly.tld > dig.out.test$n.2
+$DIG $DIGOPTS @10.53.0.1 tcponly.tld > dig.out.test$n.2 || ret=1
 wait_for_log 5 "$msg" ns1/named.run || ret=1
 grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
@ -431,7 +431,7 @@ ret=0
 msg="missing expected cookie from"
 pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
 # prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
+$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1 || ret=1
 grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
 rndc_dumpdb ns1
 grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
@ -450,13 +450,13 @@ echo_i "check that spoofed response with a TSIG is dropped when we have a server
 ret=0
 pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl'
 # prime EDNS COOKIE state
-$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1
+$DIG $DIGOPTS @10.53.0.1 tld > dig.out.test$n.1 || ret=1
 grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
 rndc_dumpdb ns1
 grep "$pat" ns1/named_dump.db.test$n > /dev/null || ret=1
 # spoofed response contains 10.53.0.10
 nextpart ns1/named.run >/dev/null
-$DIG $DIGOPTS @10.53.0.1 withtsig.tld > dig.out.test$n.2
+$DIG $DIGOPTS @10.53.0.1 withtsig.tld > dig.out.test$n.2 || ret=1
 grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
 grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
 grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1
@ -478,21 +478,21 @@ then
  pat="; COOKIE: ................................ (good)"
  key=hmac-sha256:foo:aaaaaaaaaaaa
  #UDP
-  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
+  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1 || ret=1
  grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
  grep "$pat" dig.out.test$n.1 > /dev/null || ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.1 > /dev/null || ret=1
  grep 'A.10\.53\.0\.10' dig.out.test$n.1 > /dev/null && ret=1
  grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1

-  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tcponly.tsig > dig.out.test$n.2
+  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tcponly.tsig > dig.out.test$n.2 || ret=1
  grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1
  grep "; COOKIE:" dig.out.test$n.2 > /dev/null && ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1
  grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null  || ret=1
  grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1

-  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp nocookie.tsig > dig.out.test$n.3
+  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp nocookie.tsig > dig.out.test$n.3 || ret=1
  grep "status: NOERROR" dig.out.test$n.3 > /dev/null || ret=1
  grep "; COOKIE:" dig.out.test$n.3 > /dev/null && ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.3 > /dev/null || ret=1
@ -500,21 +500,21 @@ then
  grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1

  #TCP
-  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tsig. > dig.out.test$n.5
+  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tsig. > dig.out.test$n.5 || ret=1
  grep "status: NOERROR" dig.out.test$n.5 > /dev/null || ret=1
  grep "$pat" dig.out.test$n.5 > /dev/null || ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.5 > /dev/null || ret=1
  grep 'A.10\.53\.0\.10' dig.out.test$n.5 > /dev/null && ret=1
  grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1

-  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tcponly.tsig > dig.out.test$n.6
+  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp tcponly.tsig > dig.out.test$n.6 || ret=1
  grep "status: NOERROR" dig.out.test$n.6 > /dev/null || ret=1
  grep "$pat" dig.out.test$n.6 > /dev/null || ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.6 > /dev/null || ret=1
  grep 'A.10\.53\.0\.10' dig.out.test$n.6 > /dev/null && ret=1
  grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1

-  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp nocookie.tsig > dig.out.test$n.7
+  $DIG $DIGOPTS @10.53.0.10 -y $key +tcp nocookie.tsig > dig.out.test$n.7 || ret=1
  grep "status: NOERROR" dig.out.test$n.7 > /dev/null || ret=1
  grep "; COOKIE:" dig.out.test$n.7 > /dev/null && ret=1
  grep 'A.10\.53\.0\.9' dig.out.test$n.7 > /dev/null || ret=1
--- a/bin/tests/system/dlzexternal/tests.sh
+++ b/bin/tests/system/dlzexternal/tests.sh
@ -70,7 +70,7 @@ test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fai
 status=$((status + ret))

 newtest "testing nxrrset"
-$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n
+$DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n || ret=1
 grep "status: NOERROR" dig.out.$n > /dev/null || ret=1
 grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1
 status=$((status + ret))
@ -111,47 +111,47 @@ test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
 status=$((status + ret))

 newtest "testing AXFR from DLZ drivers"
-$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n
+$DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n || ret=1
 lines=$(cat dig.out.example.ns1.test$n | wc -l)
 [ ${lines:-0} -eq 4 ] || ret=1
-$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
+$DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n || ret=1
 lines=$(cat dig.out.alternate.ns1.test$n | wc -l)
 [ ${lines:-0} -eq 5 ] || ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))

 newtest "testing AXFR denied from DLZ drivers"
-$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n
+$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n || ret=1
 grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1
-$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n
+$DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n || ret=1
 grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))

 newtest "testing AXFR denied based on view ACL"
 # 10.53.0.1 should be disallowed
-$DIG $DIGOPTS -b 10.53.0.1 +noall +answer axfr example.org > dig.out.example.ns1.test$n.1
+$DIG $DIGOPTS -b 10.53.0.1 +noall +answer axfr example.org > dig.out.example.ns1.test$n.1 || ret=1
 grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1
 # 10.53.0.2 should be allowed
-$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2
+$DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2 || ret=1
 grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))

 newtest "testing unsearched/unregistered DLZ zone is not found"
-$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n
+$DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n || ret=1
 grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))

 newtest "testing unsearched/registered DLZ zone is found"
-$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
+$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n || ret=1
 grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))

 newtest "testing unsearched/registered DLZ zone is found"
-$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n
+$DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n || ret=1
 grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1
 [ "$ret" -eq 0 ] || echo_i "failed"
 status=$((status + ret))
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@ -2967,7 +2967,7 @@ status=$((status+ret))
 echo_i "testing legacy upper case signer name validation ($n)"
 ret=0
 $DIG +tcp +noadd +noauth +dnssec -p "$PORT" soa upper.example @10.53.0.4 \
-        > dig.out.ns4.test$n 2>&1
+        > dig.out.ns4.test$n 2>&1 || ret=1
 grep "flags:.* ad;" dig.out.ns4.test$n > /dev/null || ret=1
 grep "RRSIG.*SOA.* UPPER\\.EXAMPLE\\. " dig.out.ns4.test$n > /dev/null || ret=1
 n=$((n+1))
@ -2977,7 +2977,7 @@ status=$((status+ret))
 echo_i "testing that we lower case signer name ($n)"
 ret=0
 $DIG +tcp +noadd +noauth +dnssec -p "$PORT" soa LOWER.EXAMPLE @10.53.0.4 \
-        > dig.out.ns4.test$n 2>&1
+        > dig.out.ns4.test$n 2>&1 || ret=1
 grep "flags:.* ad;" dig.out.ns4.test$n > /dev/null || ret=1
 grep "RRSIG.*SOA.* lower\\.example\\. " dig.out.ns4.test$n > /dev/null || ret=1
 n=$((n+1))
@ -3277,11 +3277,11 @@ if [ -x "$PYTHON" ]; then
    # convert expiry date to a comma-separated list of integers python can
    # use as input to date(). strip leading 0s in months and days so
    # python3 will recognize them as integers.
-    $DIG +dnssec +short -p "$PORT" @10.53.0.3 soa siginterval.example > dig.out.soa.test$n
+    $DIG +dnssec +short -p "$PORT" @10.53.0.3 soa siginterval.example > dig.out.soa.test$n || ret=1
    soaexpire=$(awk '$1 ~ /SOA/ { print $5 }' dig.out.soa.test$n |
 	       sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' |
 	       sed 's/ 0/ /g')
-    $DIG +dnssec +short -p "$PORT" @10.53.0.3 dnskey siginterval.example > dig.out.dnskey.test$n
+    $DIG +dnssec +short -p "$PORT" @10.53.0.3 dnskey siginterval.example > dig.out.dnskey.test$n || ret=1
    dnskeyexpire=$(awk '$1 ~ /DNSKEY/ { print $5; exit 0 }' dig.out.dnskey.test$n |
 		  sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' |
 		  sed 's/ 0/ /g')
--- a/bin/tests/system/dnstap/tests.sh
+++ b/bin/tests/system/dnstap/tests.sh
@ -69,8 +69,12 @@ status=$((status + ret))
 # need to complete before reopening/rolling for the counts to
 # be correct.

-$DIG $DIGOPTS @10.53.0.3 a.example > dig.out
+echo_i "prime cache"
+ret=0
+$DIG $DIGOPTS @10.53.0.3 a.example > dig.out || true
 wait_for_log 20 "(.): reset client" ns1/named.run || true
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))

 # check three different dnstap reopen/roll methods:
 # ns1: dnstap-reopen; ns2: dnstap -reopen; ns3: dnstap -roll
@ -88,12 +92,16 @@ if [ -n "$FSTRM_CAPTURE" ] ; then
 	status=$((status + ret))
 fi

+echo_i "reopen/roll capture streams"
+ret=0
 $RNDCCMD -s 10.53.0.1 dnstap-reopen | sed 's/^/ns1 /' | cat_i
 $RNDCCMD -s 10.53.0.2 dnstap -reopen | sed 's/^/ns2 /' | cat_i
 $RNDCCMD -s 10.53.0.3 dnstap -roll | sed 's/^/ns3 /' | cat_i
 $RNDCCMD -s 10.53.0.4 dnstap -reopen | sed 's/^/ns4 /' | cat_i

-$DIG $DIGOPTS @10.53.0.3 a.example > dig.out
+echo_i "send test traffic"
+ret=0
+$DIG $DIGOPTS @10.53.0.3 a.example > dig.out || ret=1

 # send an UPDATE to ns2
 $NSUPDATE <<- EOF
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@ -256,7 +256,7 @@ status=$((status+ret))
 n=$((n + 1))
 echo_i "checking DoT query (ephemeral key) ($n)"
 ret=0
-dig_with_tls_opts @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -264,7 +264,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query via IPv6 (ephemeral key) ($n)"
 ret=0
-dig_with_tls_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_tls_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -272,7 +272,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (static key) ($n)"
 ret=0
-dig_with_tls_opts @10.53.0.2 example SOA > dig.out.test$n
+dig_with_tls_opts @10.53.0.2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -280,7 +280,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query via IPv6 (static key) ($n)"
 ret=0
-dig_with_tls_opts -6 @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n
+dig_with_tls_opts -6 @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -288,7 +288,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT XFR ($n)"
 ret=0
-dig_with_tls_opts +comm @10.53.0.1 . AXFR > dig.out.test$n
+dig_with_tls_opts +comm @10.53.0.1 . AXFR > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -306,7 +306,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking Do53 query ($n)"
 ret=0
-dig_with_opts @10.53.0.1 example SOA > dig.out.test$n
+dig_with_opts @10.53.0.1 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -340,7 +340,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST) ($n)"
 ret=0
-dig_with_https_opts +stat @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +stat @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -349,7 +349,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (POST) ($n)"
 ret=0
-dig_with_https_opts +stat -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts +stat -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -358,7 +358,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST, static key) ($n)"
 ret=0
-dig_with_https_opts @10.53.0.2 example SOA > dig.out.test$n
+dig_with_https_opts @10.53.0.2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -366,7 +366,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (POST, static key) ($n)"
 ret=0
-dig_with_https_opts -6 @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n
+dig_with_https_opts -6 @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -374,7 +374,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST, nonstandard endpoint) ($n)"
 ret=0
-dig_with_https_opts +https=/alter @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +https=/alter @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -382,7 +382,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (POST, nonstandard endpoint) ($n)"
 ret=0
-dig_with_https_opts -6 +https=/alter @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts -6 +https=/alter @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -406,7 +406,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH XFR (POST) (failure expected) ($n)"
 ret=0
-dig_with_https_opts +comm @10.53.0.1 . AXFR > dig.out.test$n
+dig_with_https_opts +comm @10.53.0.1 . AXFR > dig.out.test$n || ret=1
 grep "; Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -414,7 +414,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (GET) ($n)"
 ret=0
-dig_with_https_opts +stat +https-get @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +stat +https-get @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -423,7 +423,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (GET) ($n)"
 ret=0
-dig_with_https_opts -6 +stat +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts -6 +stat +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -432,7 +432,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (GET, static key) ($n)"
 ret=0
-dig_with_https_opts +https-get @10.53.0.2 example SOA > dig.out.test$n
+dig_with_https_opts +https-get @10.53.0.2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -440,7 +440,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (GET, static key) ($n)"
 ret=0
-dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n
+dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::2 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -448,7 +448,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (GET, nonstandard endpoint) ($n)"
 ret=0
-dig_with_https_opts +https-get=/alter @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +https-get=/alter @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -456,7 +456,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (GET, nonstandard endpoint) ($n)"
 ret=0
-dig_with_https_opts -6 +https-get=/alter @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts -6 +https-get=/alter @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -480,7 +480,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH XFR (GET) (failure expected) ($n)"
 ret=0
-dig_with_https_opts +https-get +comm @10.53.0.1 . AXFR > dig.out.test$n
+dig_with_https_opts +https-get +comm @10.53.0.1 . AXFR > dig.out.test$n || ret=1
 grep "; Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -488,7 +488,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query (POST) ($n)"
 ret=0
-dig_with_http_opts +stat @10.53.0.1 . SOA > dig.out.test$n
+dig_with_http_opts +stat @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -497,7 +497,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 (POST) ($n)"
 ret=0
-dig_with_http_opts -6 +stat @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_http_opts -6 +stat @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -506,7 +506,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query (GET) ($n)"
 ret=0
-dig_with_http_opts +stat +http-plain-get @10.53.0.1 . SOA > dig.out.test$n
+dig_with_http_opts +stat +http-plain-get @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -515,7 +515,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 (GET) ($n)"
 ret=0
-dig_with_http_opts -6 +stat +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_http_opts -6 +stat +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -524,7 +524,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH XFR (failure expected) ($n)"
 ret=0
-dig_with_http_opts +comm @10.53.0.1 . AXFR > dig.out.test$n
+dig_with_http_opts +comm @10.53.0.1 . AXFR > dig.out.test$n || ret=1
 grep "; Transfer failed." dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -532,7 +532,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query for a large answer (POST) ($n)"
 ret=0
-dig_with_https_opts @10.53.0.1 biganswer.example A > dig.out.test$n
+dig_with_https_opts @10.53.0.1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -541,7 +541,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 for a large answer (POST) ($n)"
 ret=0
-dig_with_https_opts -6 @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n
+dig_with_https_opts -6 @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -550,7 +550,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query for a large answer (GET) ($n)"
 ret=0
-dig_with_https_opts +https-get @10.53.0.1 biganswer.example A > dig.out.test$n
+dig_with_https_opts +https-get @10.53.0.1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -559,7 +559,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 for a large answer (GET) ($n)"
 ret=0
-dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n
+dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -568,7 +568,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query for a large answer (POST) ($n)"
 ret=0
-dig_with_http_opts @10.53.0.1 biganswer.example A > dig.out.test$n
+dig_with_http_opts @10.53.0.1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -577,7 +577,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 for a large answer (POST) ($n)"
 ret=0
-dig_with_http_opts -6 @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n
+dig_with_http_opts -6 @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -586,7 +586,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query for a large answer (GET) ($n)"
 ret=0
-dig_with_http_opts +http-plain-get @10.53.0.1 biganswer.example A > dig.out.test$n
+dig_with_http_opts +http-plain-get @10.53.0.1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -595,7 +595,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 for a large answer (GET) ($n)"
 ret=0
-dig_with_http_opts -6 +http-plain-get @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n
+dig_with_http_opts -6 +http-plain-get @fd92:7065:b8e:ffff::1 biganswer.example A > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
@ -618,7 +618,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query after a reconfiguration ($n)"
 ret=0
-dig_with_tls_opts @10.53.0.4 example SOA > dig.out.test$n
+dig_with_tls_opts @10.53.0.4 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -626,7 +626,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST) after a reconfiguration ($n)"
 ret=0
-dig_with_https_opts @10.53.0.4 example SOA > dig.out.test$n
+dig_with_https_opts @10.53.0.4 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -645,7 +645,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST) to verify HTTP endpoint reconfiguration ($n)"
 ret=0
-dig_with_https_opts +https='/dns-query-test' @10.53.0.4 example SOA > dig.out.test$n
+dig_with_https_opts +https='/dns-query-test' @10.53.0.4 example SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -653,7 +653,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (with TLS verification enabled) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -661,7 +661,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (with TLS verification enabled, self-signed cert, failure expected) ($n)"
 ret=0
-dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -669,7 +669,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (with TLS verification using the system's CA store, failure expected) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -677,7 +677,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (with TLS verification using the system's CA store, failure expected) ($n)"
 ret=0
-dig_with_https_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +tls-ca +tls-hostname="srv01.crt01.example.com" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -687,7 +687,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (with TLS verification, hostname is not specified, IP address is used instead) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca="$ca_file" @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts +tls-ca="$ca_file" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -698,7 +698,7 @@ if [ -n "$run_san_tests" ]; then
 	n=$((n + 1))
 	echo_i "checking DoT query (with TLS verification enabled when SubjectAltName is not set, failure expected) ($n)"
 	ret=0
-	dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" @10.53.0.1 . SOA > dig.out.test$n
+	dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" @10.53.0.1 . SOA > dig.out.test$n || ret=1
 	grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 	if [ $ret != 0 ]; then echo_i "failed"; fi
 	status=$((status + ret))
@ -707,7 +707,7 @@ if [ -n "$run_san_tests" ]; then
 	echo_i "checking DoT XFR over a TLS port where SubjectAltName is not set (failure expected) ($n)"
 	ret=0
 	# shellcheck disable=SC2086
-	dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT2}" +comm @10.53.0.1 . AXFR > dig.out.test$n
+	dig_with_tls_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT2}" +comm @10.53.0.1 . AXFR > dig.out.test$n || ret=1
 	grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 	if [ $ret != 0 ]; then echo_i "failed"; fi
 	status=$((status + ret))
@ -718,7 +718,7 @@ fi
 n=$((n + 1))
 echo_i "checking DoH query (when SubjectAltName is not set) ($n)"
 ret=0
-dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT3}" +comm @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +tls-ca="$ca_file" +tls-hostname="srv01.crt02-no-san.example.com" -p "${EXTRAPORT3}" +comm @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -726,7 +726,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (expired certificate, Opportunistic TLS) ($n)"
 ret=0
-dig_with_tls_opts +tls -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts +tls -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -734,7 +734,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoT query (expired certificate, Strict TLS, failure expected) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n
+dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT4}" +comm @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "$msg_peer_verification_failed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -742,7 +742,7 @@ status=$((status + ret))
 n=$((n+1))
 echo_i "testing XoT server functionality (using dig, client certificate required, failure expected) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n
+dig_with_tls_opts +tls-ca="$ca_file" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n || ret=1
 grep "; Transfer failed." dig.out.ns1.test$n > /dev/null || ret=1
 if test $ret != 0 ; then echo_i "failed"; fi
 status=$((status + ret))
@ -750,7 +750,7 @@ status=$((status + ret))
 n=$((n+1))
 echo_i "testing XoT server functionality (using dig, client certificate used) ($n)"
 ret=0
-dig_with_tls_opts +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n
+dig_with_tls_opts +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT5}" example8. -b 10.53.0.10 @10.53.0.1 axfr > dig.out.ns1.test$n || ret=1
 digcomp dig.out.ns1.test$n example8.axfr.good > /dev/null || ret=1
 if test $ret != 0 ; then echo_i "failed"; fi
 status=$((status + ret))
@ -767,7 +767,7 @@ n=$((n + 1))
 echo_i "checking DoH query (client certificate used) ($n)"
 ret=0
 # shellcheck disable=SC2086
-dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n || ret=1
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -777,7 +777,7 @@ n=$((n + 1))
 echo_i "checking DoH query (client certificate used - session resumption when using Mutual TLS) ($n)"
 ret=0
 # shellcheck disable=SC2086
-dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA . SOA > dig.out.test$n
+dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA . SOA > dig.out.test$n || ret=1
 grep "TLS error" dig.out.test$n > /dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@ -790,7 +790,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoH for opcode $op ($n)"
 		ret=0
-		dig_with_https_opts +https @10.53.0.1 +opcode="$op" > dig.out.test$n
+		dig_with_https_opts +https @10.53.0.1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
@ -798,7 +798,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoH via IPv6 for opcode $op ($n)"
 		ret=0
-		dig_with_https_opts -6 +https @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n
+		dig_with_https_opts -6 +https @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
@ -806,7 +806,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoH without encryption for opcode $op ($n)"
 		ret=0
-		dig_with_http_opts +http-plain @10.53.0.1 +opcode="$op" > dig.out.test$n
+		dig_with_http_opts +http-plain @10.53.0.1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
@ -814,7 +814,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoH via IPv6 without encryption for opcode $op ($n)"
 		ret=0
-		dig_with_http_opts -6 +http-plain @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n
+		dig_with_http_opts -6 +http-plain @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
@ -822,7 +822,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoT for opcode $op ($n)"
 		ret=0
-		dig_with_tls_opts +tls @10.53.0.1 +opcode="$op" > dig.out.test$n
+		dig_with_tls_opts +tls @10.53.0.1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
@ -830,7 +830,7 @@ test_opcodes() {
 		n=$((n + 1))
 		echo_i "checking unexpected opcode query over DoT via IPv6 for opcode $op ($n)"
 		ret=0
-		dig_with_tls_opts -6 +tls @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n
+		dig_with_tls_opts -6 +tls @fd92:7065:b8e:ffff::1 +opcode="$op" > dig.out.test$n || ret=1
 		grep "status: $EXPECT_STATUS" dig.out.test$n > /dev/null || ret=1
 		if [ $ret != 0 ]; then echo_i "failed"; fi
 		status=$((status + ret))
--- a/bin/tests/system/ednscompliance/tests.sh
+++ b/bin/tests/system/ednscompliance/tests.sh
@ -24,7 +24,7 @@ zone=.
 n=$((n + 1))
 echo_i "check +edns=100 sets version 100 ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n || ret=1
 grep "EDNS: version: 100," dig.out$n > /dev/null || { ret=1; reason="version"; }
 if [ $ret != 0 ]; then echo_i "failed $reason"; fi
 status=$((status + ret))
@ -32,7 +32,7 @@ status=$((status + ret))
 n=$((n + 1))
 ret=0 reason=
 echo_i "check +ednsopt=100 adds option 100 ($n)"
-$DIG $DIGOPTS  @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n || ret=1
 grep "; OPT=100" dig.out$n > /dev/null || { ret=1; reason="option"; }
 if [ $ret != 0 ]; then echo_i "failed $reason"; fi
 status=$((status + ret))
@ -40,7 +40,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "check +ednsflags=0x80 sets flags to 0x0080 ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n || ret=1
 grep "MBZ: 0x0080," dig.out$n > /dev/null || { ret=1; reason="flags"; }
 if [ $ret != 0 ]; then echo_i "failed $reason"; fi
 status=$((status + ret))
@ -48,7 +48,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; }
@ -58,7 +58,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS option ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n || ret=1
 grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
@ -69,7 +69,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version + option ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; }
@ -80,7 +80,7 @@ n=$((n + 1))

 echo_i "Unknown EDNS flag ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +ednsflags=0x80 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +ednsflags=0x80 soa $zone > dig.out$n || ret=1
 grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
@ -91,7 +91,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version + flag ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; }
@ -102,7 +102,7 @@ n=$((n + 1))

 echo_i "DiG's EDNS negotiation ($n)"
 ret=0 reason=
-$DIG $DIGOPTS  @10.53.0.1 +edns=100 soa $zone > dig.out$n
+$DIG $DIGOPTS  @10.53.0.1 +edns=100 soa $zone > dig.out$n || ret=1
 grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; }
 grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; }
 grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="soa"; }
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@ -78,7 +78,7 @@ update add text2.nil. 600 IN TXT "addition 2"
 send
 END

-$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n || ret=1
 grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -95,7 +95,7 @@ zone nil.
 update add text3.nil. 600 IN TXT "addition 3"
 send
 END
-$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n || ret=1
 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -135,7 +135,7 @@ update add text4.nil. 600 IN TXT "addition 4"
 send
 END

-$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1
 grep 'addition 4' dig.out.1.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -175,7 +175,7 @@ update add text5.nil. 600 IN TXT "addition 5"
 send
 END

-$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n || ret=1
 grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -247,11 +247,11 @@ zone other.
 update add text7.other. 600 IN TXT "addition 7"
 send
 END
-$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n || ret=1
 grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1
-$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n || ret=1
 grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1
-$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n
+$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n || ret=1
 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -290,11 +290,11 @@ zone nil.
 update add text7.nil. 600 IN TXT "addition 7"
 send
 END
-$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n || ret=1
 grep 'addition 6' dig.out.1.test$n > /dev/null || ret=1
-$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n || ret=1
 grep 'addition 7' dig.out.2.test$n > /dev/null || ret=1
-$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n
+$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n || ret=1
 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -715,7 +715,7 @@ zone example.
 update add text2.example. 600 IN TXT "addition 3"
 send
 END
-$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1
 grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -737,7 +737,7 @@ zone example.
 update add text2.example. 600 IN TXT "addition 3"
 send
 END
-$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n || ret=1
 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -746,10 +746,10 @@ n=$((n+1))
 echo_i "checking initial in-view zone file is loaded ($n)"
 ret=0
 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
-$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1
 grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
 TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
-$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1
 grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -772,7 +772,7 @@ status=$((status+ret))
 echo_i "checking update ($n)"
 ret=0
 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
-$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n || ret=1
 grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@ -802,10 +802,10 @@ n=$((n+1))
 echo_i "checking zone file edits are loaded ($n)"
 ret=0
 TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
-$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n || ret=1
 grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
 TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
-$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n || ret=1
 grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))